Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
diego 2

Preciso de ajuda.

Recommended Posts

Indentifiquei a pasta netproject no meu pc e to achando que é virus.

E tambem toda vez q tento acessar a internet ao invés de abrir minha homer page vai para o site SECURITYPILLS.COM eo kasperky acusa malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-22.3 - Diego 2008-03-23 10:53:13.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.693 [GMT -3:00]

Executando de: C:\Documents and Settings\Diego\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Helper

C:\Arquivos de programas\Helper\1206168326.dll

C:\Documents and Settings\Diego\install.exe

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\UpMedia

.

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))

.

2008-03-23 01:08 . 2008-03-23 01:08 <DIR> d-------- C:\Arquivos de programas\Advanced Spyware Remover

2008-03-23 00:23 . 2008-03-23 00:23 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-22 13:17 . 2008-03-23 00:37 <DIR> d-------- C:\Program Files

2008-03-22 03:45 . 2008-03-22 14:32 <DIR> d-a------ C:\Arquivos de programas\NetProject

2008-03-07 19:47 . 2008-03-23 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-07 19:47 . 2008-03-23 11:04 4,040,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-07 19:47 . 2008-03-07 20:20 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-03-07 19:47 . 2008-03-07 20:20 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-03-07 19:47 . 2008-03-23 10:56 55,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-07 19:47 . 2008-03-23 10:57 42,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-07 19:47 . 2008-03-23 10:56 5,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-03-07 19:46 . 2008-03-07 19:46 <DIR> d-------- C:\KAV

2008-03-05 21:11 . 2008-03-05 21:11 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-03-05 20:51 . 2008-03-05 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-03 22:30 . 2008-03-03 22:30 <DIR> d-------- C:\Documents and Settings\Danilo\.smplayer

2008-03-02 17:03 . 2008-03-02 18:22 <DIR> d-------- C:\Documents and Settings\Diego\.smplayer

2008-03-02 17:02 . 2008-03-02 17:03 <DIR> d-------- C:\Arquivos de programas\SMPlayer

2008-03-02 12:40 . 2008-03-02 12:40 <DIR> d-------- C:\Arquivos de programas\LimeWire

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 14:04 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\Hamachi

2008-03-22 18:01 --------- d-----w C:\Arquivos de programas\Real

2008-03-22 17:58 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-22 17:58 --------- d-----w C:\Arquivos de programas\Google

2008-03-22 07:06 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-22 03:32 --------- d-----w C:\Arquivos de programas\Valve

2008-03-22 01:11 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\LimeWire

2008-03-06 21:45 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\Orbit

2008-03-05 00:54 --------- d---a-w C:\Arquivos de programas\Java

2008-02-23 22:40 --------- d-----w C:\Arquivos de programas\Canasis

2008-02-23 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-02-23 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-02-13 23:57 --------- d-----w C:\Arquivos de programas\AP Tuner

2008-02-09 18:37 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-09 18:36 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-01 23:45 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-01 23:44 --------- d-----w C:\Arquivos de programas\CoolSMS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

2008-03-23 10:40 10240 --a------ C:\Arquivos de programas\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Arquivos de programas\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Arquivos de programas\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [ ]

"CoolSMS"="C:\Arquivos de programas\CoolSMS\CoolSMS.exe" [2007-08-28 15:01 1067520]

"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-07-12 08:35 77824 C:\WINDOWS\SOUNDMAN.EXE]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [ ]

"wmp"="" []

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Discador iG"="C:\Arquivos de programas\iGAditivado\Discador iG.exe" [ ]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-02-22 23:40 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\Diego\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-02-09 15:36:49 619048]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R1 crlscsi;crlscsi;C:\WINDOWS\system32\drivers\crlscsi.sys [1995-11-07 05:57]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 11:04:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

.

**************************************************************************

.

Completion time: 2008-03-23 11:06:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-23 14:06:21

.

2008-03-13 01:44:53 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 11:19:59, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CoolSMS\CoolSMS.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Nova pasta\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Arquivos de programas\NetProject\sbmdl.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Arquivos de programas\NetProject\wamdl.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGAditivado\Discador iG.exe" boot

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.ww2.supertraffic.info

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4BE39F9-3EC9-4FE2-8275-4FD4C72F3589}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AntiSpywareShield"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"wmp"=-
"NWEReboot"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Poste o conteúdo do ComboFix.txt na sua resposta.

- Faça o download do FixWareOut

http://linhadefensiva.uol.com.br/dl/fixwareout

- Execute e instale-o. No fim da instalação deixe a caixa "Run Fixit" marcada e clique em "Finish".

Anexe o conteúdo do arquivo C:\fixwareout\report.txt aqui.

Obs.: Se você perder a conexão com a Internet, entre em contato com seu provedor e peça instruções para reconfigurar seus servidores de DNS.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-22.3 - Diego 2008-03-24 21:58:49.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.704 [GMT -3:00]

Executando de: C:\Documents and Settings\Diego\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Diego\Desktop\CFScript.txt;.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))

.

2008-03-23 11:18 . 2008-03-23 11:19 <DIR> d-------- C:\Nova pasta

2008-03-23 11:06 . 2008-03-23 11:06 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-03-23 11:06 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-03-23 11:06 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-03-23 11:06 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\Diego\Configuraþ§es locais

2008-03-23 01:08 . 2008-03-23 01:08 <DIR> d-------- C:\Arquivos de programas\Advanced Spyware Remover

2008-03-23 00:23 . 2008-03-23 00:23 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-22 13:17 . 2008-03-23 00:37 <DIR> d-------- C:\Program Files

2008-03-22 03:45 . 2008-03-24 21:53 <DIR> d-a------ C:\Arquivos de programas\NetProject

2008-03-07 19:47 . 2008-03-24 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-07 19:47 . 2008-03-24 22:00 4,153,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-07 19:47 . 2008-03-07 20:20 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-03-07 19:47 . 2008-03-07 20:20 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-03-07 19:47 . 2008-03-24 21:50 56,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-07 19:47 . 2008-03-24 22:00 48,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-07 19:47 . 2008-03-24 21:50 5,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-03-07 19:46 . 2008-03-07 19:46 <DIR> d-------- C:\KAV

2008-03-05 21:11 . 2008-03-05 21:11 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-03-05 20:51 . 2008-03-05 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-03 22:30 . 2008-03-03 22:30 <DIR> d-------- C:\Documents and Settings\Danilo\.smplayer

2008-03-02 17:03 . 2008-03-02 18:22 <DIR> d-------- C:\Documents and Settings\Diego\.smplayer

2008-03-02 17:02 . 2008-03-02 17:03 <DIR> d-------- C:\Arquivos de programas\SMPlayer

2008-03-02 12:40 . 2008-03-02 12:40 <DIR> d-------- C:\Arquivos de programas\LimeWire

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 00:52 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\Hamachi

2008-03-22 18:01 --------- d-----w C:\Arquivos de programas\Real

2008-03-22 17:58 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-22 17:58 --------- d-----w C:\Arquivos de programas\Google

2008-03-22 07:06 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-22 03:32 --------- d-----w C:\Arquivos de programas\Valve

2008-03-22 01:11 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\LimeWire

2008-03-06 21:45 --------- d-----w C:\Documents and Settings\Diego\Dados de aplicativos\Orbit

2008-03-05 00:54 --------- d---a-w C:\Arquivos de programas\Java

2008-02-23 22:40 --------- d-----w C:\Arquivos de programas\Canasis

2008-02-23 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-02-23 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-02-13 23:57 --------- d-----w C:\Arquivos de programas\AP Tuner

2008-02-09 18:37 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-09 18:36 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-01 23:45 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-01 23:44 --------- d-----w C:\Arquivos de programas\CoolSMS

.

((((((((((((((((((((((((((((( snapshot@2008-03-23_11.05.45.78 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-10-23 15:19:17 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2007-12-07 01:07:07 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

- 2006-10-23 15:19:17 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2007-12-07 01:07:07 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2006-10-23 15:19:17 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

+ 2007-12-07 01:07:08 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

- 2006-10-23 15:19:17 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

+ 2007-12-07 01:07:07 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

- 2006-10-23 15:19:17 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

+ 2007-12-07 01:07:07 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

- 2006-10-23 15:19:17 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

+ 2007-12-07 01:07:08 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

- 2006-10-23 15:19:17 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2007-12-07 01:07:08 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2006-10-23 15:19:17 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2007-12-07 01:07:08 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2006-10-23 15:19:17 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2007-12-07 01:07:08 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2006-10-23 11:00:41 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2007-12-06 13:07:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

- 2006-10-23 15:19:17 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2007-12-07 01:07:08 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2006-10-23 15:19:17 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2007-12-07 01:07:08 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

- 2006-05-18 05:36:07 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-11-14 07:28:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

- 2006-10-23 15:19:17 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2007-12-07 01:07:08 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2006-10-23 15:19:18 3,076,096 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2007-12-07 14:37:10 3,080,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2006-10-23 15:19:18 448,512 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2007-12-07 01:07:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2006-10-23 15:19:18 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2007-12-07 01:07:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2006-10-23 15:19:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2007-12-07 01:07:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2006-10-23 15:19:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2007-12-07 01:07:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2006-10-23 15:19:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2007-12-07 01:07:11 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2006-10-23 15:19:19 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2007-12-07 01:07:11 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

- 2006-10-23 15:19:19 614,912 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-12-07 01:07:12 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2006-12-19 18:09:31 852,480 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2007-06-26 13:57:02 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll

- 2006-10-23 15:19:19 660,992 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2007-12-07 01:07:12 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-10-23 15:19:17 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2007-12-07 01:07:08 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2006-10-23 15:19:17 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2007-12-07 01:07:08 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2006-10-23 15:19:17 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2007-12-07 01:07:08 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2006-10-23 15:19:17 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2007-12-07 01:07:08 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2006-10-23 15:19:17 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2007-12-07 01:07:08 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

- 2006-05-18 05:36:07 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-11-14 07:28:29 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

- 2006-10-23 15:19:17 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-12-07 01:07:08 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2006-10-23 15:19:18 3,076,096 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2007-12-07 14:37:10 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2006-10-23 15:19:18 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2007-12-07 01:07:10 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2006-10-23 15:19:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2007-12-07 01:07:10 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2006-10-23 15:19:19 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2007-12-07 01:07:10 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2006-10-23 15:19:19 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2007-12-07 01:07:10 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2006-10-23 15:19:19 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2007-12-07 01:07:11 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2006-10-23 15:19:19 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2007-12-07 01:07:11 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2006-10-23 15:19:19 614,912 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2007-12-07 01:07:12 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2006-10-23 15:19:19 660,992 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-12-07 01:07:12 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

- 2007-10-29 18:35:06 119,296 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-12-06 23:40:16 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [ ]

"CoolSMS"="C:\Arquivos de programas\CoolSMS\CoolSMS.exe" [2007-08-28 15:01 1067520]

"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-07-12 08:35 77824 C:\WINDOWS\SOUNDMAN.EXE]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [ ]

"wmp"="" []

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Discador iG"="C:\Arquivos de programas\iGAditivado\Discador iG.exe" [ ]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-02-22 23:40 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\Diego\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-02-09 15:36:49 619048]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R1 crlscsi;crlscsi;C:\WINDOWS\system32\drivers\crlscsi.sys [1995-11-07 05:57]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 22:00:41

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-24 22:01:11

ComboFix-quarantined-files.txt 2008-03-25 01:01:08

ComboFix2.txt 2008-03-23 14:06:29

.

2008-03-23 14:46:30 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

O link do FixWareOut

não conseguindo baixar, se houver outro link por favor manda ai .

Compartilhar este post


Link para o post
Compartilhar em outros sites

Username "Diego" - 26/03/2008 12:16:14 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.114.88 85.255.112.72" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8724C90B-2C0B-4CEF-89D9-82E54799EB11}

"DhcpNameServer"="85.255.114.88,85.255.112.72" <Value cleared.

Liberação do cache do DNS Resolver bem-sucedida.

System was rebooted successfully.

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"SoundMan"="SOUNDMAN.EXE"

"ISUSPM Startup"="C:\\ARQUIV~1\\ARQUIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Arquivos de programas\\Arquivos comuns\\InstallShield\\UpdateService\\issch.exe\" -start"

"wmp"=""

"NWEReboot"=""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"Discador iG"="\"C:\\Arquivos de programas\\iGAditivado\\Discador iG.exe\" boot"

"Lexmark 1200 Series"="\"C:\\Arquivos de programas\\Lexmark 1200 Series\\lxczbmgr.exe\""

"TkBellExe"="\"C:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe\" -osboot"

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\jusched.exe\""

"Adobe Reader Speed Launcher"="\"C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"AVP"="\"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"ares"="\"C:\\Arquivos de programas\\Ares\\Ares.exe\" -h"

"CoolSMS"="C:\\Arquivos de programas\\CoolSMS\\CoolSMS.exe /minimized"

"AntiSpywareShield"="C:\\Program Files\\AntiSpywareShield\\AntiSpywareShield.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 19:20:35, on 28/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Diego\Configurações locais\Temporary Internet Files\Content.IE5\5E3IFOSR\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGAditivado\Discador iG.exe" boot

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.ww2.supertraffic.info

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4BE39F9-3EC9-4FE2-8275-4FD4C72F3589}: NameServer = 201.10.128.2,201.10.120.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu pela ajuda muito obrigado...

Vou seguir as imformações do artigo q você indicou...muito obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×