Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
silastec

Analisem meu Log Por Favor!!!!!

Recommended Posts

Ja algum tempo meu PC não desliga normalmente, o windows encerra a tela fica preta só com o cursor do mouse mas, não desliga.

Ontem quando liguei o PC, apenas dei uma olhada nos recados no orkut (não respondi nenhum apenas olhei), enquanto copiava um CD p o HD, quando copiava a ultima faixa o PC ficou todo estranho, Muito lento. Abri o gerenciador d tarefas, e vi o "rundll32.exe" rodando e mais alguns aplicativos q nunca tinha visto, finalizei e exclui alguns.

Apareceu no desktop 2 links, 1 com nome de "windows update" o outro "Help and Support Center", apaguei e em segundos eles voltaram. Abri suas propriedades e vi o site q eles se referem:

"http://storageprotector.com/clean/installer.php?gai=s3rk_7_i&gli=my_doc_c_open_trash&gff=68113_84c20f77+613D75964FE8474B9938E377D43E5D21" Ele tenta baixar um aplicativo chamado: setup_en.exe

e toda hora aparece umas msgs e ums balões de erro critico, e q o sistema realizou uma operação ilegal, todos em inglês, q ao clicar em OK, CANCELAR ou no X p FECHAR, ele abre uma janela do IE com este endereço:

"http://nadadevirus.com/detetor/?cmpnamegeo=brgeogav&gai=s3rk_4_p61s3rk_7_i_br_pt&gli=mypc_mydocs_winillegalmy_doc_c_open_trash&mt_info=4524_0_5581&cmpnamegeo=null" Tentando baixar um outro app estranho...

fiz todos o procedimentos pedidos no tópico oficial,

segue me u log do HijackThis v2.0.2:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:41:38, on 21/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qkkpbhgt.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

O24 - Desktop Component 0: (no name) - http://baixaki.ig.com.br/imagens/wpapers/W...uerra005800.jpg

O24 - Desktop Component 2: RapidShare: 1-Click Webhosting - http://rapidshare.com/files/54389861/Sexxx....by.P33PiNG.wmv

--

End of file - 4187 bytes

Ah! ele mudou o ícone do C: p um X vermelho!

e apareceram mais 4.000 arquivos com nome: pos1A0.tmp.... no C: e em Meus Documentos

e tod hora abre um aplicativo chamado windows q usa 99% d CPU e a memoria restant....

ele se executa por alguns min deixando o PC super lento, depois fecha.

fiz também um scan on-line no PANDA:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcbaww.dll

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ad.yieldmanager[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@adrevolver[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@adrevolver[2].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ads.addynamix[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ads.pointroll[2].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@adtech[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@adultfriendfinder[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@advertising[2].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@apmebf[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@atwola[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@azjmp[2].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@bluestreak[1].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@bravenet[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@bs.serving-sys[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@burstnet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@casalemedia[1].txt

Spyware:Cookie/Casinotropez Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@casinotropez[1].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ccbill[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@cgi-bin[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@com[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@counter13.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@counter9.sextracker[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@drivecleaner[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ehg-dig.hitbox[1].txt

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@enhance[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@errorsafe[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@fastclick[1].txt

Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@fl01.ct2.comclick[2].txt

Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@fortunecity[2].txt

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@gostats[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@go[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@hg1.hitbox[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@ig.com[1].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@landing.domainsponsor[1].txt

Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@linksynergy[2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@mediaplex[1].txt

Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@outster[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@overture[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@phg.hitbox[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@revenue[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@searchportal.information[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@server.iad.liveperson[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@serving-sys[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@spylog[1].txt

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@stat.onestat[2].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@statcounter[2].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@stats.drivecleaner[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@stats1.reliablestats[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@statse.webtrendslive[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@terra.com[1].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@toplist[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@tradedoubler[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@tribalfusion[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@uol.com[1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@xiti[2].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Felipe\Cookies\felipe@yadro[2].txt

Adware:Adware/ErrClean Not disinfected C:\Documents and Settings\Silas\Configurações locais\Temp\urclqecd.exe

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bxavnmgt.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\sbgxviag.dll

Possible Virus. Not disinfected D:\Deck\Cel\SE\Modificações\W610i\Som\FAR Manager\Plugins\SEFP\sefp0.10.0.51patch.exe

Possible Virus. Not disinfected D:\Deck\Cel\SE\Modificações\W610i\Som\FAR_Manager(CID29,36,49,51,52).rar[FAR Manager\Plugins\SEFP\sefp0.10.0.51patch.exe]

Spyware:Spyware/New.net Not disinfected D:\Soft\Net\WarezP2P.exe[NNWARZ3_88.exe]

Fiz também um scan com o Spybot, e ele encontrou "Virtumonde.dll" e "Virtumonde.generic".

Mesmo depois d corrigidos os problemas eles voltam....!

Já fiz um scan com o FxVundo e FXMonde

mas, não acharam nada!!!

Por Favor me Ajudem!!!

URGENTE!:(

Estou Desesperado!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
    http://linhadefensiva.uol.com.br/forum/ind...p?showtopic=595

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Primeirament quero te agradescer JoseMelo por estar me ajudando!!!

    ComboFix 07-12-21.4 - Silas 2007-12-22 13:21:21.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.142 [GMT -3:00]

    Executando de: C:\Documents and Settings\Silas\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\bbeeg.bak1

    C:\WINDOWS\system32\bbeeg.ini

    C:\WINDOWS\system32\ddcbaww.dll

    C:\WINDOWS\system32\elhdkxwo.exe

    C:\WINDOWS\system32\geebb.dll

    C:\WINDOWS\system32\kmllm.bak1

    C:\WINDOWS\system32\kmllm.ini

    C:\WINDOWS\system32\sorjnled.dllbox

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\LEGACY_DOMAINSERVICE

    -------\LEGACY_NM

    -------\LEGACY_NPF

    -------\DomainService

    -------\nm

    ((((((((((((((((((((((( Ficheiros criados de 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))

    .

    2007-12-22 12:30 . 2007-12-22 12:30 7,168 --a------ C:\WINDOWS\system32\windows

    2007-12-22 12:22 . 2007-12-22 12:59 <DIR> d-------- C:\VundoFix Backups

    2007-12-21 13:08 . 2007-12-21 14:49 316 --a------ C:\WINDOWS\wininit.ini

    2007-12-21 12:18 . 2007-12-21 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2007-12-21 05:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\cahwotdhufec.sys

    2007-12-21 04:06 . 2007-12-21 04:06 997,888 --a------ C:\WINDOWS\system32\2D59.tmp

    2007-12-20 23:20 . 2007-12-20 23:20 99,840 --a------ C:\WINDOWS\system32\24D4.tmp

    2007-12-20 22:59 . 2007-12-20 22:59 <DIR> d-------- C:\Arquivos de programas\CCleaner

    2007-12-20 22:54 . 2007-12-20 22:54 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2007-12-20 19:16 . 2007-07-15 02:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

    2007-12-20 19:16 . 2007-12-20 19:16 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

    2007-12-20 19:16 . 2007-07-14 23:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

    2007-12-20 18:56 . 2007-12-20 18:56 <DIR> d-------- C:\Arquivos de programas\DVD Audio Extractor

    2007-12-20 18:31 . 2007-12-20 18:31 354 ---hs---- C:\WINDOWS\system32\tgmnvaxb.ini

    2007-12-20 18:30 . 2007-12-20 18:30 165,472 --a------ C:\WINDOWS\system32\obumreks.dll

    2007-12-17 20:33 . 2007-12-17 20:33 <DIR> d-------- C:\Documents and Settings\Silas\Dados de aplicativos\Kazaa Lite

    2007-12-12 23:08 . 2007-12-12 23:11 2,530,869,404 --a------ C:\WinVista.nrg

    2007-12-12 23:06 . 2007-12-12 23:06 1,905 --a------ C:\WINDOWS\diagwrn.xml

    2007-12-12 23:06 . 2007-12-12 23:06 1,905 --a------ C:\WINDOWS\diagerr.xml

    2007-12-11 18:20 . 2007-12-11 18:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData

    2007-12-10 13:22 . 2007-12-10 13:22 <DIR> d-------- C:\Arquivos de programas\Rockstar Games

    2007-12-09 22:32 . 2007-12-09 22:32 <DIR> d-------- C:\Arquivos de programas\Mattgo27 Apps

    2007-12-01 17:21 . 2007-12-04 23:40 3,320 --a------ C:\WINDOWS\desctemp.dat

    2007-12-01 00:48 . 2007-12-01 00:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

    2007-11-28 23:36 . 2007-12-21 11:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

    2007-11-28 23:36 . 2007-12-20 23:35 30,590 --a------ C:\WINDOWS\system32\pavas.ico

    2007-11-28 23:36 . 2007-12-20 23:35 1,406 --a------ C:\WINDOWS\system32\Help.ico

    2007-11-27 21:51 . 2007-11-27 21:51 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

    2007-11-25 21:26 . 2007-11-25 21:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

    2007-11-25 20:40 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

    2007-11-25 20:40 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

    2007-11-25 20:40 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll

    2007-11-25 20:40 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

    2007-11-25 20:40 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll

    2007-11-25 20:40 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

    2007-11-25 20:40 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

    2007-11-25 20:40 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

    2007-11-25 20:14 . 2007-11-25 20:14 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

    2007-11-25 15:20 . 2007-11-25 15:22 <DIR> d-------- C:\Quake2

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-12-22 15:24 --------- d-----w C:\Documents and Settings\Silas\Dados de aplicativos\Free Download Manager

    2007-12-21 08:09 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2007-12-21 08:08 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

    2007-12-21 08:08 --------- d-----w C:\Arquivos de programas\Free Download Manager

    2007-12-21 08:07 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Teleca Shared

    2007-12-20 16:44 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2007-12-19 04:03 --------- d-----w C:\Documents and Settings\Silas\Dados de aplicativos\MegauploadToolbar

    2007-12-09 14:33 --------- d-----w C:\Arquivos de programas\eMule

    2007-12-06 15:13 --------- d-----w C:\Arquivos de programas\UltraVNC

    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-11-28 00:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

    2007-11-17 16:44 --------- d-----w C:\Documents and Settings\Silas\Dados de aplicativos\InstallShield Installation Information

    2007-11-14 04:21 --------- d-----w C:\Arquivos de programas\TrackMania Nations ESWC

    2007-11-12 05:12 --------- d-----w C:\Arquivos de programas\PhotoFiltre

    2007-11-04 14:10 --------- d-----w C:\Arquivos de programas\TVC

    2007-11-03 17:24 --------- d-----w C:\Arquivos de programas\WM Converter

    2007-11-02 14:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2007-11-02 14:42 --------- d-----w C:\Documents and Settings\Silas\Dados de aplicativos\InterTrust

    2007-11-02 06:41 --------- d-----w C:\Arquivos de programas\Sony Ericsson

    2007-11-02 03:39 --------- d-----w C:\Arquivos de programas\MediaCoder

    2007-11-02 03:10 --------- d-----w C:\Arquivos de programas\Keronsoft

    2007-11-02 02:20 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

    2007-11-02 01:35 --------- d-----w C:\Arquivos de programas\NCH Software

    2007-10-27 03:37 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

    2007-10-24 05:45 --------- d-----w C:\Documents and Settings\Silas\Dados de aplicativos\IrfanView

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4290FE95-208A-469F-A985-61744268C6EA}]

    C:\WINDOWS\system32\ssqrq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B6FF1CA-C8FE-4286-A7D7-5FB26484F288}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62F06300-7F29-4DA4-95D4-5E6CB789B082}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92143A52-49CD-450F-91E3-29D6985D4730}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5B2DBC6-4D3F-4D8E-A15F-44C0A0067380}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 18:42 C:\WINDOWS\SOUNDMAN.EXE]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]

    FriendlyName= RapidShare: 1-Click Webhosting

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbaww]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uklogian]

    uklogian.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

    backup=C:\WINDOWS\pss\Windows32.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmgra]

    C:\WINDOWS\system32\export.com

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows32]

    C:\Arquivos de programas\Windows32.exe

    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]

    R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 13:43]

    R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]

    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]

    S3 FXDRV;FXDRV;E:\Fxdrv.sys []

    S3 printio;printio;C:\DOCUME~1\Silas\CONFIG~1\Temp\u\1194153955\printio.sys []

    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 10:58]

    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

    S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 11:11]

    S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 11:11]

    S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 11:11]

    S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 11:11]

    S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 11:11]

    S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 11:11]

    S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 11:11]

    S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 05:42]

    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 05:42]

    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 05:42]

    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 05:42]

    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 05:42]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71779c06-a915-11dc-a0cf-001558b2ba5b}]

    \Shell\Auto\command - fun.xls.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81f225ca-7ec3-11dc-a00b-001558b2ba5b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81f225cb-7ec3-11dc-a00b-001558b2ba5b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    .

    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-22 13:25:54

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ*veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusÆo: 2007-12-22 13:27:16 - machine was rebooted

    .

    2007-11-15 06:23:31 --- E O F ---

    -------------------------------------------------------------------

    Segue o novo log do hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:32:35, on 22/12/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: (no name) - {4290FE95-208A-469F-A985-61744268C6EA} - C:\WINDOWS\system32\ssqrq.dll (file missing)

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

    O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

    O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: uklogian - uklogian.dll (file missing)

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

    O24 - Desktop Component 0: (no name) - http://baixaki.ig.com.br/imagens/wpapers/WagnerGuerra005800.jpg

    O24 - Desktop Component 2: RapidShare: 1-Click Webhosting - http://rapidshare.com/files/54389861/Sexxxy.2007.Tudo.O.Que.voce.Quer.Em.Uma.Mulher.Cena4.Ju.Pantera.DVDRip.by.P33PiNG.wmv

    --

    End of file - 5849 bytes

    Desculpe-me, não consegui anexar o arquivo q você pedio!!!!

    Mais uma vez agradeço por estar me ajudando....!!

    Aguardo!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

    O2 - BHO: (no name) - {4290FE95-208A-469F-A985-61744268C6EA} - C:\WINDOWS\system32\ssqrq.dll (file missing)

    O20 - Winlogon Notify: uklogian - uklogian.dll (file missing)

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - No mais, o log está limpo :)

    - Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

    - Atualize o Internet Explorer:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

    - Apague a pasta backups que está em C:\Arquivos de programas\Trend Micro\HijackThis;

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar erros > Corrigir Erros

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • fiz td q você mandou!

    Novo log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 02:25:42, on 23/12/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\Quintessential Player\QCDPlayer.exe

    C:\ARQUIV~1\FREEDO~1\fdm.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: (no name) - {4290FE95-208A-469F-A985-61744268C6EA} - (no file)

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

    O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

    O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

    O24 - Desktop Component 0: (no name) - http://baixaki.ig.com.br/imagens/wpapers/WagnerGuerra005800.jpg

    O24 - Desktop Component 2: RapidShare: 1-Click Webhosting - http://rapidshare.com/files/54389861/Sexxxy.2007.Tudo.O.Que.voce.Quer.Em.Uma.Mulher.Cena4.Ju.Pantera.DVDRip.by.P33PiNG.wmv

    --

    End of file - 6434 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Muito obrigado pela sua ajuda JoseMelo!

    deixarei o PC em obs.

    Depois posto p V6 encerrarem o tópico!

    Abraços T+!:D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×