Ir ao conteúdo
  • Cadastre-se
jonnsl373

virus que insiste em ficar voltando

Posts recomendados

o computador da minha irmã tava com virus, ai eu passei o combofix e tirou um monte de virus, instalei um antivirus e instalei o service pack 2, só que o avast continua falando que tem virus, mando excluir e ele volta, o combofix tambem toda vez que passa tira um monte de virus mas eles sempre voltam

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:03, on 2008-01-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SilentIdea\silentid.exe

C:\WINDOWS\system32\freecell.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Windows Update 32] svchost32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update 32] svchost32.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update 32] svchost32.exe (User 'Default user')

O4 - Startup: SilentId.lnk = C:\Arquivos de programas\SilentIdea\silentid.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYBR

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab

O20 - AppInit_DLLs: hookhelp.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 4739 bytes

>>>>>>>>>>>>>>COMBOFIX<<<<<<<<<<<<<<<

ComboFix 07-12-31.4 - Pessoal 2008-01-01 14:58:27.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.134 [GMT -2:00]

Executando de: C:\Documents and Settings\Pessoal\Desktop\ComboFix.exe

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))

.

2008-01-01 16:18 . 2000-01-01 00:38 16,223 --a------ C:\WINDOWS\nbucpf.exe

2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 02:33 . 2008-01-01 02:33 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-01-01 02:28 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-01 02:28 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-01 02:28 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-01 02:28 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-01 02:28 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-01 02:28 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-01 02:28 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-01 02:28 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-01 02:24 . 2008-01-01 02:24 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-01-01 02:15 . 2008-01-01 02:32 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-01-01 02:12 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-01-01 02:11 . 2004-08-04 00:45 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax

2008-01-01 02:11 . 2004-08-04 00:45 164,352 --------- C:\WINDOWS\system32\wstpager.ax

2008-01-01 02:11 . 2004-08-04 00:44 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll

2008-01-01 02:11 . 2004-08-04 00:45 53,248 --------- C:\WINDOWS\system32\vbicodec.ax

2008-01-01 02:11 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys

2008-01-01 02:11 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe

2008-01-01 02:07 . 2008-01-01 02:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-01-01 02:06 . 2008-01-01 02:06 20 --a------ C:\Documents and Settings\Pessoal\mhsha1.dat

2008-01-01 02:02 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002442_.tmp

2008-01-01 01:58 . 2008-01-01 02:11 <DIR> d-------- C:\WINDOWS\EHome

2008-01-01 01:28 . 2000-01-01 22:05 15,104 --a------ C:\WINDOWS\system32\drivers\msconkt.sys

2008-01-01 00:18 . 2008-01-01 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-01-01 00:18 . 2008-01-01 00:18 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-01-01 00:18 . 2007-04-27 09:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-01 00:18 . 2007-04-27 09:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-01-01 00:17 . 2008-01-01 00:18 <DIR> d-------- C:\Arquivos de programas\QuickTime Alternative

2008-01-01 00:17 . 2008-01-01 00:17 <DIR> d-------- C:\Arquivos de programas\Media Player Classic

2008-01-01 00:16 . 2008-01-01 00:16 <DIR> d-------- C:\Arquivos de programas\DivX

2008-01-01 00:14 . 2008-01-01 00:14 <DIR> d-------- C:\Arquivos de programas\ffdshow

2008-01-01 00:14 . 2007-07-10 21:03 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-01-01 00:14 . 2007-07-10 21:03 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-01-01 00:14 . 2007-07-10 21:03 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-01-01 00:13 . 2008-01-01 00:13 21,764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe

2008-01-01 00:12 . 2008-01-01 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-01-01 00:12 . 2008-01-01 00:12 <DIR> d-------- C:\Arquivos de programas\CoreCodec

2008-01-01 00:12 . 2008-01-01 00:12 <DIR> d-------- C:\Arquivos de programas\AC3Filter

2008-01-01 00:10 . 2008-01-01 00:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-31 23:57 . 2007-12-31 23:57 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-12-31 23:57 . 2007-12-31 23:59 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-12-31 22:43 . 2007-12-31 22:43 <DIR> d-------- C:\WINDOWS\system32\recover

2007-12-31 22:37 . 2007-12-31 23:22 <DIR> d-------- C:\LinhaDefensiva

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\Documents and Settings\Pessoal\Configuraþ§es locais

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2007-12-31 22:35 . 2007-12-31 22:35 <DIR> d-------- C:\Documents and Settings\Administrador.PESSOAL-O1Z88ON\Configuraþ§es locais

2007-12-30 00:35 . 2007-12-30 00:35 <DIR> d-------- C:\Documents and Settings\Pessoal\Dados de aplicativos\Publish Providers

2007-12-30 00:32 . 2007-12-30 00:32 <DIR> d-------- C:\Documents and Settings\Pessoal\Dados de aplicativos\Sony

2007-12-30 00:30 . 2007-12-30 00:30 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2007-12-30 00:30 . 2007-12-30 00:31 <DIR> d-------- C:\Arquivos de programas\Sony

2007-12-30 00:12 . 2004-08-04 00:45 1,433,088 --a------ C:\WINDOWS\system32\msvidctl.dll

2007-12-29 23:52 . 2007-12-30 00:12 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-29 23:49 . 2007-12-29 23:50 <DIR> d-------- C:\Documents and Settings\Pessoal\Dados de aplicativos\Sony Setup

2007-12-29 23:49 . 2007-12-29 23:49 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2007-12-16 23:00 . 2002-09-09 14:08 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-12-16 23:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-16 23:00 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-01 04:34 131 ----a-w C:\WINDOWS\Fonts\kvdxslcfb.dll

2008-01-01 04:34 117 ----a-w C:\WINDOWS\Fonts\raqjknib.dll

2008-01-01 04:34 116 ----a-w C:\WINDOWS\Fonts\jsqsbss.dll

2008-01-01 04:34 114 ----a-w C:\WINDOWS\Fonts\kafykcsb.dll

2008-01-01 04:34 111 ----a-w C:\WINDOWS\Fonts\ratbsnib.dll

2008-01-01 04:34 111 ----a-w C:\WINDOWS\Fonts\okmhdcsb.dll

2008-01-01 04:34 106 ----a-w C:\WINDOWS\Fonts\jsqzcssb.dll

2008-01-01 04:34 102 ----a-w C:\WINDOWS\Fonts\avwghinb.dll

2008-01-01 04:33 139 ----a-w C:\WINDOWS\Fonts\jsqxassb.dll

2008-01-01 04:33 122 ----a-w C:\WINDOWS\Fonts\wsmsecjb.dll

2008-01-01 04:33 120 ----a-w C:\WINDOWS\Fonts\gjtmass.dll

2008-01-01 04:33 116 ----a-w C:\WINDOWS\Fonts\gjfhass.dll

2008-01-01 04:33 113 ----a-w C:\WINDOWS\Fonts\swrcfcs.dll

2008-01-01 04:33 112 ----a-w C:\WINDOWS\Fonts\kawdicsb.dll

2008-01-01 04:33 111 ----a-w C:\WINDOWS\Fonts\kaqhlcsa.dll

2008-01-01 04:33 110 ----a-w C:\WINDOWS\Fonts\wszjdcj.dll

2008-01-01 04:33 110 ----a-w C:\WINDOWS\Fonts\kvdxlcfb.dll

2008-01-01 04:33 108 ----a-w C:\WINDOWS\Fonts\gjcscssb.dll

2008-01-01 04:33 107 ----a-w C:\WINDOWS\Fonts\kapjgcsb.dll

2008-01-01 04:33 101 ----a-w C:\WINDOWS\Fonts\avwliinc.dll

2008-01-01 04:16 109 ----a-w C:\WINDOWS\Fonts\avzxlinb.dll

2008-01-01 02:07 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-01-01 02:05 --------- d-----w C:\Arquivos de programas\Magic ASCII Studio

2008-01-01 02:01 23 ----a-w C:\WINDOWS\Fonts\hookhelp.ini

2008-01-01 01:47 112 ----a-w C:\WINDOWS\Fonts\rsmyjfgb.dll

2008-01-01 01:47 101 ----a-w C:\WINDOWS\Fonts\rarjenib.dll

2008-01-01 00:49 --------- d-----w C:\Documents and Settings\Pessoal\Dados de aplicativos\Slide

2008-01-01 00:45 --------- d-----w C:\Arquivos de programas\Slide

2008-01-01 00:44 --------- d-----w C:\Arquivos de programas\Ahead

2008-01-01 00:39 68 ----a-w C:\WINDOWS\Fonts\gjfhassb.dll

2008-01-01 00:38 53 ----a-w C:\WINDOWS\Fonts\kaqhlcsb.dll

2007-12-24 23:50 --------- d-----w C:\Documents and Settings\Pessoal\Dados de aplicativos\LimeWire

2007-10-22 05:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll

2007-10-22 05:37 66,056 ----a-w C:\WINDOWS\system32\dxdllreg.exe

2007-10-22 05:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll

2007-10-12 17:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll

2007-10-12 17:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll

2007-10-02 11:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll

2000-01-01 22:40 16,644 ----a-w C:\WINDOWS\Fonts\hookhelp.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 32,768 2004-11-02 22:24:46 C:\Arquivos de programas\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 5,001,216 2006-09-14 14:15:24 C:\Arquivos de programas\eMule\bak\emule.exe

----a-w 49,263 2006-07-26 05:03:14 C:\Arquivos de programas\Java\jre1.5.0_08\bin\bak\jusched.exe

----a-w 395,776 2000-08-31 19:33:34 C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\bak\DWinTrsl.exe

----a-w 13,312 2002-09-09 17:08:32 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-04 02:45:32 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Microsoft Windows Update 32"="svchost32.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"Microsoft Windows Update 32"="svchost32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Microsoft Windows Update 32"="svchost32.exe" []

C:\Documents and Settings\Pessoal\Menu Iniciar\Programas\Inicializar\

SilentId.lnk - C:\Arquivos de programas\SilentIdea\silentid.exe [2006-04-04 13:10:18]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{792FADFA-BCDE-ACDF-CDEF-21054865CBA7}"= C:\WINDOWS\system32\wsmsezx.dll [ ]

"{CC87A354-ABC3-DEDE-FF33-3213FD7447CC}"= C:\WINDOWS\system32\kvdxlma.dll [ ]

"{CD561258-45F3-A451-F908-A258458226DC}"= C:\WINDOWS\system32\kvdxslma.dll [ ]

"{1D908534-AD45-920F-AC89-4024FA9D26D1}"= C:\WINDOWS\system32\gjfhayc.dll [ ]

"{8A1247C1-53DA-FF43-ABD3-345F323A48D8}"= C:\WINDOWS\system32\avwghmn.dll [ ]

"{9960356A-458E-DE24-BD50-268F589A56A9}"= C:\WINDOWS\system32\avwlimn.dll [ ]

"{1C098A56-F90F-A789-901F-8906546720C1}"= C:\WINDOWS\system32\gjtmayc.dll [ ]

"{7A321487-4977-D98A-C8D5-6488257545A7}"= C:\WINDOWS\system32\kapjgzy.dll [ ]

"{BB681598-AD5F-BC8C-77DC-748FAC8D3FBB}"= C:\WINDOWS\system32\kafykzy.dll [ ]

"{00AC7236-9758-4887-9755-C8761F5FDE61}"= [ ]

"{1D098345-9012-8750-8910-9128098134D1}"= C:\WINDOWS\system32\jsqxayc.dll [ ]

"{C7D81718-1314-5200-2597-58790101807C}"= C:\WINDOWS\system32\kaqhlzy.dll [ ]

"{778A7521-FA87-34AB-34C2-4893F3AD34C7}"= C:\WINDOWS\system32\swrcfzc.dll [ ]

"{3FA10261-B890-F432-A453-69F1023513F3}"= C:\WINDOWS\system32\gjcscyc.dll [ ]

"{98907901-1416-3389-9981-372178569989}"= C:\WINDOWS\system32\kawdizy.dll [ ]

"{45679330-4034-9021-7012-909856721374}"= C:\WINDOWS\system32\wszjdzx.dll [ ]

"{47650011-3344-6688-4899-345FABCD1574}"= C:\WINDOWS\system32\ratbspi.dll [ ]

"{B4783410-4F90-34A0-7820-3230ACD05F4B}"= C:\WINDOWS\system32\raqjkpi.dll [ ]

"{2A098324-8631-9087-7650-8907643562A2}"= C:\WINDOWS\system32\jsqsbyc.dll [ ]

"{3C09F784-A234-B289-C209-D451E346F3C3}"= C:\WINDOWS\system32\jsqzcyc.dll [ ]

"{E159854F-6971-3456-6941-10235412974E}"= C:\WINDOWS\Fonts\hookhelp.dll [2000-01-01 20:40 16644]

"{4A57CAD1-412F-9547-713F-9641FA3FC7A4}"= C:\WINDOWS\system32\okmhdzy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=hookhelp.dll

R0 l1ov;l1o;C:\WINDOWS\system32\DRIVERS\l1ov.sys [2002-09-09 15:07]

R2 u7pisgtdj;u7pisgtdj;C:\WINDOWS\System32\drivers\u7pisgtdj.sys [2002-09-09 15:07]

S3 PciHardDisk;PciHardDisk;C:\WINDOWS\System32\fat32.sys []

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-01 15:01:33

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]

-> C:\WINDOWS\Fonts\hookhelp.dll

.

Tempo para conclusão: 2008-01-01 15:03:00

C:\qoobox\ComboFix2.txt 2008-01-01 01:51:42

.

2007-12-31 19:36:10 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

SDFix: Version 1.123

Run by Pessoal on 2008-01-03 at 17:59

Microsoft Windows XP [versão 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-03 18:04:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

---------------

Files with Hidden Attributes:

Wed 24 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 24 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"

Wed 24 Jan 2007 4,348 ...H. --- "C:\Documents and Settings\Pessoal\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1key.bak"

Sat 15 Sep 2007 401 A..H. --- "C:\Documents and Settings\Pessoal\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"

Tue 25 Jul 2006 312 A.SH. --- "C:\Documents and Settings\Pessoal\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv2key.bak"

Finished!

----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:21, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SilentIdea\silentid.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: SilentId.lnk = C:\Arquivos de programas\SilentIdea\silentid.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYBR

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab

O20 - AppInit_DLLs: hookhelp.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 4209 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...