Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Filha_da_Luz

Analise de Log Hijackthis

Recommended Posts

Olá... para desencargo de consciencia... ai vai um log para saber se ta td certinho por aqui...

^_^

Logfile of HijackThis v1.99.1

Scan saved at 21:00:49, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\SYSTEM32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

C:\avast\Nova pasta\aswUpdSv.exe

C:\avast\Nova pasta\ashServ.exe

E:\WINDOWS\system32\VTTimer.exe

E:\WINDOWS\system32\VTtrayp.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\avast\NOVAPA~1\ashDisp.exe

E:\WINDOWS\vsnpstd.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

E:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

E:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

E:\WINDOWS\system32\svchost.exe

C:\avast\Nova pasta\ashWebSv.exe

E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\acrobat reader\Reader\AcroRd32.exe

E:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\acrobat reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Component Manager] "E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [RemoteControl] "E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [winrocker] syms32.exe

O4 - HKLM\..\Run: [nod32kui] "C:\antivirus\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [avast!] C:\avast\NOVAPA~1\ashDisp.exe

O4 - HKLM\..\Run: [snpstd] E:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "E:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\RunServices: [winrocker] syms32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [winrocker] syms32.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = E:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\acrobat reader\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189218357765

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/popcap/chainz2/mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51FBAB01-078C-4149-B225-720E95F4C4C1}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\avast\Nova pasta\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\avast\Nova pasta\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\Nova pasta\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\Nova pasta\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\nero premiun\instalado\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\antivirus\nod32krn.exe (file missing)

Obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá...

    fiz o download do Combofix... mas ao tentar executar aparece essa mensagem de erro... o q é ???

    post-25105-1388494666663_thumb.jpg

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Agora deu certo... :lol:

    ComboFix 08-04-10.4 - FerNanda 2008-04-10 20:40:04.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.619 [GMT -3:00]

    Executando de: E:\Documents and Settings\FerNanda\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    E:\WINDOWS\msettings.ini

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))

    .

    2008-04-02 20:49 . 2008-03-29 15:31 75,856 --a------ E:\WINDOWS\system32\drivers\aswSP.sys

    2008-04-02 20:49 . 2008-03-29 15:35 20,560 --a------ E:\WINDOWS\system32\drivers\aswFsBlk.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-10 23:36 --------- d-----w E:\Documents and Settings\FerNanda\Dados de aplicativos\Leading

    2008-03-29 18:45 1,146,232 ----a-w E:\WINDOWS\system32\aswBoot.exe

    2008-03-29 18:35 94,544 ----a-w E:\WINDOWS\system32\drivers\aswmon2.sys

    2008-03-29 18:29 23,152 ----a-w E:\WINDOWS\system32\drivers\aswRdr.sys

    2008-03-29 18:27 42,912 ----a-w E:\WINDOWS\system32\drivers\aswTdi.sys

    2008-03-29 18:26 26,944 ----a-w E:\WINDOWS\system32\drivers\aavmker4.sys

    2008-03-29 18:23 95,608 ----a-w E:\WINDOWS\system32\AvastSS.scr

    2008-03-28 00:38 --------- d-----w E:\Documents and Settings\FerNanda\Dados de aplicativos\LimeWire

    2008-03-02 19:11 --------- d-----w E:\Arquivos de programas\Turbo

    2007-06-03 16:44 930 ----a-w E:\Documents and Settings\FerNanda\gamedata.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "winrocker"="syms32.exe" []

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 E:\WINDOWS\system32\VTTimer.exe]

    "VTTrayp"="VTtrayp.exe" [2005-10-31 17:15 163840 E:\WINDOWS\system32\VTTrayp.exe]

    "SoundMan"="SOUNDMAN.EXE" [2006-08-02 18:12 577536 E:\WINDOWS\soundman.exe]

    "GrooveMonitor"="E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "HP Component Manager"="E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]

    "HP Software Update"="E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 14:55 49152]

    "RemoteControl"="E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]

    "LanguageShortcut"="E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

    "winrocker"="syms32.exe" []

    "nod32kui"="C:\antivirus\nod32kui.exe" [ ]

    "avast!"="C:\avast\NOVAPA~1\ashDisp.exe" [2008-03-29 15:37 79224]

    "snpstd"="E:\WINDOWS\vsnpstd.exe" [2003-12-31 01:39 40960]

    "Sony Ericsson PC Suite"="E:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

    "UserFaultCheck"="E:\WINDOWS\system32\dumprep 0 -u" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    "winrocker"="syms32.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    "Picasa Media Detector"="C:\picasa\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968]

    E:\Documents and Settings\FerNanda\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - E:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\LimeWire\\LimeWire.exe"=

    "E:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3525:UDP"= 3525:UDP:Windows Media Format SDK (iexplore.exe)

    "3524:UDP"= 3524:UDP:Windows Media Format SDK (iexplore.exe)

    R0 videX32;videX32;E:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

    R0 xfilt;VIA SATA IDE Hot-plug Driver;E:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

    R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

    R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);E:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

    S3 w200bus;Sony Ericsson W200 driver (WDM);E:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]

    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]

    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]

    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]

    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

    S3 WRSWanDD;WinPoET PPPoE Adapter;E:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 18:42]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-01-20 02:00:00 E:\WINDOWS\Tasks\At1.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-05 12:00:00 E:\WINDOWS\Tasks\At10.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-05 13:00:00 E:\WINDOWS\Tasks\At11.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 14:00:00 E:\WINDOWS\Tasks\At12.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 15:00:00 E:\WINDOWS\Tasks\At13.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 16:00:00 E:\WINDOWS\Tasks\At14.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-05 17:00:00 E:\WINDOWS\Tasks\At15.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 18:00:00 E:\WINDOWS\Tasks\At16.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 19:00:00 E:\WINDOWS\Tasks\At17.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 20:00:00 E:\WINDOWS\Tasks\At18.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 21:00:00 E:\WINDOWS\Tasks\At19.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-01-01 03:00:00 E:\WINDOWS\Tasks\At2.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 22:00:00 E:\WINDOWS\Tasks\At20.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 23:00:00 E:\WINDOWS\Tasks\At21.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-10 00:00:00 E:\WINDOWS\Tasks\At22.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-08 01:00:00 E:\WINDOWS\Tasks\At23.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-03-14 02:00:00 E:\WINDOWS\Tasks\At24.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-01-20 02:00:00 E:\WINDOWS\Tasks\At25.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-01-01 03:00:00 E:\WINDOWS\Tasks\At26.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-01-01 04:00:00 E:\WINDOWS\Tasks\At27.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-08-09 00:02:20 E:\WINDOWS\Tasks\At28.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-08-09 00:02:20 E:\WINDOWS\Tasks\At29.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-01-01 04:00:00 E:\WINDOWS\Tasks\At3.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2007-08-09 00:02:20 E:\WINDOWS\Tasks\At30.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-08-09 00:02:20 E:\WINDOWS\Tasks\At31.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-08-09 00:02:20 E:\WINDOWS\Tasks\At32.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-12-01 10:00:00 E:\WINDOWS\Tasks\At33.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-05 12:00:00 E:\WINDOWS\Tasks\At34.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-05 13:00:00 E:\WINDOWS\Tasks\At35.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 14:00:00 E:\WINDOWS\Tasks\At36.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 15:00:00 E:\WINDOWS\Tasks\At37.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 16:00:00 E:\WINDOWS\Tasks\At38.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-05 17:00:00 E:\WINDOWS\Tasks\At39.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-07-05 00:39:54 E:\WINDOWS\Tasks\At4.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2008-04-06 18:00:00 E:\WINDOWS\Tasks\At40.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 19:00:00 E:\WINDOWS\Tasks\At41.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 20:00:00 E:\WINDOWS\Tasks\At42.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 21:00:00 E:\WINDOWS\Tasks\At43.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 22:00:00 E:\WINDOWS\Tasks\At44.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-06 23:00:00 E:\WINDOWS\Tasks\At45.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-10 00:00:00 E:\WINDOWS\Tasks\At46.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-04-08 01:00:00 E:\WINDOWS\Tasks\At47.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2008-03-14 02:00:00 E:\WINDOWS\Tasks\At48.job"

    - E:\WINDOWS\system32\A2E8stoX.exe

    "2007-07-05 00:39:54 E:\WINDOWS\Tasks\At5.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2007-07-05 00:39:54 E:\WINDOWS\Tasks\At6.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2007-07-05 00:39:54 E:\WINDOWS\Tasks\At7.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2007-07-05 00:39:54 E:\WINDOWS\Tasks\At8.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    "2007-12-01 10:00:00 E:\WINDOWS\Tasks\At9.job"

    - E:\WINDOWS\system32\540ac1Oe.exe

    .

    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-10 20:41:12

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

    "ImagePath"="\??\E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

    .

    Tempo para conclusão: 2008-04-10 20:41:36

    ComboFix-quarantined-files.txt 2008-04-10 23:41:32

    Pre-Run: 17,237,839,872 bytes disponíveis

    Post-Run: 17,229,086,720 bytes disponíveis

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o Painel de Controle > Tarefas agendadas e exclua todas as tarefas;

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "winrocker"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "winrocker"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "winrocker"=-

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    Clique em Executar, digite "1" e pressione "Enter" quando solicitado para iniciar o processo de remoção;

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá... ai vai os logs

    ComboFix 08-04-10.4 - FerNanda 2008-04-11 20:45:31.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.611 [GMT -3:00]

    Executando de: E:\Documents and Settings\FerNanda\Desktop\ComboFix.exe

    Command switches used :: E:\Documents and Settings\FerNanda\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))

    .

    2008-04-10 20:52 . 2008-04-10 20:58 <DIR> d-------- E:\Arquivos de programas\Turbo

    2008-04-02 20:49 . 2008-03-29 15:31 75,856 --a------ E:\WINDOWS\system32\drivers\aswSP.sys

    2008-04-02 20:49 . 2008-03-29 15:35 20,560 --a------ E:\WINDOWS\system32\drivers\aswFsBlk.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-11 23:40 --------- d-----w E:\Documents and Settings\FerNanda\Dados de aplicativos\Leading

    2008-03-29 18:45 1,146,232 ----a-w E:\WINDOWS\system32\aswBoot.exe

    2008-03-29 18:35 94,544 ----a-w E:\WINDOWS\system32\drivers\aswmon2.sys

    2008-03-29 18:29 23,152 ----a-w E:\WINDOWS\system32\drivers\aswRdr.sys

    2008-03-29 18:27 42,912 ----a-w E:\WINDOWS\system32\drivers\aswTdi.sys

    2008-03-29 18:26 26,944 ----a-w E:\WINDOWS\system32\drivers\aavmker4.sys

    2008-03-29 18:23 95,608 ----a-w E:\WINDOWS\system32\AvastSS.scr

    2008-03-28 00:38 --------- d-----w E:\Documents and Settings\FerNanda\Dados de aplicativos\LimeWire

    2007-06-03 16:44 930 ----a-w E:\Documents and Settings\FerNanda\gamedata.dat

    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-10_20.41.22,35 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-04-10 23:26:47 16,384 ----atw E:\WINDOWS\temp\Perflib_Perfdata_584.dat

    + 2008-04-11 23:40:24 16,384 ----atw E:\WINDOWS\temp\Perflib_Perfdata_584.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 E:\WINDOWS\system32\VTTimer.exe]

    "VTTrayp"="VTtrayp.exe" [2005-10-31 17:15 163840 E:\WINDOWS\system32\VTTrayp.exe]

    "SoundMan"="SOUNDMAN.EXE" [2006-08-02 18:12 577536 E:\WINDOWS\soundman.exe]

    "GrooveMonitor"="E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "HP Component Manager"="E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]

    "HP Software Update"="E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 14:55 49152]

    "RemoteControl"="E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]

    "LanguageShortcut"="E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

    "nod32kui"="C:\antivirus\nod32kui.exe" [ ]

    "avast!"="C:\avast\NOVAPA~1\ashDisp.exe" [2008-03-29 15:37 79224]

    "snpstd"="E:\WINDOWS\vsnpstd.exe" [2003-12-31 01:39 40960]

    "Sony Ericsson PC Suite"="E:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    "Picasa Media Detector"="C:\picasa\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968]

    E:\Documents and Settings\FerNanda\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - E:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\LimeWire\\LimeWire.exe"=

    "E:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3525:UDP"= 3525:UDP:Windows Media Format SDK (iexplore.exe)

    "3524:UDP"= 3524:UDP:Windows Media Format SDK (iexplore.exe)

    R0 videX32;videX32;E:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

    R0 xfilt;VIA SATA IDE Hot-plug Driver;E:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

    R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

    R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);E:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

    S3 w200bus;Sony Ericsson W200 driver (WDM);E:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]

    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]

    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]

    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]

    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

    S3 WRSWanDD;WinPoET PPPoE Adapter;E:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 18:42]

    .

    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-11 20:46:39

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

    "ImagePath"="\??\E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

    .

    Tempo para conclusão: 2008-04-11 20:47:03

    ComboFix-quarantined-files.txt 2008-04-11 23:46:58

    ComboFix2.txt 2008-04-10 23:41:37

    Pre-Run: 17,350,762,496 bytes disponíveis

    Post-Run: 17,342,959,616 bytes disponíveis

    Logfile of HijackThis v1.99.1

    Scan saved at 20:50:13, on 11/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    E:\WINDOWS\System32\smss.exe

    E:\WINDOWS\system32\winlogon.exe

    E:\WINDOWS\system32\services.exe

    E:\WINDOWS\system32\lsass.exe

    E:\WINDOWS\system32\svchost.exe

    E:\WINDOWS\System32\svchost.exe

    C:\avast\Nova pasta\aswUpdSv.exe

    C:\avast\Nova pasta\ashServ.exe

    E:\WINDOWS\system32\VTTimer.exe

    E:\WINDOWS\system32\VTtrayp.exe

    E:\WINDOWS\SOUNDMAN.EXE

    E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\avast\NOVAPA~1\ashDisp.exe

    E:\WINDOWS\vsnpstd.exe

    E:\WINDOWS\system32\ctfmon.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    E:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

    E:\WINDOWS\system32\spoolsv.exe

    E:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

    E:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

    E:\WINDOWS\system32\svchost.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    E:\WINDOWS\system32\wscntfy.exe

    E:\WINDOWS\System32\svchost.exe

    E:\WINDOWS\explorer.exe

    E:\WINDOWS\system32\NOTEPAD.EXE

    C:\avast\Nova pasta\ashWebSv.exe

    E:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\acrobat reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HP Software Update] "E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [RemoteControl] "E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [nod32kui] "C:\antivirus\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [avast!] C:\avast\NOVAPA~1\ashDisp.exe

    O4 - HKLM\..\Run: [snpstd] E:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [sony Ericsson PC Suite] "E:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = E:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\acrobat reader\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189218357765

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/popcap/chainz2/mjolauncher.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{51FBAB01-078C-4149-B225-720E95F4C4C1}: NameServer = 201.10.120.2 201.10.128.3

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\avast\Nova pasta\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\avast\Nova pasta\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\Nova pasta\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\Nova pasta\ashWebSv.exe" /service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NBService - Nero AG - C:\nero premiun\instalado\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\antivirus\nod32krn.exe (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

    - Desinstale um dos antivírus;

    - Atualize o Internet Explorer:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá...

    você disse pra desinstalar um dos antivirus, mas faz tempo q desinstalei o Nod32... não sei porque ta aparecendo ainda... não encontrei nada dele... e agora como faço ??!!

    Obrigada

    ;)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

    O4 - HKLM\..\Run: [nod32kui] "C:\antivirus\nod32kui.exe" /WAITSERVICE

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - Digite no Executar services.msc, localize o serviço NOD32 Kernel Service, dê um duplo clique e em "Tipo de inicialização" selecione Desativado. Clique também em Parar;

    - Poste novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá... ai vai o log

    Logfile of HijackThis v1.99.1

    Scan saved at 20:42:58, on 14/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    E:\WINDOWS\System32\smss.exe

    E:\WINDOWS\system32\winlogon.exe

    E:\WINDOWS\system32\services.exe

    E:\WINDOWS\system32\lsass.exe

    E:\WINDOWS\system32\svchost.exe

    E:\WINDOWS\System32\svchost.exe

    C:\avast\Nova pasta\aswUpdSv.exe

    E:\WINDOWS\Explorer.EXE

    C:\avast\Nova pasta\ashServ.exe

    E:\WINDOWS\system32\VTTimer.exe

    E:\WINDOWS\system32\VTtrayp.exe

    E:\WINDOWS\SOUNDMAN.EXE

    E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\avast\NOVAPA~1\ashDisp.exe

    E:\WINDOWS\vsnpstd.exe

    E:\WINDOWS\system32\ctfmon.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    E:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

    E:\WINDOWS\system32\spoolsv.exe

    E:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

    E:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

    E:\WINDOWS\system32\svchost.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    C:\avast\Nova pasta\ashWebSv.exe

    E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    E:\WINDOWS\system32\wscntfy.exe

    E:\WINDOWS\System32\svchost.exe

    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\acrobat reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HP Software Update] "E:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [RemoteControl] "E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LanguageShortcut] "E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [avast!] C:\avast\NOVAPA~1\ashDisp.exe

    O4 - HKLM\..\Run: [snpstd] E:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [sony Ericsson PC Suite] "E:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = E:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\acrobat reader\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189218357765

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/popcap/chainz2/mjolauncher.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{51FBAB01-078C-4149-B225-720E95F4C4C1}: NameServer = 201.10.120.2 201.10.128.3

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\avast\Nova pasta\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\avast\Nova pasta\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\Nova pasta\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\Nova pasta\ashWebSv.exe" /service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NBService - Nero AG - C:\nero premiun\instalado\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×