com alguns malwares para ser retirados ainda

[thunderlight 0]

Antes do meu Log alguns arquivos eu removi pelo killbox mais não melhorou

o virus volta dando tela azul e reiniciando o PC

alem disso o meu gerenciador de tarefas foi desativado

 

espero que possam me ajudar desde já agredeço.

 

C:\WINDOWS\system32\drivers\runtime2.sys

C:\WINDOWS\system32\drivers\ip6fw.sys

C:\WINDOWS\system32\vedxg6ame4.exe

C:\WINDOWS\system32\vedxga1me4t1.exe

C:\WINDOWS\system32\vedxga3me2.exe

C:\WINDOWS\system32\vedxga4m1et4.exe

C:\WINDOWS\system32\vedxga4me1.exe

C:\WINDOWS\system32\vedxga5me3.exe

C:\xx1232255.exe

C:\WINDOWS\system32\dllh8jkd1q7.exe

C:\WINDOWS\system32\dllh8jkd1q6.exe

C:\WINDOWS\system32\dllh8jkd1q2.exe

C:\WINDOWS\system32\dllh8jkd1q8.exe

C:\WINDOWS\system32\kernelwind32.exe

 

log no modo modo de segurança por que esta quase impossivel faazer em modo normal pois o pc está lento principalmente porcausa desse arquivo >>

C:\WINDOWS\system32\drivers\ip6fw.sys pois ele volta e o avast detecta

e ele ativas mais alguns malwares

 

Logfile of HijackThis v1.99.1

Scan saved at 05:11:28, on 24/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\remove_virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fortur.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [RssTrayIcon] C:\Arquivos de programas\Technical\RssReader\RssTrayIcon.exe

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernelwind32.exe

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe

O4 - HKLM\..\Run: [kmvstat] syslphjq.exe

O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O4 - HKLM\..\Run: [PrevxOne] "C:\Arquivos de programas\Prevx2\PXConsole.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [plmer32] C:\WINDOWS\system32\advdiwok.exe

O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe

O4 - HKLM\..\Run: [msqbrun] C:\WINDOWS\system32\cmdtlhua.exe

O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\system32\reghcsfa.exe

O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [kmvstat] syslphjq.exe

O4 - HKCU\..\Run: [plmer32] C:\WINDOWS\system32\advdiwok.exe

O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe

O4 - HKCU\..\Run: [msqbrun] C:\WINDOWS\system32\cmdtlhua.exe

O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\system32\reghcsfa.exe

O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe

O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache2\bin\ApacheMonitor.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://linktrader.cyberspacehq.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documentos\Settings\bot.dll

O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe

[jgarcia 1]

Opa thunderlight,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[thunderlight 0]

2007-07-24 14:30:59 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

 

ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: O sistema não pode encontrar o arquivo especificado.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"RssTrayIcon"="C:\Arquivos de programas\Technical\RssReader\RssTrayIcon.exe" [2005-04-04 21:55]

"PrevxOne"="C:\Arquivos de programas\Prevx2\PXConsole.exe" [2007-07-10 07:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:32]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-03 23:56]

"IBP"="" []

"msqbrun"="C:\WINDOWS\system32\cmdtlhua.exe" [2004-08-03 21:45]

"fwddls"="C:\WINDOWS\system32\reghcsfa.exe" [2004-08-03 21:45]

"lsitdm"="C:\WINDOWS\system32\mfsysnv.exe" [2004-08-03 21:45]

 

C:\Documents and Settings\Bruno Goyanna\Menu Iniciar\Programas\Inicializar\

WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe [2007-07-06 23:02:12]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Monitor Apache Servers.lnk - C:\Apache2\bin\ApacheMonitor.exe [2005-02-10 06:12:16]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg]

C:\Documents and Settings\All Users\Documentos\Settings\bot.dll 2007-07-24 03:38 12577 C:\Documents and Settings\All Users\Documentos\Settings\bot.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bruno Goyanna^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Bruno Goyanna\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]

C:\Program Files\BraveSentry\BraveSentry.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

"C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4100 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmvstat]

syslphjq.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mplaut]

C:\WINDOWS\system32\ldcdx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plmer32]

C:\WINDOWS\system32\advdiwok.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

"C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

"C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]

C:\WINDOWS\system32\vedxg6ame4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPatrol]

C:\ARQUIV~1\AddWeb8\SmartPatrol.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smtpsrv]

C:\Arquivos de programas\Local SMTP Relay Server\SMTPServer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Arquivos de programas\Steam\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

C:\WINDOWS\system32\kernelwind32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUAI]

C:\WINDOWS\system32\Sys\UUAI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]

C:\Windows\xpupdate.exe

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys

R2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe

R2 IISADMIN;Servi‡o de administra‡Æo do IIS;C:\WINDOWS\system32\inetsrv\inetinfo.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe

R2 W3SVC;Publica‡Æo na World Wide Web;C:\WINDOWS\system32\inetsrv\inetinfo.exe

R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys

R3 pfc;Padus ASPI Shell;C:\WINDOWS\system32\drivers\pfc.sys

R3 PptpMiniport;Miniporta de rede remota (PPTP);C:\WINDOWS\system32\DRIVERS\raspptp.sys

R3 RasPppoe;Driver PPPOE de acesso remoto;C:\WINDOWS\system32\DRIVERS\raspppoe.sys

R3 Raspti;Paralelo direto;C:\WINDOWS\system32\DRIVERS\raspti.sys

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys

R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys

S1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys

S3 aspnet_state;ASP.NET State Service;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS

S3 HWIONT;HWIONT;\??\C:\Arquivos de programas\DremTeamShare\DreMule\Incoming\mercado livre\DECODIFICAR\Decodificar Canal plus + audio y video - [by Homero] -\video\HWIONT.sys

S3 NTACCESS;NTACCESS;\??\D:\NTACCESS.sys

S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

 

 

 

Quarentena>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

 

2004-08-03 20:00	  29056	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir2004-08-03 20:14	  32832	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\asc3550u.sys.vir2007-03-10 15:01	  13980	--a------	C:\Qoobox\Quarantine\C\WINDOWS\15031062.exe.vir2007-03-11 14:29	  25276	--a------	C:\Qoobox\Quarantine\C\WINDOWS\468250.exe.vir2007-03-12 18:48	  145	--a------	C:\Qoobox\Quarantine\C\int_rem.bat.vir2007-07-17 09:27	  56320	--a------	C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir2007-07-23 23:29	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32_exception.nls.vir2007-07-23 23:29	  1	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vx.tll.vir2007-07-23 23:29	  25088	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\koos.exe.vir2007-07-23 23:29	  30208	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\poof.vir2007-07-23 23:29	  31917	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\spoolsvv.exe.vir2007-07-23 23:29	  4	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winsub.xml.vir2007-07-23 23:29	  6144	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\kprof.vir2007-07-23 23:29	  9339	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\dllh8jkd1q5.exe.vir2007-07-23 23:30	  972	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wpcjmd.log.vir2007-07-23 23:34	  1552	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\BRUNOG~1\MENUIN~1\PROGRA~1\Brave-Sentry\Uninstall.lnk.vir2007-07-23 23:34	  1566	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\BRUNOG~1\Desktop\BraveSentry.lnk.vir2007-07-23 23:34	  1566	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\BRUNOG~1\MENUIN~1\PROGRA~1\Brave-Sentry\BraveSentry.lnk.vir2007-07-24 00:03	  49664	--a------	C:\Qoobox\Quarantine\C\Arquivos de programas\InetGet2\popinstall.exe.vir2007-07-24 03:09	  13824	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\max1d1164v.exe.vir2007-07-24 03:14	  2866	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\BRUNOG~1\DADOSD~1\Microsoft\Internet Explorer\Desktop.htt.vir2007-07-24 03:38	  171	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir2007-07-24 03:38	  39424	--a------	C:\Qoobox\Quarantine\C\WINDOWS\retadpu27.exe.vir2007-07-24 03:38	  7168	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\System32.exe.vir2007-07-24 04:19	  63	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\svcp.csv.vir2007-07-24 04:20	  97691	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\gmc.exe.exe.vir2007-07-24 07:58	  11969	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\kernelwind32.exe.vir2007-07-24 07:59	  20994	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxga8me6.exe.vir2007-07-24 07:59	  23040	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxg3am1et3.exe.vir2007-07-24 07:59	  8385	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vedxg4am1et2.exe.vir2007-07-24 09:02	  1034	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf2007-07-24 09:02	  1044	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_ASC3550U.reg.cf2007-07-24 09:02	  1100	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME2.reg.cf2007-07-24 09:02	  2040	--a------	C:\Qoobox\Quarantine\Registry_backups\services_new_drv.reg.cf2007-07-24 09:02	  750	--a------	C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf2007-07-24 09:02	  782	--a------	C:\Qoobox\Quarantine\Registry_backups\services_asc3550u.reg.cfListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ FC73-1431C:\QOOBOX\---Quarantine	+---C	|   |   int_rem.bat.vir	|   |   	|   +---Arquivos de programas	|   |   \---InetGet2	|   |		   popinstall.exe.vir	|   |		   	|   +---DOCUME~1	|   |   \---BRUNOG~1	|   |	   +---DADOSD~1	|   |	   |   \---Microsoft	|   |	   |	   \---Internet Explorer	|   |	   |			   Desktop.htt.vir	|   |	   |			   	|   |	   +---Desktop	|   |	   |	   BraveSentry.lnk.vir	|   |	   |	   	|   |	   \---MENUIN~1	|   |		   \---PROGRA~1	|   |			   \---Brave-Sentry	|   |					   BraveSentry.lnk.vir	|   |					   Uninstall.lnk.vir	|   |					   	|   \---WINDOWS	|	   |   15031062.exe.vir	|	   |   468250.exe.vir	|	   |   b122.exe.vir	|	   |   retadpu27.exe.vir	|	   |   wpcjmd.log.vir	|	   |   wr.txt.vir	|	   |   	|	   \---system32	|		   |   0_exception.nls.vir	|		   |   dllh8jkd1q5.exe.vir	|		   |   gmc.exe.exe.vir	|		   |   kernelwind32.exe.vir	|		   |   koos.exe.vir	|		   |   kprof.vir	|		   |   max1d1164v.exe.vir	|		   |   poof.vir	|		   |   spoolsvv.exe.vir	|		   |   svcp.csv.vir	|		   |   System32.exe.vir	|		   |   vedxg3am1et3.exe.vir	|		   |   vedxg4am1et2.exe.vir	|		   |   vedxga8me6.exe.vir	|		   |   vx.tll.vir	|		   |   winsub.xml.vir	|		   |   	|		   \---drivers	|				   asc3550u.sys.vir	|				   ip6fw.sys.vir	|				   	\---Registry_backups			LEGACY_ASC3550U.reg.cf			LEGACY_RUNTIME.reg.cf			LEGACY_RUNTIME2.reg.cf			services_asc3550u.reg.cf			services_new_drv.reg.cf			services_runtime.reg.cf

[jgarcia 1]

Opa thunderlight,

 

Poste um novo log do HijackThis.

 

Abraços.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.