Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom eu ja tinha um antivirus porem formateiu e fikei sem nenhum
agora toda vez que tendo instalar(avast) minha maquina reinicia
sozinha e tem um jogo que eu usava que nao abre mais mesmo eu
excluindo e instalando de novo..Aguardo resposta!
Nao sei se ta certo pois nunka mexi com issu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:24, on 29/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\edgar\CONFIG~1\Temp\winjpvqvs.exe
C:\hijackthis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 5236 bytes
:) Olá Radge!
:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:
Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>
Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.
Ficamos no aguardo.
Bom amigo é o seguinte..
Quanso vou em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall
o combo procura os arquivos enfectados depois ndisso ele
entra em mode de renicializaçao(reinicia o pc) mais só
que ele nunka desliga ou reinicia fika muito tempo me
dizendo incerrando e nao incerra.Dai eu reseto minha maquina
e depois me da um relatorio que é esse...
ComboFix 10-01-28.05 - edgar 29/01/2010 14:24:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.319 [GMT -2:00]
Executando de: c:\documents and settings\edgar\desktop\Combofix.exe
Comandos utilizados :: /killall
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))
.
2010-01-29 14:18 . 2010-01-29 14:35 -------- dc----w- C:\hijackthis
2010-01-29 01:01 . 2010-01-21 19:18 52224 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
2010-01-29 01:01 . 2010-01-21 19:18 101376 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
2010-01-26 15:51 . 2010-01-26 15:51 -------- dc----w- c:\arquivos de programas\ltmoh
2010-01-26 15:46 . 2001-08-14 12:24 90112 -c--a-r- c:\windows\system32\hpsjvset.dll
2010-01-26 15:46 . 2001-08-03 10:23 40960 -c--a-r- c:\windows\system32\hpgmausd.dll
2010-01-26 15:46 . 2001-08-03 10:21 438272 -c--a-r- c:\windows\system32\hpgmatk.dll
2010-01-26 15:46 . 2000-10-09 17:57 102400 -c--a-r- c:\windows\system32\hpgmastr.dll
2010-01-26 15:46 . 2004-08-04 00:58 15104 -c--a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-26 15:46 . 2004-08-04 00:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-24 22:47 . 2010-01-24 22:47 -------- dc----w- c:\documents and settings\oscar\Dados de aplicativos\Uniblue
2010-01-24 22:47 . 2010-01-24 22:47 -------- dc----w- c:\arquivos de programas\Uniblue
2010-01-24 13:57 . 2005-05-02 04:10 68096 -c----w- c:\windows\system32\agrsmdel.exe
2010-01-24 13:57 . 2005-05-02 04:10 68096 -c--a-r- c:\windows\agrsmdel.exe
2010-01-24 13:57 . 2005-06-30 05:16 1094848 -c--a-r- c:\windows\system32\drivers\AGRSM.sys
2010-01-24 13:57 . 2005-06-30 05:16 88203 -c----w- c:\windows\AGRSMMSG.exe
2010-01-24 13:57 . 2010-01-24 13:57 -------- dc----w- c:\windows\Options
2010-01-23 19:38 . 2010-01-27 12:34 -------- dc----w- c:\arquivos de programas\JPEG PC Camera
2010-01-23 19:28 . 2010-01-23 19:52 192512 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\NewShortcut2_A3067925A766429191B209645103A21B.exe
2010-01-23 19:28 . 2010-01-23 19:52 192512 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\NewShortcut1_A3067925A766429191B209645103A21B.exe
2010-01-23 19:28 . 2010-01-23 19:52 10134 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\ARPPRODUCTICON.exe
2010-01-23 19:28 . 2010-01-23 20:23 -------- dc----w- c:\arquivos de programas\JPEG Camera
2010-01-23 18:03 . 2010-01-24 22:43 -------- dc----w- c:\documents and settings\oscar\Tracing
2010-01-23 15:58 . 2010-01-12 17:26 52224 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
2010-01-23 15:58 . 2010-01-12 17:26 101376 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
2010-01-22 23:28 . 2010-01-22 23:28 -------- dc----w- c:\arquivos de programas\LigasOnline
2010-01-22 16:05 . 2010-01-22 16:15 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\GetRightToGo
2010-01-22 14:49 . 2010-01-22 21:29 -------- dc----w- c:\arquivos de programas\Windows Live Safety Center
2010-01-22 00:29 . 2010-01-12 17:26 52224 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
2010-01-22 00:29 . 2010-01-12 17:26 101376 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
2010-01-22 00:16 . 2010-01-23 21:10 -------- dc----w- C:\oscar
2010-01-22 00:11 . 2010-01-22 00:11 152576 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-22 00:04 . 2010-01-22 00:10 79488 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 13:39 . 2010-01-21 13:39 -------- dc----w- c:\arquivos de programas\PluginLetras
2010-01-19 00:48 . 2004-08-04 03:45 221184 -c--a-w- c:\windows\system32\wmpns.dll
2010-01-19 00:45 . 2010-01-19 00:45 -------- dc----w- c:\windows\ServicePackFiles
2010-01-18 23:07 . 2010-01-19 17:52 -------- dc----w- c:\windows\system32\CatRoot_bak
2010-01-18 22:13 . 2009-08-04 17:05 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-18 22:13 . 2009-08-04 17:05 2184576 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-18 21:25 . 2008-06-14 17:59 272384 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2010-01-18 21:25 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\drivers\bthport.sys
2010-01-18 18:59 . 2010-01-22 21:17 -------- dc-h--w- c:\windows\$hf_mig$
2010-01-18 14:45 . 2010-01-21 21:50 79488 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 14:18 . 2010-01-21 12:23 79488 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 01:55 . 2010-01-27 20:41 -------- dc----w- c:\arquivos de programas\CyberScript32
2010-01-18 01:28 . 2010-01-18 01:28 -------- dc----w- c:\windows\Sun
2010-01-18 01:12 . 2010-01-18 01:12 410984 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-18 01:12 . 2010-01-22 00:11 -------- dc----w- c:\arquivos de programas\Java
2010-01-18 01:11 . 2010-01-18 01:11 152576 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll
2010-01-18 00:51 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-18 00:51 . 2009-08-06 21:23 215920 -c--a-w- c:\windows\system32\muweb.dll
2010-01-18 00:02 . 2010-01-29 16:37 -------- dc----w- c:\documents and settings\edgar\Tracing
2010-01-17 22:35 . 2006-11-29 15:06 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll
2010-01-17 22:35 . 2010-01-17 22:35 -------- dc----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2010-01-17 21:57 . 2010-01-27 17:27 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\Lightcomm
2010-01-17 16:10 . 2010-01-17 17:52 -------- dc----w- c:\arquivos de programas\PhotoScape
2010-01-17 14:16 . 2004-08-04 01:07 6400 -c--a-w- c:\windows\system32\drivers\splitter.sys
2010-01-17 14:14 . 2010-01-17 14:14 -------- dc----w- c:\windows\ASUSInstAll
2010-01-17 14:14 . 2004-08-12 10:56 5810 -c--a-r- c:\windows\system32\drivers\ASACPI.sys
2010-01-17 14:14 . 2004-04-26 15:26 5824 -c--a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-01-17 12:24 . 2004-08-04 03:45 25600 -c--a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\arquivos de programas\Windows Media Connect 2
2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- C:\afdb6dc0ee6a3cbd27b6524eb0f1320d
2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\windows\system32\drivers\UMDF
2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\windows\system32\LogFiles
2010-01-17 12:21 . 2008-07-09 07:34 26488 -c--a-w- c:\windows\system32\spupdsvc.exe
2010-01-17 11:56 . 2010-01-17 11:56 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\CyberLink
2010-01-17 11:56 . 2010-01-17 11:56 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-01-17 04:59 . 2010-01-18 22:20 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-01-17 04:59 . 2010-01-23 17:59 -------- dc----w- c:\arquivos de programas\Messenger_Plus_Live
2010-01-17 04:59 . 2010-01-17 04:59 -------- dc----w- c:\arquivos de programas\Conduit
2010-01-17 04:59 . 2010-01-23 15:58 -------- dc----w- c:\arquivos de programas\Messenger Plus! Live
2010-01-17 04:50 . 2010-01-28 23:16 -------- dc----w- c:\documents and settings\ramom\Tracing
2010-01-17 04:49 . 2010-01-17 04:49 -------- dc----w- c:\arquivos de programas\Microsoft Sync Framework
2010-01-17 04:48 . 2010-01-17 04:48 -------- dc----w- c:\arquivos de programas\Microsoft
2010-01-17 04:48 . 2010-01-17 04:48 -------- dc----w- c:\arquivos de programas\Windows Live SkyDrive
2010-01-17 04:48 . 2010-01-17 22:35 -------- dc----w- c:\arquivos de programas\Windows Live
2010-01-17 03:48 . 2010-01-17 03:48 -------- dc----w- C:\Program Files
2010-01-17 03:46 . 2010-01-17 03:46 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-01-17 03:43 . 2004-08-04 01:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-17 03:13 . 2010-01-17 03:13 -------- dcs---w- c:\documents and settings\ramom\UserData
2010-01-17 02:39 . 2010-01-17 02:48 -------- dc----w- C:\Temp
2010-01-17 02:16 . 2010-01-29 16:37 -------- dc----w- c:\arquivos de programas\lg_fwupdate
2010-01-17 02:16 . 2010-01-17 02:42 16384 -c--a-w- c:\windows\system32\lgfwunis.exe
2010-01-17 02:16 . 1998-07-22 02:00 102912 -c--a-w- c:\windows\system32\Vb6stkit.dll
2010-01-17 02:16 . 1998-07-22 02:00 102160 -c--a-w- c:\windows\system32\VB6KO.DLL
2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\windows\Profiles
2010-01-17 02:14 . 2010-01-19 21:30 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\windows\system32\Adobe
2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\InterTrust
2010-01-17 02:14 . 1998-10-29 17:45 306688 -c--a-w- c:\windows\IsUninst.exe
2010-01-17 02:13 . 2004-07-09 10:43 364544 -c----w- c:\windows\system32\TwnLib4.dll
2010-01-17 02:12 . 2010-01-17 02:12 -------- dc----w- c:\windows\InCD
2010-01-17 02:11 . 2010-01-17 02:11 -------- dc----w- c:\arquivos de programas\CyberLink
2010-01-17 02:11 . 2010-01-17 02:11 -------- dc----w- C:\MyWorks
2010-01-17 02:11 . 2010-01-17 14:17 -------- dc-h--w- c:\arquivos de programas\InstallShield Installation Information
2010-01-17 02:11 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\CyberLink DVD Solution
2010-01-17 02:11 . 2004-10-01 17:00 118784 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe
2010-01-17 02:10 . 2010-01-17 14:15 -------- dc----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-01-16 22:27 . 2010-01-16 22:27 0 -c--a-w- c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 17:30 . 2010-01-16 20:47 -------- dc----w- c:\arquivos de programas\Oi Velox
2010-01-27 12:36 . 2010-01-17 02:57 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\Lightcomm
2010-01-24 22:50 . 2010-01-16 20:53 -------- dc----w- c:\documents and settings\oscar\Dados de aplicativos\Lightcomm
2010-01-24 13:57 . 2001-10-28 18:07 48628 ----a-w- c:\windows\system32\perfc016.dat
2010-01-24 13:57 . 2001-10-28 18:07 344380 ----a-w- c:\windows\system32\perfh016.dat
2010-01-22 22:34 . 2010-01-16 21:21 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-17 14:17 . 2010-01-17 14:17 -------- dc----w- c:\arquivos de programas\Analog Devices
2010-01-17 02:13 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\Ahead
2010-01-17 02:13 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Ahead
2010-01-16 21:22 . 2010-01-16 21:22 -------- dc----w- c:\arquivos de programas\microsoft frontpage
2010-01-16 21:21 . 2010-01-16 21:21 -------- dc----w- c:\arquivos de programas\Serviços on-line
2010-01-16 21:20 . 2010-01-16 21:20 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-01-16 21:18 . 2010-01-16 21:18 21844 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-12-22 05:41 . 2004-08-04 03:45 664064 -c----w- c:\windows\system32\wininet.dll
2009-12-22 05:41 . 2004-08-04 03:45 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-11-21 16:42 . 2004-08-04 03:45 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2009-12-31 13:53 2349080 -c--a-w- c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3961664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 106496]
"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2010-01-17 634880]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 135680]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 999424]
"LtMoh"="c:\arquivos de programas\ltmoh\Ltmoh.exe" [2005-05-18 258048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\PhotoScape\\PhotoScape.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Arquivos de programas\\Windows Media Player\\wmdbexport.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getodd.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\GetODDModel.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getadmin.exe"=
"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=
"c:\\Arquivos de programas\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\fwupdate.exe"=
"c:\\oscar\\wlsetup-custom.exe"=
"c:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"=
"c:\\Arquivos de programas\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\Buyer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Arquivos de programas\\ltmoh\\Ltmoh.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\Smax4.exe"=
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\plrqj.sys --> c:\windows\system32\drivers\plrqj.sys [?]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
--- =Outros Serviços/Drivers Na Memória ---
NewlyCreated - ASC3360PR
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {229BCC09-E9B9-4C62-A762-04A24156DA2A} = 200.165.132.148 200.165.132.155
FF - ProfilePath - c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13
FF - component: c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 14:37
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Ahead\InCD\InCDsrv.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-29 14:40:02 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-29 16:40
ComboFix2.txt 2010-01-29 16:21
Pré-execução: 10 pasta(s) 66.561.691.648 bytes disponíveis
Pós execução: 11 pasta(s) 66.461.241.344 bytes disponíveis
O que devo fazer sendo que nao consigo achar tais comandos citado na explicaçao acima..
fikarei no guardado..
abraço!!!
Ps: se precisar de um explicaçao mais detalhada me informe!
:seta: Poste também um novo log do Hijackthis para analisarmos.
Aqui estas..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:56, on 29/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\hijackthis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 5272 bytes
abraço..
:seta: Siga, por gentileza, as dicas destes tutoriais:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware
Tutorial do Norman Malware Cleaner
Na sua próxima resposta poste este log do Malwarebytes juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.
Ficamos no aguardo.
Como pedido segue os seguintes logs!
1°Log-Malwarebytes
Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3658
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
29/1/2010 19:45:19
mbam-log-2010-01-29 (19-45-18).txt
Tipo de Verificação: Completa (C:\|)
Objetos verificados: 156419
Tempo decorrido: 1 hour(s), 17 minute(s), 42 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 38
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\edgar\Configurações locais\temp\kwebw.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP10\A0001614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP10\A0001615.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001820.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001826.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001907.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0002174.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002300.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002301.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002464.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0003297.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0003298.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0004300.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0004301.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004507.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004664.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004665.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP16\A0005370.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP16\A0005371.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005520.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005521.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005692.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005693.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005793.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005796.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006000.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006038.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP33\A0020555.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0022625.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0022654.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0023490.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0023517.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0024543.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0024570.com (Trojan.Agent) -> Quarantined and deleted successfully.
2°log-Norman Malware Cleaner
Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/01/29 11:48:23
Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2010/01/29 11:48:23, Variants: 4854236
Scan started: 30/01/2010 01:17:43
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: CASA-77512E3B81\edgar
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Scanning bootsectors...
Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s
Scanning running processes and process memory...
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\ltmoh\Ltmoh.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Documents and Settings\edgar\Configurações locais\temp\winqabp.exe (Infected with W32/Horst.gen33)
Terminated process
Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\edgar\CONFIG~1\Temp\winqabp.exe = "C:\DOCUME~1\edgar\CONFIG~1\Temp\winqabp.exe:*:Enabled:ipsec"
Deleted file
C:\Documents and Settings\edgar\Configurações locais\temp\wingirpa.exe (Infected with Spambot.EZ)
Terminated process
Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\edgar\CONFIG~1\Temp\wingirpa.exe = "C:\DOCUME~1\edgar\CONFIG~1\Temp\wingirpa.exe:*:Enabled:ipsec"
Deleted file
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Infected with W32/Sality.AN)
Failed to repair file
Number of processes/threads found: 3097
Number of processes/threads scanned: 3097
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 2
Total scanning time: 1m 56s
Scanning file system...
Scanning: prescan
Scanning: C:\.
C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\CoverDesigner\CoverDes.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\InCD\InCDL.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero\nero.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero\NeroCmd.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero\Uninstall\UNNero.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero BackItUp\BackItUp.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero BackItUp\NBR.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero SoundTrax\SoundTrax.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero Toolkit\CDSpeed.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero Toolkit\DMAManager.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero Toolkit\DriveSpeed.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero Wave Editor\DXEnum.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\Nero Wave Editor\WaveEdit.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Ahead\WMPBurn\WMPBurn.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\Analog Devices\SoundMAX\AEEnable.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Analog Devices\SoundMAX\DevSetup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4Wiz.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Analog Devices\SoundMAX\SMHelp.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\specialoffer.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DW20.EXE (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\CLDMA.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\cltest.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\dvdrgn.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\OLRSubmission\OLRSubmission.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\CLDMA.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\OLRSubmission\OLRStateCheck.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\OLRSubmission\OLRSubmission.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\Producer.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberScript32\CyberScript.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll (Infected with W32/Suspicious_Gen2.IYCS)
Deleted file
C:\Arquivos de programas\CyberScript32\sistema\gif2bmp.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\Setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\java.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\javacpl.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\javaw.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\javaws.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jbroker.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jp2launcher.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jqsnotify.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jureg.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\keytool.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\kinit.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\klist.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\ktab.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\orbd.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\pack200.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\policytool.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\rmid.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\rmiregistry.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\servertool.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\ssvagent.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\tnameserv.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Java\jre6\bin\unpack200.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\Buyer.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\fwautoup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\fwcsetup.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\fwinfo.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\fwname.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\lg_fwupdate\getadmin.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\getodd.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\lg_fwupdate\lgafs.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\LigasOnline\Truco\Truco LigasOnline.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\ltmoh\ltmoh.exe (Infected with W32/Sality.AN)
Failed to repair file
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Infected with W32/Sality.AN)
Repaired file
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Infected with W32/Sality.AN)
3°log-HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:27:41, on 30/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\edgar\Meus documentos\Diguinho\goold.exe
C:\hijackthis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 5297 bytes
Lembrando que mesmu com issu nao consigo acessar meu jogo e quando abro ele
nao consigo fechalo ao nao ser no gerenciador de tarefas.
E tambem nao consigo instalar o antivirus AVAST o pc apresenta os memos
sintomas.Aguardo resposta.
Abraço!
Nao querendo apressar ninguem mais passei os logs
e nao obitive resposta será que nao soube colocar
os logs necessario?Se for ese o motivo espero que
me informe ok.
Abraços!
>
Nao querendo apressar ninguem mais passei os logs
e nao obitive resposta será que nao soube colocar
os logs necessario?Se for ese o motivo espero que
me informe ok.
Abraços!
Olá amigo. Você postou o log ontem e o prazo de resposta dos analistas é de 5 dias, como você pode ver no tópico abaixo:
http://forum.imasters.com.br/index.php?/topic/176886-regra-n-03-tempo-de-espera-5-dias/
______________________________________
:seta: Seu sistema está com um file infector (que infecta os arquivos com extensão EXE, PIF e SCR do PC, como você pode ver '>http://www.pandasecurity.com/homeusers/security-info/203155/information/Sality.AN"]neste site). Para evitar que as infecções voltem, desative a restauração do sistema e mantenha ela desativada até que todos os problemas sejam resolvidos. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
______________________________________
:seta: Depois disto siga as dicas deste tutorial:
Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.
Ficamos no aguardo.
Só uma pergunta...
Sera que é necessario remover os seguintes
ant malwares:MalwareBytes,Norman Malware,ComboFix
e o Microsoft Securuty essentials para poder
usar esse DR.Web.Curelt?
Fikarei no guardado um abraço!
>
Só uma pergunta...
Sera que é necessario remover os seguintes
ant malwares:MalwareBytes,Norman Malware,ComboFix
e o Microsoft Securuty essentials para poder
usar esse DR.Web.Curelt?
Fikarei no guardado um abraço!
Não precisa. Pode deixar todos estes programas que você tem aí e executar tranquilamente o Dr WebCureIt seguindo as dicas do tutorial que te passei e postar os logs pedidos.
OLHA NAO SEI SE FIZ CERTO MAIS O LOG DO DR.WEB É ESSE..
CyberScript.exe;C:\Arquivos de programas\CyberScript32;Program.mIRC.617;Incurável.Movido.;
WmaInfo.dll;C:\Program Files\AMT;BackDoor.Click.679;Eliminado.;
FP_AX_CAB_INSTALLER.exe;C:\WINDOWS\Downloaded Program Files;Win32.Sector.5;Desinfectado.;E do hijackthis é..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:27, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'ramom')
O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [Google Update] "C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (User 'ramom')
O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'ramom')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 6201 bytes
:) Outros problemas foram removidos pelo Dr. Web CureIt.
________________________________
:seta: Siga, por gentileza, as dicas deste tutorial:
Tutorial do Kaspersky Virus Removal Tool
Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.
Ficamos no aguardo.
Bom minha maquina ja foi mais rapida e alem do mais
eu vim aqui procurar uma juda pois como citei um
determinado jogo nao estava abrindo e depois de efetuar esses
teste o mesmu nao abre gostaria de saber o que pode ser o jogo
chama Truco ligasonline! depois disso já desintalei e exclui ele
depois tornei a baixar e passei o verificado Malwarebytes e nao
foi cosntatado nenhuma infecçao! passarei o log pra mais soluçoes!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:47, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\hijackthis\HiJackThis.exe
C:\hijackthis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 5625 bytes
E outro do removal.tool virus
Autoscan: completed 2 minutes ago (events: 10, objects: 139078, time: 01:12:40)
2/2/2010 10:30:51 Task started
2/2/2010 10:48:50 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322
2/2/2010 10:48:51 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed
2/2/2010 11:30:27 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322
2/2/2010 11:30:27 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed
2/2/2010 11:34:41 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322
2/2/2010 11:34:41 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed
2/2/2010 11:40:54 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322
2/2/2010 11:43:32 Deleted: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe
2/2/2010 11:43:32 Task completed
Ficarei no guardado abraço!
:) Outros problemas foram detectados pelo Kaspersky. Você removeu todos estes problemas encontrados por ele?
se foi do jeito que falaste sim removi
segui tudo a regra!!!
será que vai ser necessario formatalo
pois ele esta meui devagar ou pode ser pelos outros
programas!
>
se foi do jeito que falaste sim removi
segui tudo a regra!!!
Disse isto porque no seu log está constando assim:
2/2/2010 11:34:41 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data03222/2/2010 11:34:41 Untreated(que quer dizer Não tratado): Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed
A questão é a seguinte: sempre que o Kaspersky vai detectando os problemas ele te dá as opções disponíveis, sempre que for possível deve-se clicar em Desinfection (quando for possível), e quando não for possível a Desinfection (desinfecção), deve-se clicar na opção Delete.
Você fez este procedimento?
Mas de qualquer forma, as infecções que o Kaspersky detectou estão neste local destacado em vermelho:
C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe
Então basta você observar aí no seu PC se este item existe, e caso exista ainda, delete ele.
______________________________________
:seta: Configure também seu antivirus Microsoft Security Essentials seguindo estas dicas abaixo:
Tutorial do Microsoft Security Essentials (instalação e configuração)
Tutorial do Microsoft Security Essentials (como usá-lo corretamente)
Depois disto atualize seu antivirus (faça um update) e faça uma verificação completa com ele, e à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.
Depois disto poste um novo log do Hijackthis e nos diga como está seu PC depois disto e se algum virus foi removido (ou desinfectado) pelo Microsoft Security Essentials.
Ficamos no aguardo.
Bom é o seginte meu pc encontra-se mais lento que antes nao sei
se é por causas dos programas que venhu instalando devido tuas
explicaçoes,e mais o ponto principal de me fazer vim procuar vcs
foi esse tal jogo que nao tava abrindo e ele continua do mesmu jeito
abri até que abre mais ai tem uma opçao de senha e login que nao
da pra acessar e quando clico em X pra fecha-lo nao fecha só consigo
fechar ele se for em gerenciador de tarefas!
E a respeito daquele programa que você destacou em vermelho eu ja exclui
e passei o Microsoft Security Essentials e nao detectou nada segue em baixo
o log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:59, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\hijackthis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
--
End of file - 5594 bytes
Fikarei no guardado!
Bom é o seginte meu pc encontra-se mais lento que antes nao sei se é por causas dos programas que venhu instalando devido tuas explicaçoes
:seta: Os programas que indicamos são muito bons e não deixam nada mais lento, pelo contrário, o que eles fizeram foi remover vários virus e malwares que estavam no seu PC.
_________________________________________
e mais o ponto principal de me fazer vim procuar vcsfoi esse tal jogo que nao tava abrindo e ele continua do mesmu jeito, abri até que abre mais ai tem uma opçao de senha e login que nao da pra acessar e quando clico em X pra fecha-lo nao fecha só consigo fechar ele se for em gerenciador de tarefas!
:seta: Isto é um problema no próprio jogo. Você baixou ele de um site confiável? Andei vendo os comentários de pessoas que baixaram este jogo no Baixaki e algumas delas fizeram algumas reclamações, como por exemplo:
Giovanni em 28/1/2010 às 04:49h nao consigo me cadastrar clico e naum acontece nada!oq faço?
>
ainda em fase de testo ricardo em 26/1/2010 às 22:17h não consigo me cadastra eu clico em cadastra mas não acontece nada
Talvez um problema semelhante ocorreu no seu caso também.
___________________________________
:seta: <@> Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" />
<@> Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\combofix" /uninstall
<@> Clique OK.
___________________________________
:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:
___________________________________
:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
'>http://dicasetutoriaisparapc.blogspot.com/2008/10/escolhendo-programas-que-iniciam-com-o.html"]Escolhendo Programas que Iniciam com o PC
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
________________________________
:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:
'>http://freedownloads2000.blogspot.com/2008/10/mv-regclean-55.html"]MV RegClean
'>http://superdownloads.uol.com.br/download/182/auslogics-disk-defrag/"]Auslogics Disk Defrag
'>http://freedownloads2000.blogspot.com/2008/10/spywareblaster-41.html"]SpywareBlaster
Siga também as dicas deste tutorial:
'>http://dicasetutoriaisparapc.blogspot.com/2008/08/dicas-para-deixar-seu-computador-mais.html"]Dicas para deixar seu computador mais rápido e eficiente
________________________________
:seta: Para evitar que os malwares voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
________________________________
:seta: Seu navegador Internet Explorer está desatualizado. Baixe e instale o '>http://freedownloads2000.blogspot.com/2008/10/internet-explorer-70573013-final-em.html"]Internet Explorer 8.
________________________________
:seta: Depois de seguir as dicas acima nos diga como está seu PC.
Venho lhe informar que nao cosigo acessar o combofix
pois quando uso este ou outro caminho pra acesalo fika
como se fosse uma barra de download mais nunka faz (barra em branco)
e nao consigo fexar ele a nao ser usando o gerenciador de tarefa!
Queria saber se devo fazer os outros passos sem ter que executar o combo!
Fiakarei no guardado!
observaçao:
e se eu baixar e mudar o nome dele
na hora de salvar sera que dá?
Venho lhe informar que nao cosigo acessar o combofixpois quando uso este ou outro caminho pra acesalo fika
como se fosse uma barra de download mais nunka faz (barra em branco)
e nao consigo fexar ele a nao ser usando o gerenciador de tarefa!
Queria saber se devo fazer os outros passos sem ter que executar o combo!
Deixe então esta parte do Combofix de lado e siga os outros procedimentos e nos diga como está o PC depois disto.
Fico na espera.
Bom minha maquina párece estar normal só
continua com problemas no tal jogo fikarei
de olho nela se apresentar mais problemas
entro em contato com vcs!
um abraço!
Olá Ragde seja bem vindo ao Fórum Imasters :joia:
Tem tudo para ser Virus Mesmo :!: ..
faça o seguinte:
Poste um log do HijackThis nesse seu tópico.
Aqui ensina como criar o log:
LINK:
http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/
Depois que criar o log você posta o mesmo aqui.