Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
aranha394

HiJackThis log file

Recommended Posts

meu pc ta dando uma mensagem sobre sysfader e aqui ta meu log file

valeu pela atençao

Logfile of HijackThis v1.99.1

Scan saved at 21:56:57, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hi\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui ta o resultado do scan

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 23, 2008 3:25:33 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 23/03/2008

Kaspersky Anti-Virus database records: 655287

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

Scan Statistics:

Total number of scanned objects: 107085

Number of viruses found: 20

Number of infected objects: 37

Number of suspicious objects: 0

Duration of the scan process: 01:54:01

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Back-up\Arquivos de programas\Tibia Auto\tibiaauto.exe Infected: Backdoor.Win32.Bifrose.epa skipped

C:\Back-up\Back-up\Arquivos de programas\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3BROVLY.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3SHLLVW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\Back-up\Back-up\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Back-up\Back-up\Arquivos de programas\NewDotNet\nncore.dll Infected: not-a-virus:AdWare.Win32.OneStep.e skipped

C:\Back-up\Back-up\Arquivos de programas\NewDotNet\nnrun.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\Back-up\Documents and Settings\user\Configurações locais\Temp\NER32.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012008032320080324\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4892A79D-00A3-482B-815B-6E7C2C4A1CA4}\RP0\A0000005.cmd Infected: Trojan.BAT.KillAV.gh skipped

C:\System Volume Information\_restore{4892A79D-00A3-482B-815B-6E7C2C4A1CA4}\RP14\A0002645.exe Infected: Trojan.Win32.Filco.a skipped

C:\System Volume Information\_restore{4892A79D-00A3-482B-815B-6E7C2C4A1CA4}\RP35\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_540.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

fiz o q você pediu e agora?

ComboFix 08-03-23.2 - Administrador 2008-03-23 18:58:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.679 [GMT -3:00]

Executando de: C:\Back-up\Documents and Settings\user\Meus documentos\Gabriel\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-23 12:28 . 2008-03-23 12:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-23 12:28 . 2008-03-23 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-22 23:47 . 2008-03-22 23:47 <DIR> d-------- C:\Arquivos de programas\Uniblue

2008-03-22 23:36 . 2008-03-22 23:36 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Uniblue

2008-03-22 21:51 . 2008-03-22 21:52 <DIR> d-------- C:\hi

2008-03-22 13:23 . 2008-03-22 23:47 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-21 20:20 . 2008-03-21 20:20 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-03-21 20:20 . 2008-03-21 20:20 <DIR> d-------- C:\Arquivos de programas\iPod

2008-03-21 20:20 . 2008-03-23 18:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-21 20:20 . 2008-03-21 20:20 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-21 20:19 . 2008-03-21 20:20 <DIR> d-------- C:\Arquivos de programas\iTunes

2008-03-21 20:19 . 2008-03-21 20:19 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-03-21 20:18 . 2008-03-21 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-03-21 20:18 . 2008-03-21 20:18 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-03-21 20:17 . 2008-03-21 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-03-21 20:17 . 2008-03-21 20:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-03-21 20:11 . 2008-03-21 20:12 <DIR> d-------- C:\Arquivos de programas\Google

2008-03-21 13:22 . 2008-03-23 12:46 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-03-21 13:22 . 2008-03-21 13:22 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-18 19:52 . 2005-09-19 16:43 177,664 --a------ C:\WINDOWS\system32\LXROSUI.DLL

2008-03-18 18:27 . 2008-03-18 18:37 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-03-18 11:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-18 11:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-18 11:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-18 11:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-18 11:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-18 11:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-18 11:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-18 11:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-17 14:34 . 2008-03-17 14:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraes locais

2008-03-17 14:28 . 2008-03-17 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-03-17 14:28 . 2008-03-17 14:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-03-17 14:20 . 2008-03-23 12:52 51 --a------ C:\WINDOWS\GunzLauncher.INI

2008-03-17 14:15 . 2008-03-17 14:15 <DIR> d-------- C:\Arquivos de programas\LevelUpGames

2008-03-16 22:07 . 2008-03-16 22:07 268 --ah----- C:\sqmdata06.sqm

2008-03-16 22:07 . 2008-03-16 22:07 244 --ah----- C:\sqmnoopt06.sqm

2008-03-16 20:33 . 2008-03-16 20:33 268 --ah----- C:\sqmdata05.sqm

2008-03-16 20:33 . 2008-03-16 20:33 244 --ah----- C:\sqmnoopt05.sqm

2008-03-16 15:19 . 2008-03-16 15:19 268 --ah----- C:\sqmdata04.sqm

2008-03-16 15:19 . 2008-03-16 15:19 244 --ah----- C:\sqmnoopt04.sqm

2008-03-16 14:13 . 2008-03-16 14:13 268 --ah----- C:\sqmdata03.sqm

2008-03-16 14:13 . 2008-03-16 14:13 244 --ah----- C:\sqmnoopt03.sqm

2008-03-16 12:49 . 2008-03-16 12:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-03-16 12:28 . 2008-03-16 12:28 <DIR> d-------- C:\Arquivos de programas\Real

2008-03-16 12:28 . 2008-03-16 12:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-03-13 22:37 . 2005-09-19 16:43 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-02-29 16:30 . 2003-07-20 06:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-02-29 16:30 . 2005-01-03 21:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-02-29 13:21 . 2008-02-29 13:29 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-29 13:20 . 2008-02-29 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-29 13:20 . 2008-02-29 13:22 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-29 12:35 . 2008-02-29 12:35 <DIR> d-------- C:\Arquivos de programas\Gravity

2008-02-27 20:27 . 2006-08-21 06:14 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys

2008-02-27 20:27 . 2006-08-21 06:14 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe

2008-02-27 20:27 . 2006-08-21 09:27 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll

2008-02-27 20:16 . 2007-10-25 13:57 8,484,352 --------- C:\WINDOWS\system32\DllCache\shell32.dll

2008-02-27 20:14 . 2007-07-09 10:09 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll

2008-02-27 20:00 . 2008-03-23 13:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2008-02-27 19:59 . 2008-02-28 17:54 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-02-27 19:59 . 2006-12-07 02:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

2008-02-27 19:58 . 2008-02-27 19:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-02-27 19:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-27 19:45 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-02-27 19:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-27 19:45 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-02-27 19:45 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-02-27 19:45 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-02-27 19:42 . 2005-09-19 16:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-27 13:00 . 2008-02-27 13:00 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-02-27 12:55 . 2008-02-27 12:55 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-02-27 12:32 . 2006-06-14 05:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2008-02-27 12:32 . 2006-02-14 21:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2008-02-27 12:32 . 2006-06-14 06:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-02-27 12:32 . 2005-09-19 16:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-02-27 12:32 . 2005-09-19 16:43 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-02-27 12:32 . 2005-09-19 16:43 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-02-27 12:32 . 2006-06-14 05:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-02-27 12:32 . 2005-09-19 16:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2008-02-27 12:32 . 2008-02-27 12:32 268 --ah----- C:\sqmdata02.sqm

2008-02-27 12:32 . 2008-02-27 12:32 244 --ah----- C:\sqmnoopt02.sqm

2008-02-27 12:31 . 2008-02-27 12:31 <DIR> d-------- C:\WINDOWS\Motorola

2008-02-27 12:31 . 2005-09-19 16:43 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2008-02-27 12:31 . 2005-09-19 16:43 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-02-27 12:31 . 2005-09-19 16:43 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-02-27 12:31 . 2005-09-19 16:43 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2008-02-27 12:31 . 2005-09-19 16:43 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-02-27 12:31 . 2005-09-19 16:43 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-02-27 12:31 . 2005-09-19 16:43 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2008-02-27 12:31 . 2005-09-19 16:43 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-02-27 11:20 . 2008-02-27 11:20 268 --ah----- C:\sqmdata01.sqm

2008-02-27 11:20 . 2008-02-27 11:20 244 --ah----- C:\sqmnoopt01.sqm

2008-02-27 10:44 . 2008-02-27 10:44 <DIR> d-------- C:\Arquivos de programas\Backup Magic

2008-02-27 10:40 . 2008-02-27 12:37 <DIR> d-------- C:\Back-up

2008-02-27 10:31 . 2008-02-27 10:31 268 --ah----- C:\sqmdata00.sqm

2008-02-27 10:31 . 2008-02-27 10:31 244 --ah----- C:\sqmnoopt00.sqm

2008-02-27 10:28 . 2008-03-21 20:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-02-27 10:27 . 2008-02-27 10:27 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InterVideo

2008-02-27 10:26 . 2008-02-27 10:26 <DIR> d-------- C:\Program Files

2008-02-27 10:26 . 2008-02-27 10:26 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-02-27 10:26 . 2008-02-27 10:26 <DIR> d-------- C:\Arquivos de programas\DivX

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 17:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-16 15:59 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-03-16 15:59 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-03-16 15:59 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-03-16 15:59 158,456 ------w C:\WINDOWS\system32\pxwma.dll

2008-02-27 11:57 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-02-27 11:48 --------- d-----w C:\Arquivos de programas\ESET

2008-02-27 11:43 --------- d-----w C:\Arquivos de programas\Java

2008-02-27 11:42 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-02-27 11:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-02-27 11:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-02-27 11:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-27 11:35 4,128 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1

2008-01-11 05:37 44,544 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-21 20:12 171448]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HDAShCut.exe]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-16 12:49 185896]

"QuickTime Task"="C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-04 00:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:34 44544]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

InterVideo WinCinema Manager.lnk - C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-02-27 10:25:30 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 23:18:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 19:00:09

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-23 19:01:52

ComboFix-quarantined-files.txt 2008-03-23 22:01:49

.

2008-03-16 17:16:05 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale o MSN Messenger e faça a reinstalação;

No mais, o log está limpo :)

Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×