Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Lucas Medalha

análise de log e problema com ckvo.exe

Recommended Posts

olá meus caros

estou com problemas,

1º - disconfio q meu log esteja "sujo", verifiquem por fazor.

2º - hoje no meu pc, o Spyware Terminator começou a informar o tempo todo sobre o bloqueio d "prosessos"(nao sei o q sao na verdade), do tipo "ckvo.exe", "ckvo0.dll".

3º - meu pc esta um pouco lerdo ultimamente, notei no gerenciador de tarefas do windows, na aba prosessos, q existe varios "svchost.exe", gostaria d esclarecimentos e c tem como me ajudar deletalos ou desinstalalos pois peskisei no forun e os jeitos q encontrei nao resolveram.

agradeço deis d já

muito obrigado, aguardo respostas,

obs: windows update esta atualizado e o Spayware tambem

aqui vai meu log, iniciei o pc com todos os itens do msconfig selecionados

Logfile of HijackThis v1.99.1

Scan saved at 01:50:22, on 26/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\ARQUIV~1\INTERN~2\KBOSDCtl.EXE

C:\ARQUIV~1\INTERN~2\KCodeMsg.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sXe Injected] C:\Arquivos de programas\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_23.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://200.212.184.212/g_bin/eng/darts_2_0_0_40.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_50.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B8DC63A3-2725-4853-A5D5-88C895FB3F6C}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Editado por Lucas Medalha
obs: windows update esta atualizado e o Spayware tambem

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale o Console de Recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o computador pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu sistema. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware devidamente treinados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segui os procedimentos, aqui vai o log do ComboFix e apos, o log do Hijackthis

obs: prescisei desinstalar u SP3, mais n sei c deu certo, e, no primero log, eu só tinha feito com os itens do iniciar do msconfig, agora fiz com todos os serviços também

menos o Spyware Terminator

brigado, aqui vai

ComboFix

ComboFix 08-09-27.01 - Joao 2008-09-27 17:58:28.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.665 [GMT -3:00]

Executando de: C:\Documents and Settings\Joao\Desktop\ComboFix.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))))

.

2008-09-26 01:47 . 2008-09-27 17:53 <DIR> d-------- C:\HijackThis

2008-09-25 13:58 . 2008-09-25 14:03 <DIR> d--hs---- C:\Documents and Settings\Joao\Phone Browser

2008-09-24 15:27 . 2008-09-25 13:37 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Nokia

2008-09-24 15:27 . 2008-09-24 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-09-24 15:27 . 2008-09-26 01:01 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-09-24 15:26 . 2008-09-24 15:29 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\PC Suite

2008-09-24 15:25 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-09-24 15:24 . 2008-09-24 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-09-24 00:36 . 2008-09-24 00:36 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Windows Search

2008-09-22 18:13 . 2008-09-22 18:13 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Windows Desktop Search

2008-09-22 18:12 . 2008-09-22 18:12 <DIR> d-------- C:\Arquivos de programas\Windows Desktop Search

2008-09-22 18:12 . 2008-03-07 14:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-09-22 18:12 . 2008-03-07 14:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-09-22 18:12 . 2008-03-07 14:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll

2008-09-22 18:10 . 2008-09-22 18:10 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-09-22 14:04 . 2008-09-22 14:04 <DIR> d-------- C:\WINDOWS\SoftwareDistribution.old

2008-09-22 13:11 . 2008-09-22 13:11 <DIR> d-------- C:\3c2de5b4dea45e28440b9832c8

2008-09-22 04:45 . 2008-09-22 04:47 <DIR> d-------- C:\!KillBox

2008-09-22 02:39 . 2008-09-22 15:02 <DIR> d-------- C:\Arquivos de programas\EsetOnlineScanner

2008-09-20 01:01 . 2008-09-20 01:01 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-09-16 15:13 . 2008-09-16 15:13 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Media Player Classic

2008-09-12 13:16 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-12 13:16 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-12 13:16 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-12 13:16 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-12 13:16 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-12 13:16 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-12 13:16 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-11 15:16 . 2008-09-11 15:16 <DIR> d-------- C:\Inetpub

2008-09-11 13:33 . 2008-09-11 13:33 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-11 13:33 . 2008-09-11 13:33 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-11 13:30 . 2008-09-11 13:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-07 21:36 . 2008-04-13 13:45 453,992 --------- C:\Documents and Settings\Joao\pjykmf.exe

2008-09-07 21:34 . 2008-09-07 21:34 0 -rahs---- C:\khq

2008-09-07 21:33 . 2008-04-13 13:45 453,992 -rahs---- C:\pjykmf.exe

2008-09-07 12:25 . 2008-09-07 12:25 <DIR> d-------- C:\Nexon

2008-09-07 12:25 . 2008-09-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-09-01 20:22 . 2008-09-01 20:22 0 -rahs---- C:\khn

2008-08-29 15:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-29 15:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-08-29 15:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2008-08-29 15:52 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-08-27 15:02 . 2008-08-27 15:02 0 -rahs---- C:\khp

2008-08-27 15:01 . 2004-08-04 15:29 823,727 -rahs---- C:\xeihci.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-27 20:19 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-09-27 20:02 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-09-27 03:25 --------- d-----w C:\Arquivos de programas\Valve

2008-09-27 03:25 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-09-26 03:35 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Spyware Terminator

2008-09-22 06:31 2,222 ----a-w C:\WINDOWS\system32\tmp.reg

2008-09-20 07:32 --------- d-----w C:\Arquivos de programas\Java

2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\LimeWire

2008-09-20 07:02 --------- d-----w C:\Arquivos de programas\VIA

2008-09-20 06:30 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\ADPHONE

2008-09-20 05:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-20 04:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-19 15:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe

2008-09-19 15:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe

2008-09-16 19:57 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-16 19:57 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-09-16 17:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-09-16 16:05 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Skype

2008-09-12 16:13 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-09-11 17:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-09-09 02:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-09-07 08:26 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-09-02 19:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe

2008-09-01 21:14 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Shareaza

2008-08-27 06:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-08-27 06:28 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-08-18 15:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe

2008-07-30 01:55 --------- d-----w C:\Arquivos de programas\Google

2008-07-27 08:18 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2006-11-20 06:49 88,576,901 ----a-w C:\Arquivos de programas\Arquivos comuns\Symantec Shared.zip

2006-11-10 20:33 56 --sh--r C:\WINDOWS\system32\9B2ACA6055.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-04 282624]

"MediaKey"="C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE" [2000-07-31 73728]

"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"mixer"= DrvTrNTm.dll

"wave"= DrvTrNTm.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^SnagIt 7.lnk]

backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a------ 2008-05-22 19:29 1817600 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-09-16 03:01 1208320 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WmdmPmSN"=3 (0x3)

"usprserv"=3 (0x3)

"upnphost"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"SCardSvr"=3 (0x3)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasAuto"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"ImapiService"=3 (0x3)

"HTTPFilter"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"dmadmin"=3 (0x3)

"SAVScan"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\Team17\\Worms Armaggedon\\WA.exe"=

"C:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Nexon\\Combat Arms\\NMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-22 141312]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-09-16 46464]

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e0dc9e2-6dc8-11db-ba1a-0015f22dd339}]

\Shell\AutoRun\command - 1wod1.com

\Shell\explore\Command - 1wod1.com

\Shell\open\Command - 1wod1.com

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://200.212.184.212/g_bin/eng/navy_2_0_0_23.cab

C:\WINDOWS\Downloaded Program Files\Navy.inf

C:\WINDOWS\Downloaded Program Files\Navy.dll

O16 -: {AC120B1D-9411-4111-AF52-118052D85D45} - hxxp://200.212.184.212/g_bin/eng/darts_2_0_0_40.cab

C:\WINDOWS\Downloaded Program Files\darts.inf

C:\WINDOWS\Downloaded Program Files\darts.dll

O16 -: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://200.212.184.212/g_bin/eng/words_2_0_0_50.cab

C:\WINDOWS\Downloaded Program Files\words.inf

C:\WINDOWS\Downloaded Program Files\words.dll

.

.

------- File Associations -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-27 18:01:50

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-27 18:08:13

ComboFix-quarantined-files.txt 2008-09-27 21:07:40

ComboFix2.txt 2008-09-27 20:52:08

Pre-Run: 22 pasta(s) 49.138.413.568 bytes disponíveis

Post-Run: 25 pasta(s) 49,125,629,952 bytes disponíveis

236 --- E O F --- 2008-09-27 20:25:18

Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 18:09:11, on 27/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\INTERN~2\KBOSDCtl.EXE

C:\ARQUIV~1\INTERN~2\KCodeMsg.EXE

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_23.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://200.212.184.212/g_bin/eng/darts_2_0_0_40.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_50.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
obs: prescisei desinstalar u SP3,

Por qual motivo?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Por qual motivo?

Na ora d instalar o Console de Recuperação do Windows, só tinha a versao com SP2, tentei primero instala e n deu, sei lá porque, mais c for o caso eu reinstalo o sp3 agora, achei q não tinha problema, =/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
C:\WINDOWS\Downloaded Program Files\Navy.inf
C:\WINDOWS\Downloaded Program Files\Navy.dll
C:\WINDOWS\Downloaded Program Files\darts.inf
C:\WINDOWS\Downloaded Program Files\darts.dll
C:\WINDOWS\Downloaded Program Files\words.inf
C:\WINDOWS\Downloaded Program Files\words.dll

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e0dc9e2-6dc8-11db-ba1a-0015f22dd339}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

você mencionou postar arquivo C:\ComboFix.txt, mais nao sei como faz isso, então vou só colar o conteudo aqui

ahh, e sobre u SP3, não consegui mais instala-lo =/

pronto, aqui vai

log ComboFix

ComboFix 08-09-27.01 - Joao 2008-09-29 2:04:23.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.668 [GMT -3:00]

Executando de: C:\Documents and Settings\Joao\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Joao\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\WINDOWS\Downloaded Program Files\darts.dll

C:\WINDOWS\Downloaded Program Files\darts.inf

C:\WINDOWS\Downloaded Program Files\Navy.dll

C:\WINDOWS\Downloaded Program Files\Navy.inf

C:\WINDOWS\Downloaded Program Files\words.dll

C:\WINDOWS\Downloaded Program Files\words.inf

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\darts.dll

C:\WINDOWS\Downloaded Program Files\darts.inf

C:\WINDOWS\Downloaded Program Files\Navy.dll

C:\WINDOWS\Downloaded Program Files\Navy.inf

C:\WINDOWS\Downloaded Program Files\words.dll

C:\WINDOWS\Downloaded Program Files\words.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))))

.

2008-09-29 00:23 . 2008-09-29 00:23 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-09-29 00:23 . 2008-09-29 00:23 <DIR> d-------- C:\WINDOWS\Profiles

2008-09-29 00:23 . 2008-09-29 00:23 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\InterTrust

2008-09-28 15:27 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-09-28 15:26 . 2008-09-28 15:26 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-09-26 01:47 . 2008-09-27 18:09 <DIR> d-------- C:\HijackThis

2008-09-25 13:58 . 2008-09-25 14:03 <DIR> d--hs---- C:\Documents and Settings\Joao\Phone Browser

2008-09-24 15:27 . 2008-09-25 13:37 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Nokia

2008-09-24 15:27 . 2008-09-24 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-09-24 15:27 . 2008-09-26 01:01 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-09-24 15:26 . 2008-09-24 15:29 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\PC Suite

2008-09-24 15:25 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-09-24 15:24 . 2008-09-24 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-09-24 00:36 . 2008-09-24 00:36 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Windows Search

2008-09-22 18:13 . 2008-09-22 18:13 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Windows Desktop Search

2008-09-22 18:12 . 2008-09-22 18:12 <DIR> d-------- C:\Arquivos de programas\Windows Desktop Search

2008-09-22 18:12 . 2008-03-07 14:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-09-22 18:12 . 2008-03-07 14:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-09-22 18:12 . 2008-03-07 14:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll

2008-09-22 18:10 . 2008-09-22 18:10 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-09-22 14:04 . 2008-09-22 14:04 <DIR> d-------- C:\WINDOWS\SoftwareDistribution.old

2008-09-22 13:11 . 2008-09-22 13:11 <DIR> d-------- C:\3c2de5b4dea45e28440b9832c8

2008-09-22 04:45 . 2008-09-22 04:47 <DIR> d-------- C:\!KillBox

2008-09-22 03:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-09-22 03:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-09-22 03:26 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-09-22 03:26 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-09-22 03:26 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe

2008-09-22 03:26 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-09-22 03:26 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe

2008-09-22 03:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-09-22 03:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-09-22 03:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-09-22 02:39 . 2008-09-22 15:02 <DIR> d-------- C:\Arquivos de programas\EsetOnlineScanner

2008-09-20 01:01 . 2008-09-20 01:01 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-09-16 15:13 . 2008-09-16 15:13 <DIR> d-------- C:\Documents and Settings\Joao\Dados de aplicativos\Media Player Classic

2008-09-12 13:16 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-12 13:16 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-12 13:16 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-12 13:16 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-12 13:16 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-12 13:16 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-12 13:16 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-11 15:16 . 2008-09-11 15:16 <DIR> d-------- C:\Inetpub

2008-09-11 13:33 . 2008-09-11 13:33 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-11 13:33 . 2008-09-11 13:33 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-11 13:30 . 2008-09-11 13:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-07 21:34 . 2008-09-07 21:34 0 -rahs---- C:\khq

2008-09-07 12:25 . 2008-09-07 12:25 <DIR> d-------- C:\Nexon

2008-09-07 12:25 . 2008-09-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-09-01 20:22 . 2008-09-01 20:22 0 -rahs---- C:\khn

2008-08-29 15:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-29 15:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-08-29 15:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2008-08-29 15:52 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-29 03:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-29 02:16 --------- d-----w C:\Arquivos de programas\Valve

2008-09-29 02:15 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-09-29 02:11 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-09-28 19:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-09-28 19:12 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-09-28 19:00 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Spyware Terminator

2008-09-22 06:31 2,222 ----a-w C:\WINDOWS\system32\tmp.reg

2008-09-20 07:32 --------- d-----w C:\Arquivos de programas\Java

2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\LimeWire

2008-09-20 07:02 --------- d-----w C:\Arquivos de programas\VIA

2008-09-20 06:30 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\ADPHONE

2008-09-20 04:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-16 19:57 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-16 19:57 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-09-16 16:05 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Skype

2008-09-12 16:13 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-09-11 17:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-09-07 08:26 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-09-01 21:14 --------- d-----w C:\Documents and Settings\Joao\Dados de aplicativos\Shareaza

2008-08-27 06:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-08-27 06:28 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-07-30 01:55 --------- d-----w C:\Arquivos de programas\Google

2008-07-27 08:18 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2006-11-20 06:49 88,576,901 ----a-w C:\Arquivos de programas\Arquivos comuns\Symantec Shared.zip

2006-11-10 20:33 56 --sh--r C:\WINDOWS\system32\9B2ACA6055.sys

.

((((((((((((((((((((((((((((( snapshot@2008-09-27_17.50.44.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-08-01 17:57:24 181,248 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

+ 2008-09-28 20:14:39 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

- 1998-01-23 14:21:16 305,664 ----a-w C:\WINDOWS\IsUn0416.exe

+ 1998-11-13 14:18:04 308,224 ----a-w C:\WINDOWS\IsUn0416.exe

+ 2001-04-16 18:39:02 397,312 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\AceLite.dll

+ 2001-09-05 16:10:34 1,138,688 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\Agm.dll

+ 2001-04-16 18:39:02 147,456 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\Bib.dll

+ 2001-10-26 15:41:22 1,441,792 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\CoolType.dll

+ 2001-03-14 16:10:56 299,059 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll

+ 2001-03-14 16:14:00 491,574 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGControl.dll

+ 2001-05-01 11:30:22 12,288 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGRSRC.DLL

+ 2001-03-14 16:07:52 1,597,491 ----a-w C:\WINDOWS\system32\Adobe\SVG Viewer\SVGView.dll

+ 2006-10-14 19:43:18 27,648 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll

+ 2006-10-14 19:44:44 671,744 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe

+ 2006-10-14 23:21:58 580,352 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll

+ 2006-10-14 23:22:00 1,698,048 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll

+ 2006-10-14 19:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll

+ 2001-08-17 20:13:08 27,165 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\fetnd5.sys

+ 2006-08-24 19:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll

+ 2006-10-14 19:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll

+ 2006-10-14 19:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll

+ 2006-10-14 23:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll

+ 2006-10-14 19:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2006-10-14 19:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

+ 2006-10-14 20:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2006-10-14 20:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2006-10-14 23:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll

+ 2006-10-14 20:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2006-10-14 23:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll

+ 2006-10-14 19:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2006-10-14 23:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll

+ 2006-10-14 19:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2006-10-14 23:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll

+ 2006-10-27 11:26:56 69,632 ----a-w C:\WINDOWS\system32\vuins32.dll

+ 2006-10-14 23:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll

+ 2006-10-14 23:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-04 282624]

"MediaKey"="C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE" [2000-07-31 73728]

"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"mixer"= DrvTrNTm.dll

"wave"= DrvTrNTm.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^SnagIt 7.lnk]

backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a------ 2008-05-22 19:29 1817600 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-09-16 03:01 1208320 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WmdmPmSN"=3 (0x3)

"usprserv"=3 (0x3)

"upnphost"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"SCardSvr"=3 (0x3)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasAuto"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"ImapiService"=3 (0x3)

"HTTPFilter"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"dmadmin"=3 (0x3)

"SAVScan"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\Team17\\Worms Armaggedon\\WA.exe"=

"C:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Nexon\\Combat Arms\\NMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-22 141312]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-29 02:07:31

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

C:\WINDOWS\TEMP\TMP00000036D8F7F112F2B97434

Varredura completada com sucesso

Ficheiros ocultos: 1

**************************************************************************

.

Tempo para conclusão: 2008-09-29 2:12:49

ComboFix-quarantined-files.txt 2008-09-29 05:12:36

ComboFix2.txt 2008-09-27 21:08:14

ComboFix3.txt 2008-09-27 20:52:08

Pre-Run: 22 pasta(s) 48.318.959.616 bytes disponíveis

Post-Run: 26 pasta(s) 48,324,411,392 bytes disponíveis

277 --- E O F --- 2008-09-28 18:01:31

log hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 02:13:58, on 29/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\INTERN~2\KBOSDCtl.EXE

C:\ARQUIV~1\INTERN~2\KCodeMsg.EXE

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_23.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://200.212.184.212/g_bin/eng/darts_2_0_0_40.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_50.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
ahh, e sobre u SP3, não consegui mais instala-lo =/[

Qual o problema?

Feche TODOS os programas abertos, principalmente o Internet Explorer e o Windows Explorer. Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked (Não se preocupe caso alguma não exista).

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_23.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://200.212.184.212/g_bin/eng/darts_2_0_0_40.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_50.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

Reinicie normalmente e poste um novo Log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

pois é velho, olha só qq acontece quando vou atualiza

http://img410.imageshack.us/my.php?image=novoaimagemdebitmap2sq1.jpg

nenhuma atualização ta dando, e nem aponta erro nem nada, só fala q nao deu pra instalar, mais o pc ta falando q tem u sp3 mesmo, a sei lá... q será q pode ser??? :(

aqui vai u log

Logfile of HijackThis v1.99.1

Scan saved at 01:36:53, on 1/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\INTERN~2\KBOSDCtl.EXE

C:\ARQUIV~1\INTERN~2\KCodeMsg.EXE

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\Arquivos de programas\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

viu... meu pc n ta apontando mais nd, nem lerdice nem nd, acho q ja dev t resolvido aquilo lá, só to en duvida agora do tal d "svchost.exe" q fica no gerenciador de tarefas, na aba processos, tem 6 lá, com o mesmo nome =/

t mais

Editado por Lucas Medalha
tinha feito o log sem todos os programas selecionados, e o antivirus tava aberto, trokei pelo log novo ja xD

Compartilhar este post


Link para o post
Compartilhar em outros sites

A imagem mostra que não foi instalado o SP3 do OFFICE, estou falando para você instalar o SP3 do WINDOWS.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Editado por RenatoMejias

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok, fiz tudin ja, e disistalei o combofix

mais tem uma coisa q to incucado ainda,

é sobre o processo svchost.exe, na aba processos do gerenciadror d tarefas

existem 6 deles lá, sab algum jeito d retirar eles d lá???

e outra, porque sera q n deu pra atualiza aqueles itens do windows update??

valeu a ajuda, até mais

o/

Compartilhar este post


Link para o post
Compartilhar em outros sites
é sobre o processo svchost.exe, na aba processos do gerenciadror d tarefas

existem 6 deles lá, sab algum jeito d retirar eles d lá???

Normal.

http://www.linhadefensiva.org/2005/03/svchost/

e outra, porque sera q n deu pra atualiza aqueles itens do windows update??

Faça o download diretamente do link:

http://baixaki.ig.com.br/download/windows-xp-service-pack-3.htm

Compartilhar este post


Link para o post
Compartilhar em outros sites

posso t enxe mais um pouco?? uahua

é q tipo, eu tava tentando faze u pc liga e ja conecta na internet sozinho, ai segui essa dica

Para quem NÃO usa o Agendador de Tarefas:

Nesse caso será necessário adicionar um serviço separado à lista de serviços do Windows que são executados automaticamente. Também é necessário que este novo serviço seja executado depois que o serviço Gerenciador de conexão de acesso remoto (RasMan) tenha sido carregado, pois dependemos dele para discar.

1) Para adicionar o serviço você usará o comando SC no Prompt de Comando com os seguintes parâmetros:

sc create AutoDial binpath= "rasphone -d ADSL" start= auto group= RemoteValidation depend= RasMan displayname= "Discador automático"

No lugar de ADSL você deve inserir o nome da conexão Dial-Up. O comando retornará uma mensagem comunicando sucesso na execução;

2) Agora abra o Console de Serviços a partir do painel de controle, procure pelo serviço Discador automático que você criou e abra suas propriedades;

3) Na guia Logon, mude para Fazer logon como Esta conta: e procure pela conta de usuário na qual a conexão está salva e digite a senha correspondente.

só q é u seguinte, me arrependi porque dps disso meu pc fiko lerdo d novo pra inicia....

essi comando ai crio um novo "iten" lá no inicar/executar/services.msc

tem como deleta aquele "item"???

desculpa tantas perguntas =/

abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, é possível, mas não sei que efeitos colaterais pode haver. Caso deseje fazer isso, faça o seguinte:

Iniciar > Executar:

sc stop AutoDial

sc delete AutoDial

Reinicie o computador, o serviço estará apagado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok ok, todos os problemas resolvidos

pode fecha u tópico =D

até mais

brigadão mesmo, abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×