Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
RobZanetti

Win32:Agent - Trojan e malware

Recommended Posts

Fala pessoal... advinhem, preciso de ajuda. Normalmente eu leio vários tópicos antes e consigo resolver os problemas... mas esse tá difícil.

Segue log:

Logfile of HijackThis v1.99.1

Scan saved at 02:34:13, on 01/01/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

D:\programas\Alwil Software\Avast4\aswUpdSv.exe

D:\programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

D:\programas\Alwil Software\Avast4\ashMaiSv.exe

D:\programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\ipgu32.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

D:\programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe

C:\WINDOWS\winsg32.exe

D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ifjgz.dll/sp.html#28129%resultposition.net

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {17094FC7-F985-CD03-CB64-049B61C2C70E} - C:\WINDOWS\system32\addbo.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: Class - {83E737CF-4567-17A1-95AF-D5FC7653A2E0} - C:\WINDOWS\system32\atljz.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ipgu32.exe] C:\WINDOWS\ipgu32.exe

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [avast!] D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = D:\programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.218/g_bin/eng/chess_2_0_0_16.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABED5C1-18D6-4D21-853D-3C5B2CE8BF34}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Aguardo ajuda... valeu!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

1) Download SpHjfix.exe

2) Download about:Buster

unzip para -> C:\aboutbuster, execute-o, apenas para: clica "Update".

3) Download CWShredder.

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

1) Dê um duplo clique em -> SpHjfix.exe -> Desinfektion starten

2) Na seqüência Rode o About:Buster e clique em Begin Removal.

Espere ele terminar. Quando ele terminar, clique em Exit.

3) Rode a CWShredder e clique em Fix.

Reboot

Por favor queira postar os logs aboutbuster e SpHjfix, para verificação , e log HJThis feito no modo normal a partir de -> C:\HijackThis\HijackThis.exe, ok

Compartilhar este post


Link para o post
Compartilhar em outros sites

você manda Sr. Ida... obrigado mesmo!

Bom, o Aboutbuster não forneceu relatório e não permitiu que eu visualizasse o log. E foi o único que encontrou algo e realmente "trabalhou"..

Os outros estão aqui, como pediu:

CWShredder

**** Run Keys ****

RUN: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

RUN: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

RUN: [Acrobat Assistant 7.0] "D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

RUN: []

RUN: [RemoteControl] "D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

RUN: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

RUN: [ipgu32.exe] C:\WINDOWS\ipgu32.exe

RUN: [A.tmp] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

RUN: [A.tmp.exe] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

RUN: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

RUN: [avast!] D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

RUN: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] D:\programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: [Class] C:\WINDOWS\system32\addbo.dll

BHO: [ssh2 Class] C:\WINDOWS\system32\scpsssh2.dll

BHO: [Class] C:\WINDOWS\system32\atljz.dll

BHO: [AcroIEToolbarHelper Class] D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

**** IE Toolbars ****

TOOLBAR: [Adobe PDF] D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

**** IE Extensions ****

IEExt: [Messenger] C:\Arquivos de programas\Messenger\msmsgs.exe

**** Hosts File Entries ****

**** IE Settings ****

IEBypass: 127.0.0.1

Default Page: http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

Default Search: http://home.microsoft.com/search/search.asp

Local Page: C:\WINDOWS\system32\blank.htm

Search Bar: http://home.microsoft.com/search/search.asp

Search Page: http://home.microsoft.com/search/search.asp

**** IE Context Menu (Right click) ****

IEContext: [Convert link target to Adobe PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IEContext: [Convert link target to existing PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IEContext: [Convert selected links to Adobe PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IEContext: [Convert selected links to existing PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IEContext: [Convert selection to Adobe PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IEContext: [Convert selection to existing PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IEContext: [Convert to Adobe PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IEContext: [Convert to existing PDF] res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IEContext: [E&xportar para o Microsoft Excel] res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]

LSP: MSAFD Tcpip [uDP/IP]

LSP: RSVP UDP Service Provider

LSP: RSVP TCP Service Provider

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2649B697-A103-47D1-BE57-B9008BFCF0E2}] SEQPACKET 3

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2649B697-A103-47D1-BE57-B9008BFCF0E2}] DATAGRAM 3

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ECBFE7F1-085F-49A6-BAE0-0480CE011463}] SEQPACKET 0

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ECBFE7F1-085F-49A6-BAE0-0480CE011463}] DATAGRAM 0

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0CCFD242-DC36-42C7-81F5-DDE5C73FC913}] SEQPACKET 1

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0CCFD242-DC36-42C7-81F5-DDE5C73FC913}] DATAGRAM 1

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AE2F8BF-5753-4ED4-A2B1-5119194AAC06}] SEQPACKET 2

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AE2F8BF-5753-4ED4-A2B1-5119194AAC06}] DATAGRAM 2

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A52FB09C-1B26-4F01-A8F6-AD9D4D51E551}] SEQPACKET 4

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A52FB09C-1B26-4F01-A8F6-AD9D4D51E551}] DATAGRAM 4

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5ABED5C1-18D6-4D21-853D-3C5B2CE8BF34}] SEQPACKET 5

LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5ABED5C1-18D6-4D21-853D-3C5B2CE8BF34}] DATAGRAM 5

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No

BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]

{2E3C3651-B19C-4DD9-A979-901EC3E930AF} [https://cpib.bradesco.com.br/scpsssh2.cab] C:\WINDOWS\system32\scpiburl.bin C:\WINDOWS\system32\scpibdns.bin C:\WINDOWS\system32\sshib.dll C:\WINDOWS\system32\scpibwct.bin C:\WINDOWS\system32\scpibsig.bin C:\WINDOWS\system32\scpMIB.dll C:\WINDOWS\system32\scpsssh2.dll

{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [https://support.microsoft.com/OAS/ActiveX/odc.cab]

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://acs.pandasoftware.com/activescan/as5free/asinst.cab]

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab]

{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]

{DCB16E44-D6DB-473E-A251-F6FBB381C1C3} [http://200.212.184.218/g_bin/eng/chess_2_0_0_16.cab]

**** Windows Services ****

[Adobe LM Service] "C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe"

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService

[ALG] %SystemRoot%\System32\alg.exe

[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs

[aswUpdSv] "D:\programas\Alwil Software\Avast4\aswUpdSv.exe"

[Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe

[ATI Smart] C:\WINDOWS\system32\ati2sgag.exe

[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs

[avast! Antivirus] "D:\programas\Alwil Software\Avast4\ashServ.exe"

[avast! Mail Scanner] "D:\programas\Alwil Software\Avast4\ashMaiSv.exe" /service

[avast! Web Scanner] "D:\programas\Alwil Software\Avast4\ashWebSv.exe" /service

[bITS] %SystemRoot%\System32\svchost.exe -k netsvcs

[browser] %SystemRoot%\System32\svchost.exe -k netsvcs

[cisvc] C:\WINDOWS\System32\cisvc.exe

[ClipSrv] %SystemRoot%\system32\clipsrv.exe

[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs

[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch

[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs

[dmadmin] %SystemRoot%\System32\dmadmin.exe /com

[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs

[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService

[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs

[Eventlog] %SystemRoot%\system32\services.exe

[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs

[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs

[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs

[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs

[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter

[imapiService] C:\WINDOWS\System32\imapi.exe

[inCDsrv] C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs

[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs

[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService

[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs

[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe

[MSDTC] C:\WINDOWS\System32\msdtc.exe

[MSIServer] C:\WINDOWS\system32\msiexec.exe /V

[NetDDE] %SystemRoot%\system32\netdde.exe

[NetDDEdsdm] %SystemRoot%\system32\netdde.exe

[Netlogon] %SystemRoot%\System32\lsass.exe

[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs

[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs

[NtLmSsp] %SystemRoot%\System32\lsass.exe

[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs

[PlugPlay] %SystemRoot%\system32\services.exe

[PolicyAgent] %SystemRoot%\System32\lsass.exe

[ProtectedStorage] %SystemRoot%\system32\lsass.exe

[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs

[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs

[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe

[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs

[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService

[RpcLocator] %SystemRoot%\System32\locator.exe

[RpcSs] %SystemRoot%\system32\svchost -k rpcss

[RSVP] %SystemRoot%\System32\rsvp.exe

[samSs] %SystemRoot%\system32\lsass.exe

[sCardSvr] %SystemRoot%\System32\SCardSvr.exe

[schedule] %SystemRoot%\System32\svchost.exe -k netsvcs

[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs

[sENS] %SystemRoot%\system32\svchost.exe -k netsvcs

[sharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs

[shellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs

[soundMAX Agent Service (default)] C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[spooler] %SystemRoot%\system32\spoolsv.exe

[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs

[sSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService

[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc

[swPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{6DC7BFE4-18EB-4623-AEF5-91322CF58C14}

[sysmonLog] %SystemRoot%\system32\smlogsvc.exe

[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs

[TermService] %SystemRoot%\System32\svchost -k DComLaunch

[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs

[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe

[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs

[uMWdf] C:\WINDOWS\system32\wdfmgr.exe

[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService

[uPS] %SystemRoot%\System32\ups.exe

[usprserv] %SystemRoot%\System32\svchost.exe -k netsvcs

[VSS] %SystemRoot%\System32\vssvc.exe

[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs

[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService

[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs

[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs

[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs

[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe

[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs

[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs

[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs

[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [searchAssistant] http://home.microsoft.com/search/search.asp

SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]

IEOPT: [NoJITSetup]

IEOPT: [Disable Script Debugger] yes

IEOPT: [show_ChannelBand] No

IEOPT: [Anchor Underline] yes

IEOPT: [Cache_Update_Frequency] Once_Per_Session

IEOPT: [Display Inline Images] yes

IEOPT: [Do404Search]

IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm

IEOPT: [save_Session_History_On_Exit] no

IEOPT: [show_FullURL] no

IEOPT: [show_StatusBar] yes

IEOPT: [show_ToolBar] yes

IEOPT: [show_URLinStatusBar] yes

IEOPT: [show_URLToolBar] yes

IEOPT: [start Page] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [use_DlgBox_Colors] yes

IEOPT: [search Page] http://home.microsoft.com/search/search.asp

IEOPT: [Check_Associations] yes

IEOPT: [FullScreen] no

IEOPT: [Window_Placement] ,

IEOPT: [NotifyDownloadComplete] no

IEOPT: [use FormSuggest] yes

IEOPT: [AddToFavoritesExpanded]

IEOPT: [FormSuggest PW Ask] no

IEOPT: [use Search Asst] no

IEOPT: [search Bar] http://home.microsoft.com/search/search.asp

IEOPT: [Enable Browser Extensions] yes

IEOPT: [save Directory] C:\Documents and Settings\Backup TP\Meus documentos\

IEOPT: [Error Dlg Displayed On Every Error] no

IEOPT: [Error Dlg Details Pane Open] no

IEOPT: [NoSaveAsPOSTWarning]

IEOPT: [FormSuggest Passwords] yes

IEOPT: [Move System Caret] no

IEOPT: [Expand Alt Text] no

IEOPT: [Print_Background] no

IEOPT: [Enable_MyPics_Hoverbar] yes

IEOPT: [Enable AutoImageResize] yes

IEOPT: [show image placeholders]

IEOPT: [Play_Animations] yes

IEOPT: [Display Inline Videos] yes

IEOPT: [Play_Background_Sounds] yes

IEOPT: [useThemes]

IEOPT: [NoWebJITSetup]

IEOPT: [FavIntelliMenus] no

IEOPT: [Page_Transitions]

IEOPT: [DisableScriptDebuggerIE] yes

IEOPT: [NscSingleExpand]

IEOPT: [Force Offscreen Composition]

IEOPT: [Friendly http errors] yes

IEOPT: [showGoButton] yes

IEOPT: [AllowWindowReuse]

IEOPT: [smoothScroll]

IEOPT: [LastCheckedHi]

IEOPT: [ControlTooltipCount]

IEOPT: [Default_Page_URL] http://home.microsoft.com/search/search.asp

IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [searchAssistant] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [HomeOldSP] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [Default_Search_URL] http://home.microsoft.com/search/search.asp

IEOPT: [search Page] http://home.microsoft.com/search/search.asp

IEOPT: [Enable_Disk_Cache] yes

IEOPT: [Cache_Percent_of_Disk]

IEOPT: [Delete_Temp_Files_On_Exit] yes

IEOPT: [Local Page] %SystemRoot%\system32\blank.htm

IEOPT: [Anchor_Visitation_Horizon]

IEOPT: [use_Async_DNS] yes

IEOPT: [Placeholder_Width]

IEOPT: [Placeholder_Height]

IEOPT: [start Page] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [CompanyName] Microsoft Corporation

IEOPT: [Custom_Key] MICROSO

IEOPT: [Wizard_Version] 6.0.2600.0000

IEOPT: [FullScreen] no

IEOPT: [use Search Asst] no

IEOPT: [search Bar] http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

IEOPT: [searchAssistant] http://home.microsoft.com/search/search.asp

IEOPT: [HomeOldSP] http://home.microsoft.com/search/search.asp

SpHjfix

(1/1/02 04:20:54) SPSeHjFix started v1.1.2

(1/1/02 04:20:54) OS: WinXP Service Pack 2 (5.1.2600)

(1/1/02 04:20:54) Language: português

(1/1/02 04:20:54) Win-Path: C:\WINDOWS

(1/1/02 04:20:54) System-Path: C:\WINDOWS\system32

(1/1/02 04:20:54) Temp-Path: C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\

(1/1/02 04:20:59) Disinfection started

(1/1/02 04:20:59) UBF: 4 - UBB: 4 - UBR: 14

(1/1/02 04:20:59) UBF: 4 - UBB: 4 - UBR: 14

(1/1/02 04:20:59) Stealth-String not found

(1/1/02 04:20:59) Not infected->END

Já já posto o HijackThis a partir do C:/

valeu

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito bem

cade o log HJthis feito a partir de C: / ...

e log HJThis feito no modo normal a partir de -> C:\HijackThis\HijackThis.exe, ok

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log C:/HijackThis como pedido..

Logfile of HijackThis v1.99.1

Scan saved at 04:54:59, on 01/01/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {17094FC7-F985-CD03-CB64-049B61C2C70E} - C:\WINDOWS\system32\addbo.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: Class - {83E737CF-4567-17A1-95AF-D5FC7653A2E0} - C:\WINDOWS\system32\atljz.dll (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ipgu32.exe] C:\WINDOWS\ipgu32.exe

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [avast!] D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = D:\programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.218/g_bin/eng/chess_2_0_0_16.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Ufa... é isso aí, valeu por enquanto Sr. Ida.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito bem

Baixa ferramenta Symantec

Download CCleaner

Opcional (um dos 02)

1. Download o Ad Aware clica aqui. Procure atualizar, e siga as instruções do site. Não roda ainda.

2. Faça o download do ewido

http://www.ewido.net/en/download/

• Selecione "English" como idioma para a instalação

• Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

• Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

• Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

• Saia do ewido e não rode um scan completo ainda

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque

somente as entradas abaixo e dê Fix Checked.

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {17094FC7-F985-CD03-CB64-049B61C2C70E} - C:\WINDOWS\system32\addbo.dll (file missing)

O2 - BHO: Class - {83E737CF-4567-17A1-95AF-D5FC7653A2E0} - C:\WINDOWS\system32\atljz.dll (file missing)

O4 - HKLM\..\Run: [ipgu32.exe] C:\WINDOWS\ipgu32.exe

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

Configure o Windows para mostrar todos os arquivos

Via Windows Explorer apague/delete

C:\WINDOWS\ipgu32.exe

C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

C:\DOCUME~1\BACKUP~1\CONFIG~1\Temp\A.tmp.exe

C:\WINDOWS\winsg32.exe

Execute a ferramenta da Symantec

Rode um dos opcionais ou se preferir os 02.

• Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

• O ewido detecta alguns programas legítimos. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

Ao término da varredura, localize o screen com nome de -> Save report

• Quando o ewido terminar, feche-o.

Rode o Ad Aware

Roda o CCleaner -> veja

Reinicie em modo normal.

Postar um novo log Hijackthis feito no modo normal windows + log ewido

Veja se foi resolvido o problema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Ida não... Mestre Ida!! Nem sei como agradecer..

O micro ficou mais rápido e o Avast não apita mais. Acredito que acabaram os problemas sim.

Se tu fosse mulher, eu te dava um beijo na boca.. ahahahaha valeu memo

Segue log finais

Logfile of HijackThis v1.99.1

Scan saved at 08:10:49, on 02/01/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

D:\programas\Alwil Software\Avast4\aswUpdSv.exe

D:\programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

D:\programas\Alwil Software\Avast4\ashMaiSv.exe

D:\programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe

C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe

D:\programas\WinZip\WZQKPICK.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [avast!] D:\SOFTWA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = D:\programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.218/g_bin/eng/chess_2_0_0_16.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 05:29:45, 02/01/2002

+ Relatório-Checksum: 4D515703

+ Resultado da verificação:

Não foram encontrados ficheiros infectados!

::Fim do Relatório

Compartilhar este post


Link para o post
Compartilhar em outros sites

RobZanetti

+ Criado em: 05:29:45, 02/01/2002
+ Relatório-Checksum: 4D515703

+ Resultado da verificação:

Não foram encontrados ficheiros infectados!

+ -> Log limpo!

:-BEER

Leia o artigo Proteja seu PC para evitar futuras infecções:

http://linhadefensiva.uol.com.br/artigos/proteja-seu-pc/

Desabilite e reabilite a Restauração do Sistema:

http://linhadefensiva.uol.com.br/docs/rest...cao-do-sistema/

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×