Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
aliabrantes

Por favor analisem Log Hijackthis - Virus Autorun.inf - BLOQUEOU TUDO

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:49, on 2008-11-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\DOCUME~1\Alisson\CONFIG~1\Temp\iiby.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [YNTUMS_A.EXE] YNTUMS_A.EXE

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [krn] C:\WINDOWS\krn4.exe

O4 - HKLM\..\Run: [Wapp] C:\Arquivos de programas\Wapp.exe

O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25746.exe /c C:\ComboFix\Combobatch.bat

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7619 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok Lusitano, muito obrigado, segue novo log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:30, on 2008-11-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\DOCUME~1\Alisson\CONFIG~1\Temp\rrnjx.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\DOCUME~1\Alisson\CONFIG~1\Temp\winccmpo.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [YNTUMS_A.EXE] YNTUMS_A.EXE

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [krn] C:\WINDOWS\krn4.exe

O4 - HKLM\..\Run: [Wapp] C:\Arquivos de programas\Wapp.exe

O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25746.exe /c C:\ComboFix\Combobatch.bat

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7636 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

O seu log mostra que está infectado por um trojan banker. Este trojan é capaz de capturar senhas e as enviar para um cracker (hacker).

Recomendações:

  1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
  2. Use um PC limpo e seguro e troque todas as suas palavras-passe; palavras-chave (online passwords).
  3. Entre em contacto com as suas instituições financeiras (bancos, etc.) e informe-as desta sua situação.

Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:

O4 - HKLM\..\Run: [krn] C:\WINDOWS\krn4.exe

O4 - HKLM\..\Run: [Wapp] C:\Arquivos de programas\Wapp.exe

O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\krn4.exe
C:\Arquivos de programas\Wapp.exe
C:\WINDOWS\system32\imglog.exe
C:\Arquivos de programas\msn_livers.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\ckvo.exe
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do HijackThis

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Lusitano segue abaixo os novos logs do OTMoveIT e do Hijack, voce poderia por gentileza conferir? So tem um problema, o REGEDIT ainda nao funciona, o GERENCIADOR DE TAREFAS continua bloqueado e o AVG antivirus também está todo bloqueado. Obrigado mais uma vez, vocês sao realmente muito bons, fazendo esse trabalho e ainda sem cobrar nada. Tenha um ótimo fim de semana...

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\krn4.exe not found.

File/Folder C:\Arquivos de programas\Wapp.exe not found.

File/Folder C:\WINDOWS\system32\imglog.exe not found.

File/Folder C:\Arquivos de programas\msn_livers.exe not found.

File/Folder C:\WINDOWS\system32\kavo.exe not found.

File/Folder C:\WINDOWS\system32\tavo.exe not found.

C:\WINDOWS\system32\ckvo.exe moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_143442

***************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:51, on 2008-11-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [YNTUMS_A.EXE] YNTUMS_A.EXE

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25746.exe /c C:\ComboFix\Combobatch.bat

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7047 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download do FixPolicies

  • Duplo clique no arquivo FixPolicies e depois em Executar
  • Uma pasta com o nome FixPolicies será criada.
  • Dentro dessa pasta, dê duplo clique no arquivo FixPolicies.cmd
  • Terá um icone como este fixvd3.gif
  • Uma tela preta e aparecerá e desaparecerá, rapidamente. Isso é normal e ignore qualquer aviso de erro
  • Reinicie o computador e informe se o problema ainda persiste, conjuntamente com um novo log do hijackthis

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

Passei o FixPolicies mas nao funcionou, continua bloqueado REGEDIT, GERENCIADOR DE TAREFAS e AVG. A msg do AVG é "Appplication can not run due to an error while verifying its eletronic certificate".

Segue novo Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49, on 2008-11-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [YNTUMS_A.EXE] YNTUMS_A.EXE

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25746.exe /c C:\ComboFix\Combobatch.bat

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 6870 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1. Faça um backup ao registro.

  • Clique em Iniciar, depois em Executar e escreva: regedit e dê o OK.
  • Em cima à esquerda, clique em Meu Computador (fica selecionado com a côr azul).
  • Clique em Arquivo, depois em Exportar
  • Escolha "Salvar como"... Arquivos de Registro
  • Coloque o nome: RegBackup
  • Salve-o em C:\
  • Saia do Editor de registro.

2. Clique em Iniciar, Depois em Executar e digite: Notepad e dê OK.

  • Copie (Ctrl+C) e cole (Ctrl+V) o seguinte texto abaixo (começando com Windows Registry Editor Version 5.00) que está dentro da caixa CODE para o seu Bloco de Notas.
  • Certifique-se que copia para dentro de um arquivo do Bloco de Notas e não do Wordpad, senão não funcionará.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

  • Certifique-se que não deixa nenhuma linha em branco antes do "Windows Registry Editor Version 5.00" e deverá ter uma linha em branco no final.
  • Clique em Arquivo e escolha Guardar como.
  • Modifique em Guardar com o tipo: para Todos os Arquivos.
  • Atribua-lhe o nome de Fixtaskmgr.reg e salve o arquivo no seu desktop.
  • Ficará com um icone como este: reg.JPG
  • Duplo clique no arquivo Fixtaskmgr.reg, que está no desktop. Quando surgir a pergunta, clique em Sim.

3. Faça o download desta ferramenta e salve-a no seu desktop.

Duplo clique para executar a ferramenta. Clique YES no aviso: To work correctly, the script will close and restart the Windows Explorer shell. This will not harm your system. Continue?

4. Reinicie normalmente o seu pc e na próxima resposta gere e cole um novo log do HijackThis e informe se ainda nota algo no seu pc.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

O Regedit está bloqueado, nao consigo realizar o passo 1, e quando eu salvo o Fixtaskmgr.reg o ícone nao é o verdinho, fica um arquivo de extensao nao localizada. Dai quando eu tento abrir com o Regedit.exe, ele diz que a ediçao do registro foi bloqueada pelo Administrador.

O que eu faço? rodei a ferramenta do passo 3 sem o passo 1 e 2, mas nao resolveu!

Fico no aguardo, abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Vamos tentar uma coisa:

  1. Faça o download do Dial-A-Fix :

[*]Extraia o conteudo do zip para o desktop.

[*]Duplo clique em Dial-a-Fix.exe

[*]Marque as caixas (checkmark.png)

[*]UNcheck "Empty Temp Folders", e "Adjust Time/Date", ficará assim:

toUncheck.png

[*]Quando estiver assim, clique no botão "GO".

mainWindow.png

[*]Saia do Dial-A-Fix

Informe se resolveu

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapaz,

Nao resolveu, ainda percebi que todos os arquivos .zip estão abrindo com o codigo errado, embaralhando todos os caracteres...

E agora? Tá meio complicado...

Fico no aguardo, obrigado ai LUsitano

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

  1. Insira o cd do Windows XP CD-ROM no CD-ROM e siga as instruções abaixo:
  2. Clique em Iniciar, depois em executar e digite o texto abaixo e depois dê Enter:

    sfc /scannow


  3. Note que existe um espaço entre o sfc e a barra!
  4. Seja paciente e aguarde, é um pouco demorado.

Informe-me se resolveu.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olha, nao resolveu, foi ate o fim mas continuam os bloqueios. E agora, o que será do meu PC? O pior que mesmo que formate, o virus pode permanecer ne?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Tem solução, preciso é de mais informações para ver qual o mal que está feito no registro.

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

Segue log do Hijack e Combofix, mas ainda continua bloqueando tudo!

Aguardo instruções, obrigado!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:06:27, on 20/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7019 bytes

##################################################

ComboFix 08-11-18.A2 - Alisson 2008-11-20 11:09:14.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.155 [GMT -2:00]

Executando de: c:\documents and settings\Alisson\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\windows\system32\Bitkv0.dll

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

C:\xih9.cmd

.

---- Previous Run -------

.

C:\9.cmd

C:\autorun.inf

c:\docume~1\Alisson\CONFIG~1\Temp\n.dll

c:\documents and settings\Alisson\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Alisson\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\Bitkv1.dll

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

c:\windows\system32\kavo.exe

c:\windows\system32\kavo0.dll

c:\windows\system32\kavo1.dll

c:\windows\system32\kavo2.dll

c:\windows\system32\MEGATRON.ini

c:\windows\system32\tavo.exe

c:\windows\system32\tavo0.dll

C:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))

.

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a--c--- c:\windows\system32\dllcache\regedit.exe

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a------ c:\windows\regedit.exe

2008-11-19 17:02 . 2008-11-19 17:02 <DIR> d-------- c:\arquivos de programas\DAP

2008-11-19 17:02 . 1998-12-05 07:18 172,032 --a------ c:\windows\system32\AniGIF.ocx

2008-11-18 14:21 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys

2008-11-18 14:20 . 2001-09-05 23:06 286,432 --a--c--- c:\windows\system32\dllcache\stlnata.sys

2008-11-18 14:19 . 2001-09-05 23:22 899,658 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys

2008-11-18 14:18 . 2004-08-04 00:45 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll

2008-11-18 14:17 . 2004-08-04 00:45 4,274,816 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll

2008-11-18 14:16 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys

2008-11-18 14:15 . 2001-09-05 23:50 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll

2008-11-18 14:14 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys

2008-11-18 14:13 . 2001-09-05 23:49 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll

2008-11-18 14:12 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys

2008-11-18 14:11 . 2001-09-05 23:17 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys

2008-11-18 14:10 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys

2008-11-18 14:09 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys

2008-11-18 14:08 . 2001-09-05 23:49 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2008-11-17 17:59 . 2008-11-20 09:12 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-17 01:14 . 2008-11-18 00:43 <DIR> d-------- c:\arquivos de programas\VirtualDJ

2008-11-15 14:34 . 2008-11-15 14:34 <DIR> d-------- C:\_OTMoveIt

2008-11-14 17:08 . 2008-11-14 17:08 0 --a------ C:\8fcc

2008-11-08 12:00 . 2008-11-08 12:00 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\Unigraphics Solutions

2008-11-08 11:50 . 2008-11-08 11:52 <DIR> d-------- c:\arquivos de programas\Solid Edge V17

2008-10-31 16:20 . 2008-10-31 16:20 <DIR> d-------- C:\Relespública

2008-10-26 18:43 . 2008-10-26 18:43 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-10-25 03:03 . 2008-10-26 18:03 <DIR> d-------- C:\!KillBox

2008-10-23 01:50 . 2008-10-23 01:50 <DIR> d--h----- c:\windows\system32\GroupPolicy

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-19 18:27 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\AVG7

2008-11-19 18:27 --------- d-----w c:\documents and settings\Alisson\Dados de aplicativos\AVG7

2008-11-08 13:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\AutoCAD 2006

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2008-10-21 02:38 178,176 --sh--r C:\2fiji.com

2008-10-05 19:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-05 19:19 --------- d-----w c:\arquivos de programas\Rideel

2008-09-05 17:55 418,794 --sh--r C:\iwjj.com

2008-08-23 17:40 63,440 ----a-w c:\documents and settings\Alisson\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2005-04-01 00:17 110,592 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5752176]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 217088]

"iBest.baloon"="c:\arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 155648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-03 648704]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1441792]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 110592]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 409600]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 110703]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"Lexmark X74-X75"="c:\arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 126976]

"SsAAD.exe"="c:\arquiv~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-10 288768]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-10-23 517696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 152992]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Arquivos de programas\\Army Operations\\System\\ArmyOps.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmgr.exe"=

"c:\\Arquivos de programas\\Discador iBest\\discador.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\smax4.exe"=

"c:\\Arquivos de programas\\Discador iBest\\baloon.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avginet.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmon.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\vsnpstd3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=

"c:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\SMax4PNP.exe"=

"c:\\ARQUIV~1\\Sony\\SONICS~1\\SsAAD.exe"=

"c:\\Arquivos de programas\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=

S3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\foljnn.sys []

S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys [2006-09-03 1432836]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd4c53c-5732-11dd-aaf5-0013d4c750bd}]

\Shell\AutoRun\command - E:\xih9.cmd

\Shell\explore\Command - E:\xih9.cmd

\Shell\open\Command - E:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8d7f6c-8c23-11dd-ab48-0013d4c750bd}]

\Shell\AutoRun\command - E:\r1y1.bat

\Shell\explore\Command - E:\r1y1.bat

\Shell\open\Command - E:\r1y1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6461a024-ac37-11dd-ab8f-0013d4c750bd}]

\Shell\AutoRun\command - lky.exe

\Shell\explore\Command - lky.exe

\Shell\open\Command - lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7288e1fe-e2ba-11da-a630-0013d4c750bd}]

\Shell\AutoRun\command - E:\lky.exe

\Shell\explore\Command - E:\lky.exe

\Shell\open\Command - E:\lky.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-YNTUMS_A.EXE - YNTUMS_A.EXE

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Alisson\Dados de aplicativos\Mozilla\Firefox\Profiles\default.9fr\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-20 11:39:11

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\arquiv~1\Grisoft\AVGFRE~1\avgamsvr.exe

c:\arquiv~1\Grisoft\AVGFRE~1\avgupsvc.exe

c:\arquiv~1\Grisoft\AVGFRE~1\avgemc.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\WgaTray.exe

c:\arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

c:\arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-20 11:46:20 - Máquina reiniciou [Alisson]

ComboFix-quarantined-files.txt 2008-11-20 13:46:17

Pré-execução: 9.344.790.528 bytes disponíveis

Pós execução: 9,235,230,720 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

221 --- E O F --- 2008-10-17 05:54:47

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "CODE":

http://forum.clubedohardware.com.br/favor-analisem-log/599204

Collect::[4]
C:\iwjj.com
driver::
dac970nt
File::
c:\windows\system32\drivers\foljnn.sys
Folder::
C:\8fcc
Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd4c53c-5732-11dd-aaf5-0013d4c750bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8d7f6c-8c23-11dd-ab48-0013d4c750bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6461a024-ac37-11dd-ab8f-0013d4c750bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7288e1fe-e2ba-11da-a630-0013d4c750bd}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um arquivo zipado chamado de: Submit [Date Time].zip e também será criado um arquivo: CF-Submit-Previous.htm
  • Certifique-se que tem conexão à internet, pois terá de enviar uns arquivos para análise mais detalhada.
  • No seu computador, localize a pasta C:\Qoobox. Dentro dessa pasta verá um arquivo como nome "CF-Submit-Previous.htm", terá um icone semelhante a este: icon_html.png
  • my.php?image=iconhtmlmt3.png
  • Dê duplo clique nesse arquivo e uma página será aberta no seu Internet Explorer
  • Na caixa por baixo de "Submeter o malware para análise em Bleeping Computer", copie e cole o caminho para o arquivo que está a frente de "File path ---> (exemplo: C:\Qoobox\Quarantine\Submit [Date Time].zip)
  • Clique agora em "Send" para o arquivo ser enviado.
  • Cole o arquivo C:\ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Lusitano,

Os ultimos passos nao pude fazer, porque nao foi gerado Submit [Date Time].zip e também o CF-Submit-Previous.htm .

No entanto, o REGEDIT e o Gerenciador de Tarefas voltaram a funcionar, mas nao consigo abrir nem o AVG nem os arquivos .ZIP. Segue os logs do Hijack e Combofix.

Aguardo novas intrucoes, obrigado!

ComboFix 08-11-18.A2 - Alisson 2008-11-25 17:31:16.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.220 [GMT -2:00]

Executando de: c:\documents and settings\Alisson\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Alisson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

c:\windows\system32\drivers\foljnn.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\8fcc\

C:\Autorun.inf

C:\iwjj.com

c:\windows\system32\ckvo0.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_dac970nt

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))

.

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a--c--- c:\windows\system32\dllcache\regedit.exe

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a------ c:\windows\regedit.exe

2008-11-19 17:02 . 2008-11-19 17:02 <DIR> d-------- c:\arquivos de programas\DAP

2008-11-19 17:02 . 1998-12-05 07:18 172,032 --a------ c:\windows\system32\AniGIF.ocx

2008-11-18 14:21 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys

2008-11-18 14:20 . 2001-09-05 23:06 286,432 --a--c--- c:\windows\system32\dllcache\stlnata.sys

2008-11-18 14:19 . 2001-09-05 23:22 899,658 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys

2008-11-18 14:18 . 2004-08-04 00:45 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll

2008-11-18 14:17 . 2004-08-04 00:45 4,274,816 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll

2008-11-18 14:16 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys

2008-11-18 14:15 . 2001-09-05 23:50 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll

2008-11-18 14:14 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys

2008-11-18 14:13 . 2001-09-05 23:49 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll

2008-11-18 14:12 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys

2008-11-18 14:11 . 2001-09-05 23:17 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys

2008-11-18 14:10 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys

2008-11-18 14:09 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys

2008-11-18 14:08 . 2001-09-05 23:49 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2008-11-17 17:59 . 2008-11-25 02:06 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-17 01:14 . 2008-11-18 00:43 <DIR> d-------- c:\arquivos de programas\VirtualDJ

2008-11-15 14:34 . 2008-11-15 14:34 <DIR> d-------- C:\_OTMoveIt

2008-11-14 17:08 . 2008-11-14 17:08 0 --a------ C:\8fcc

2008-11-08 12:00 . 2008-11-08 12:00 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\Unigraphics Solutions

2008-11-08 11:50 . 2008-11-08 11:52 <DIR> d-------- c:\arquivos de programas\Solid Edge V17

2008-10-31 16:20 . 2008-10-31 16:20 <DIR> d-------- C:\Relespública

2008-10-26 18:43 . 2008-10-26 18:43 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-10-25 03:03 . 2008-10-26 18:03 <DIR> d-------- C:\!KillBox

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 15:07 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\AVG7

2008-11-19 18:27 --------- d-----w c:\documents and settings\Alisson\Dados de aplicativos\AVG7

2008-11-08 13:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\AutoCAD 2006

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2008-10-21 02:38 178,176 --sh--r C:\2fiji.com

2008-10-05 19:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-05 19:19 --------- d-----w c:\arquivos de programas\Rideel

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-08-23 17:40 63,440 ----a-w c:\documents and settings\Alisson\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2005-04-01 00:17 110,592 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-11-20_11.45.17.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-25 19:35:26 16,384 ----atw c:\windows\temp\Perflib_Perfdata_344.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5752176]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 217088]

"iBest.baloon"="c:\arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 155648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-03 648704]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1441792]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 110592]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 409600]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 110703]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"Lexmark X74-X75"="c:\arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 126976]

"SsAAD.exe"="c:\arquiv~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-10 288768]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-10-23 517696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 152992]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Arquivos de programas\\Army Operations\\System\\ArmyOps.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmgr.exe"=

"c:\\Arquivos de programas\\Discador iBest\\discador.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\smax4.exe"=

"c:\\Arquivos de programas\\Discador iBest\\baloon.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avginet.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmon.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\vsnpstd3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=

"c:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\SMax4PNP.exe"=

"c:\\ARQUIV~1\\Sony\\SONICS~1\\SsAAD.exe"=

"c:\\Arquivos de programas\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Sony Shared\\AVLib\\SSScsiSV.exe"=

S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys [2006-09-03 1432836]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9258fc5-6ea4-11da-a578-0013d4c750bd}]

\SHell\aUToplay\CoMmand - E:\yiig.exe

\SHell\AutoRun\command - E:\yiig.exe

\SHell\exPLorE\ComMAnd - E:\yiig.exe

\SHell\opEN\COMMand - E:\yiig.exe

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 17:35:46

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\arquiv~1\Grisoft\AVGFRE~1\avgamsvr.exe

c:\arquiv~1\Grisoft\AVGFRE~1\avgupsvc.exe

c:\arquiv~1\Grisoft\AVGFRE~1\avgemc.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\WgaTray.exe

c:\arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

c:\arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-25 17:42:57 - Máquina reiniciou [Alisson]

ComboFix-quarantined-files.txt 2008-11-25 19:42:53

ComboFix2.txt 2008-11-20 13:46:22

Pré-execução: 6.771.322.880 bytes disponíveis

Pós execução: 6,687,039,488 bytes disponíveis

183 --- E O F --- 2008-10-17 05:54:47

#######################################################

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59:51, on 25/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\Lexmark X74-X75\lxbbbmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Discador iBest\baloon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

C:\Arquivos de programas\Discador iBest\discador.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 6936 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Conecte os seus mídias (pendrives, etc.) ao seu pc, mas não execute nada deles.

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9258fc5-6ea4-11da-a578-0013d4c750bd}]
File::
E:\yiig.exe
C:\2fiji.com

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Realizei os passos, seguem os logs, e aguardo instruçoes:

ComboFix 08-11-18.A2 - Alisson 2008-11-26 16:10:54.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.254 [GMT -2:00]

Executando de: c:\documents and settings\Alisson\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Alisson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\2fiji.com

E:\yiig.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\2fiji.com

E:\autorun.inf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))

.

2008-11-26 16:05 . 2008-11-26 16:07 0 --a------ c:\windows\win.ini

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\LocalService\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> dr-h----- C:\$VAULT$.AVG

2008-11-25 19:46 . 2008-11-25 19:51 <DIR> d-------- C:\$AVG8.VAULT$

2008-11-25 18:28 . 2008-11-25 18:28 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-25 18:28 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-11-25 18:28 . 2008-11-25 18:28 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-25 18:08 . 2008-11-25 18:08 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll

2008-11-25 18:06 . 2008-11-12 16:12 177,664 -r-hs---- C:\lky.exe

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a--c--- c:\windows\system32\dllcache\regedit.exe

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a------ c:\windows\regedit.exe

2008-11-19 17:02 . 2008-11-25 20:00 <DIR> d-------- c:\arquivos de programas\DAP

2008-11-19 17:02 . 1998-12-05 07:18 172,032 --a------ c:\windows\system32\AniGIF.ocx

2008-11-18 14:21 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys

2008-11-18 14:20 . 2001-09-05 23:06 286,432 --a--c--- c:\windows\system32\dllcache\stlnata.sys

2008-11-18 14:19 . 2001-09-05 23:22 899,658 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys

2008-11-18 14:18 . 2004-08-04 00:45 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll

2008-11-18 14:17 . 2004-08-04 00:45 4,274,816 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll

2008-11-18 14:16 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys

2008-11-18 14:15 . 2001-09-05 23:50 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll

2008-11-18 14:14 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys

2008-11-18 14:13 . 2001-09-05 23:49 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll

2008-11-18 14:12 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys

2008-11-18 14:11 . 2001-09-05 23:17 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys

2008-11-18 14:10 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys

2008-11-18 14:09 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys

2008-11-18 14:08 . 2001-09-05 23:49 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2008-11-17 17:59 . 2008-11-26 14:54 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-17 01:14 . 2008-11-18 00:43 <DIR> d-------- c:\arquivos de programas\VirtualDJ

2008-11-15 14:34 . 2008-11-15 14:34 <DIR> d-------- C:\_OTMoveIt

2008-11-14 17:08 . 2008-11-14 17:08 0 --a------ C:\8fcc

2008-11-08 12:00 . 2008-11-08 12:00 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\Unigraphics Solutions

2008-11-08 11:50 . 2008-11-08 11:52 <DIR> d-------- c:\arquivos de programas\Solid Edge V17

2008-10-31 16:20 . 2008-10-31 16:20 <DIR> d-------- C:\Relespública

2008-10-26 18:43 . 2008-10-26 18:43 <DIR> d-------- c:\arquivos de programas\Trend Micro

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 20:54 37,888 ----a-w c:\documents and settings\Alisson\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-11-08 13:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\AutoCAD 2006

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2008-10-05 19:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-05 19:19 --------- d-----w c:\arquivos de programas\Rideel

2005-04-01 00:17 110,592 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-11-20_11.45.17.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-25 20:27:54 589,824 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat

+ 2008-11-25 22:02:02 351,756 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2006-12-02 00:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 00:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 00:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 00:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 02:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 02:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 02:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 02:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 02:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 02:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 02:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 02:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 02:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5752176]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 217088]

"iBest.baloon"="c:\arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 155648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-03 648704]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1441792]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 110592]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 409600]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 110703]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"Lexmark X74-X75"="c:\arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 126976]

"SsAAD.exe"="c:\arquiv~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-10 288768]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-10-23 517696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 152992]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Arquivos de programas\\Army Operations\\System\\ArmyOps.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmgr.exe"=

"c:\\Arquivos de programas\\Discador iBest\\discador.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\smax4.exe"=

"c:\\Arquivos de programas\\Discador iBest\\baloon.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avginet.exe"=

"c:\\Arquivos de programas\\Lexmark X74-X75\\lxbbbmon.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\vsnpstd3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=

"c:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\SMax4PNP.exe"=

"c:\\ARQUIV~1\\Sony\\SONICS~1\\SsAAD.exe"=

"c:\\Arquivos de programas\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Sony Shared\\AVLib\\SSScsiSV.exe"=

R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\foljnn.sys []

S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys [2006-09-03 1432836]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-26 16:15:13

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\WgaTray.exe

c:\arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-26 16:21:54 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-26 18:21:51

ComboFix2.txt 2008-11-26 15:23:13

ComboFix3.txt 2008-11-20 13:46:22

Pré-execução: 5.428.158.464 bytes disponíveis

Pós execução: 5,430,587,392 bytes disponíveis

199 --- E O F --- 2008-10-17 05:54:47

######################################################################################################

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:27:37, on 26/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Arquivos de programas\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 6655 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá até 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:

    • c:\windows\system32\drivers\foljnn.sys

[*] Clique no botão 688godt.jpg

[*] O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.

[*] Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

Eu tenho net discada, nao estou conseguindo abrir nenhum dos 3 links. Vou continuar tentando...

Eu tenho o CD do Windows XP, nao seria o caso de formatar? Mas pelo que li, mesmo que eu formate o virus ainda vai continuar, certo?

Obrigado, fico no aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu tenho o CD do Windows XP, nao seria o caso de formatar? Mas pelo que li, mesmo que eu formate o virus ainda vai continuar, certo?

Obrigado, fico no aguardo!

Formatar resolverá a questão.

Mas podemos sem duvida remover o virus sem formatação, mas como sua conexão é discada e caso fique mais simples para você formatar, faça isso.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

Tem outro jeito de tirar o virus sem ser pelos sites?...ou eu poderia salvar o arquivo c:\windows\system32\drivers\foljnn.sys em outro PC e tentar scannear numa net high speed?

Eu poderia formatar, mas é que nunca o fiz antes...

Obrigado mais uma vez, fico no aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites
..ou eu poderia salvar o arquivo c:\windows\system32\drivers\foljnn.sys em outro PC e tentar scannear numa net high speed?

Sim, faça isso por favor

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano,

Outro problema.

Nao consigo localizar o arquivo c:\windows\system32\drivers\foljnn.sys no diretoria C. Como é que eu faço agora?

Segue os ultimos hijack e Combofix se ajudar.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:23:42, on 2/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Discador iBest\baloon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Discador iBest\discador.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2958A9A1-1073-4262-A7D4-E95691660E0E}: NameServer = 201.10.120.2 201.10.128.3

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: PACSPTISVR - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe (file missing)

--

End of file - 6088 bytes

#######################################################

ComboFix 08-11-27.07 - Alisson 2008-12-02 14:53:30.11 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.250 [GMT -2:00]

Executando de: c:\documents and settings\Alisson\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Alisson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

c:\windows\system32\drivers\foljnn.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\8fcc\

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DAC970NT

-------\Service_dac970nt

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))

.

2008-11-28 15:00 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe

2008-11-28 14:57 . 1998-11-13 10:54 306,688 --a------ c:\windows\IsUn0404.exe

2008-11-27 17:41 . 2008-11-27 17:41 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-11-27 17:41 . 2008-11-27 17:41 <DIR> d-------- c:\arquivos de programas\Avira

2008-11-27 14:55 . 2008-11-27 14:55 12,366,220 --------- C:\AVG7QT.DAT

2008-11-26 16:05 . 2008-11-28 12:40 0 --a------ c:\windows\win.ini

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\LocalService\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-25 20:01 . 2008-11-28 01:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-27 14:55 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\AVG7

2008-11-25 20:01 . 2008-11-25 20:01 <DIR> dr-h----- C:\$VAULT$.AVG

2008-11-25 19:46 . 2008-11-25 19:51 <DIR> d-------- C:\$AVG8.VAULT$

2008-11-25 18:28 . 2008-11-25 18:28 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-25 18:28 . 2008-11-25 20:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-11-25 18:28 . 2008-11-25 18:28 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a--c--- c:\windows\system32\dllcache\regedit.exe

2008-11-20 09:11 . 2002-12-31 10:00 150,528 --a------ c:\windows\regedit.exe

2008-11-19 17:02 . 2008-11-28 12:31 <DIR> d-------- c:\arquivos de programas\DAP

2008-11-19 17:02 . 1998-12-05 07:18 172,032 --a------ c:\windows\system32\AniGIF.ocx

2008-11-18 14:21 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys

2008-11-18 14:20 . 2001-09-05 23:06 286,432 --a--c--- c:\windows\system32\dllcache\stlnata.sys

2008-11-18 14:19 . 2001-09-05 23:22 899,658 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys

2008-11-18 14:18 . 2004-08-04 00:45 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll

2008-11-18 14:17 . 2004-08-04 00:45 4,274,816 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll

2008-11-18 14:16 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys

2008-11-18 14:15 . 2001-09-05 23:50 242,688 --a--c--- c:\windows\system32\dllcache\kdsusd.dll

2008-11-18 14:14 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys

2008-11-18 14:13 . 2001-09-05 23:49 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll

2008-11-18 14:12 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys

2008-11-18 14:11 . 2001-09-05 23:17 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys

2008-11-18 14:10 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys

2008-11-18 14:09 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys

2008-11-18 14:08 . 2001-09-05 23:49 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2008-11-17 17:59 . 2008-11-28 11:08 <DIR> d-------- c:\windows\system32\CatRoot2

2008-11-17 01:14 . 2008-11-18 00:43 <DIR> d-------- c:\arquivos de programas\VirtualDJ

2008-11-15 14:34 . 2008-11-15 14:34 <DIR> d-------- C:\_OTMoveIt

2008-11-14 17:08 . 2008-11-14 17:08 0 --a------ C:\8fcc

2008-11-08 12:00 . 2008-11-08 12:00 <DIR> d-------- c:\documents and settings\Alisson\Dados de aplicativos\Unigraphics Solutions

2008-11-08 11:50 . 2008-11-08 11:52 <DIR> d-------- c:\arquivos de programas\Solid Edge V17

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-28 13:07 --------- d-----w c:\arquivos de programas\Discador iBest

2008-11-28 03:12 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-11-27 22:39 --------- d-----w c:\arquivos de programas\Picasa2

2008-11-27 22:37 --------- d-----w c:\arquivos de programas\NFS Most Wanted

2008-11-27 22:35 --------- d-----w c:\arquivos de programas\LG webpro2

2008-11-27 22:35 --------- d-----w c:\arquivos de programas\Lexmark X74-X75

2008-11-27 22:34 --------- d-----w c:\arquivos de programas\FaxTools

2008-11-27 22:32 --------- d-----w c:\arquivos de programas\Arquivos comuns\snpstd3

2008-11-27 22:31 --------- d-----w c:\arquivos de programas\Army Operations

2008-11-27 22:31 --------- d-----w c:\arquivos de programas\aceleradorpop

2008-11-27 22:31 --------- d-----w c:\arquivos de programas\ABBYY FineReader 5.0 Sprint

2008-11-25 20:54 37,888 ----a-w c:\documents and settings\Alisson\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-11-08 13:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\AutoCAD 2006

2008-11-08 13:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2008-10-26 20:43 --------- d-----w c:\arquivos de programas\Trend Micro

2008-10-05 19:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-05 19:19 --------- d-----w c:\arquivos de programas\Rideel

.

((((((((((((((((((((((((((((( snapshot_2008-11-28_12.36.42.32 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-12-17 02:20:49 167,936 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2008-11-28 17:15:24 167,936 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\accicons.exe

- 2005-12-17 02:20:49 2,560 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2008-11-28 17:15:24 2,560 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2005-12-17 02:20:49 81,920 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2008-11-28 17:15:24 81,920 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\fpicon.exe

- 2005-12-17 02:20:49 34,304 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2008-11-28 17:15:24 34,304 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2005-12-17 02:20:49 8,192 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2008-11-28 17:15:24 8,192 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2005-12-17 02:20:49 3,584 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2008-11-28 17:15:24 3,584 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2005-12-17 02:20:49 114,688 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2008-11-28 17:15:24 114,688 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2005-12-17 02:20:49 16,384 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2008-11-28 17:15:24 16,384 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2005-12-17 02:20:49 30,720 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2008-11-28 17:15:24 30,720 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\pptico.exe

- 2005-12-17 02:20:49 22,528 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2008-11-28 17:15:24 22,528 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2005-12-17 02:20:49 45,056 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2008-11-28 17:15:23 45,056 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2005-12-17 02:20:49 90,112 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2008-11-28 17:15:23 90,112 ----a-r c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\xlicons.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5858672]

"iBest.baloon"="c:\arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 151552]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 409600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-28 487936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVGFRE~1\avgw.exe" [2008-11-28 216064]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 165280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Discador iBest\\discador.exe"=

"c:\\Arquivos de programas\\Discador iBest\\baloon.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avginet.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\vsnpstd3.exe"=

"c:\\Arquivos de programas\\Avira\\AntiVir PersonalEdition Classic\\avwsc.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys [2006-09-03 1432836]

*Newly Created Service* - DAC970NT

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-02 15:13:12

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\WgaTray.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-02 15:17:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-02 17:17:22

ComboFix2.txt 2008-11-28 14:44:04

ComboFix3.txt 2008-11-28 14:38:34

ComboFix4.txt 2008-11-27 15:11:05

ComboFix5.txt 2008-12-02 16:52:51

Pré-execução: 5.455.962.112 bytes disponíveis

Pós execução: 5,499,236,352 bytes disponíveis

196 --- E O F --- 2008-10-17 05:54:47

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×