Ir para conteúdo

Tópicos Resolvidos (Seguranca & Malwares)

POWERED BY:

Entrar
Entrar

Lembrar dados Não recomendado para computadores públicos

Entrar anonimamente

Esqueceu sua senha?
Cadastre-se

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

GCW

[Resolvido!]Vundo?

Por GCW, Outubro 1, 2007 em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

GCW 0

GCW

Denunciar post

Postado Outubro 1, 2007

Oi. Eu tenho instalado o Avira AntiVir e hoje ele detectou 27 infecções. Segue abaixo o relatório de scan:

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Giovanna\Dados de aplicativos\tmp3B.tmp.exe

[DETECTION] Contains detection pattern of the HEUR-DBLEXT/Crypted virus

[iNFO] The file was moved to '47713ce3.qua'!

C:\Documents and Settings\Giovanna\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\25\9180419-1d368d16

[0] Archive type: ZIP

--> BnnnnBaa.class

[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen

--> VaannnaaBaa.class

[DETECTION] Is the Trojan horse TR/ClassLoader

[iNFO] The file was moved to '47393ce6.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016801.exe

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '473148c1.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016860.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731490a.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016861.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731490d.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016862.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731490f.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016863.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314911.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016864.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314914.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016865.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314916.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016866.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314919.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016867.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731491b.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016868.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731491d.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016869.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731491f.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016870.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314921.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016871.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314922.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016872.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314924.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016873.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314926.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016874.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47314928.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016875.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731492a.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016876.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731492c.qua'!

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016877.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4731492d.qua'!

C:\VundoFix Backups\tmp3A.tmp.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '47714974.qua'!

C:\VundoFix Backups\tmp45.tmp.dll.bad

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '4771497b.qua'!

C:\!KillBox\vturrpp.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '47764984.qua'!

C:\!KillBox\noisd32.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '476a4981.qua'!

C:\WinLogon\NOISD32.DLL

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '474a4968.qua'!

C:\Muestras\VTURRPP.DLL.Muestra EliStartPage v14.47

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '47564979.qua'!

C:\Muestras\NOISD32.DLL.Muestra EliStartPage v14.47

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '474a497a.qua'!

Já tive meu PC infectado por essa coisa chata do Vundo. Não sinto a diferença no meu PC como sentia da primeira vez. A única coisa, que verifiquei hoje depois do scan, é que não consigo restaurar o sistema.

Já desabilitei a Restauração do Sistema e rodei o HijackThis.

Segue o Logfile do HijackThis para sua análise:

Logfile of HijackThis v1.99.1

Scan saved at 18:25:22, on 1/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Giovanna

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Outubro 4, 2007

Bom Dia GCW!

>@< Apague as pastas,em destaque:

C:\VundoFix Backups

C:\!KillBox << A pasta!

C:\Muestras

>@< Limpe a quarentena do AntiVir!

>@< Voçê possui 2 Antivírus,e isso não é traduzido por um ganho,na proteção.

>@< Faça a opção por um deles! ( Sugiro que fique com o AntiVir.... )

_____________________

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão eliminados ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

GCW 0

GCW

Denunciar post

Postado Outubro 4, 2007

Boa tarde, DigRam!

Desinstalei o Avast e segui os procedimentos recomendados.

Seguem abaixo os relatórios do a-squared Free 3.0 e um atualizado do HijackThis:

a-squared Free - Versão 3.0

Last update: 4/10/2007 14:38:28

Configurações da análise:

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

Início da análise: 4/10/2007 14:43:09

Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster

Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_LOCAL_MACHINE\software\realvnc detectado: Trace.Registry.VNC

Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 detectado: Trace.Registry.VNCServer

C:\Documents and Settings\Giovanna\Configurações locais\Temp\nsg2C.tmp detectado: Riskware.RiskTool.Win32.Processor.20

C:\Documents and Settings\Giovanna\Meus documentos\essenciais\LogMeIn.exe detectado: Riskware.RemoteAdmin.Win32.RemotelyAnywhere.a

C:\Documents and Settings\Giovanna\Meus documentos\essenciais\vnc-4_1_2-x86_win32.exe detectado: Riskware.RemoteAdmin.Win32.WinVNC.4

C:\Documents and Settings\Giovanna\Meus documentos\clean.zip/pskill.exe detectado: Riskware.RiskTool.Win32.PsKill.k

Analisado

Arquivos: 116919

Objetos: 143234

Cookies: 1

Processos: 10

Encontrado

Arquivos: 4

Objetos: 14

Cookies: 0

Processos: 0

Chaves do registro: 0

Fim da análise: 4/10/2007 15:46:44

Duração da análise: 01:03:35

Logfile of HijackThis v1.99.1

Scan saved at 15:51:46, on 4/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\RDPSSW32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Obrigada pelo tempo e pela atenção.

Giovanna

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Outubro 4, 2007

Boa Noite GCW!

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

>@< Foi voçê quem estabeleceu,esta página inicial? < http://www.pgdp.net/c/ >

>@< Se for o caso,não dê Fix.

________________________

>@< Vá,agora,à quarentena do a-squared.

>@< Selecione todo o conteúdo e,clique em Eliminar.

________________________

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

GCW 0

GCW

Denunciar post

Postado Outubro 5, 2007

Bom dia, DigRam!

Dei o Fix do HijackThis nas entradas citadas, com exceção da página inicial, realmente definida por mim. Já limpei, também, a quarentena do a-squared.

Seguem abaixo os relatórios do ComboFix e do HJT já atualizado:

ComboFix 07-10-05.3 - Giovanna 2007-10-05 11:26:39.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.236 [GMT -3:00]

Executando de: C:\Documents and Settings\Giovanna\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\dn172a1b0e.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

-------\nm

((((((((((((((((((((((( Ficheiros criados de 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))))

.

2007-10-05 11:25 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-04 14:35 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-10-01 18:23 <DIR> d-------- C:\hijackthis

2007-10-01 17:18 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2007-10-01 16:40 97,302 --a------ C:\ELITRIIP.11102007.EXE

2007-10-01 16:31 <DIR> d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Prevx

2007-09-30 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2007-09-30 11:49 <DIR> d-------- C:\Arquivos de programas\Avira

2007-09-29 18:13 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-09-09 18:54 323,584 --a------ C:\WINDOWS\system32\swt-win32-3232.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-01 16:28 77312 --a------ C:\WINDOWS\ua2.dll

2007-09-03 13:25 --------- d-------- C:\Arquivos de programas\Magentic

2007-08-25 11:27 --------- d-------- C:\Arquivos de programas\Data Manager

2007-08-23 12:15 --------- d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Skype

2007-08-23 12:13 --------- d-------- C:\Arquivos de programas\Skype

2007-08-23 12:13 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2007-08-18 13:48 --------- d-------- C:\Arquivos de programas\SIU

2007-08-18 12:30 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2007-08-16 00:22 --------- d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Hamachi

2007-08-16 00:21 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-08-15 12:46 --------- d-------- C:\Arquivos de programas\MSXML 6.0

2007-08-12 14:33 --------- d-------- C:\Arquivos de programas\CashPreview

2007-08-09 15:32 --------- d-------- C:\Arquivos de programas\ConvenosInstalling

2007-08-08 12:33 --------- d-------- C:\Arquivos de programas\CaraQ

2007-08-04 23:18 --------- d-------- C:\Arquivos de programas\Maxthon Access

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-21 17:12 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-06-07 09:27]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-03-06 17:41]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinAssistant]

"C:\Arquivos de programas\BeTwin\BeTwinAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinCfgwiz]

"C:\Arquivos de programas\BeTwin\BeTwin.exe" /cfgwiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinMessages]

"C:\Arquivos de programas\BeTwin\BeTwinMessages.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniTray]

C:\ARQUIV~1\Trlokom\ENTERP~1\APPLIC~1\omnitray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraVOIP]

C:\Arquivos de programas\TerraVOIP\TerraVOIP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys

R2 RDPSSW32;RDPSSW32;C:\WINDOWS\System32\RDPSSW32.EXE

S3 ca82900f-2e45-44cb-b770-14dbbe5f1e1f;ca82900f-2e45-44cb-b770-14dbbe5f1e1f;\??\D:\Player\cds300.dll

S3 NativeTS;Microsoft Terminal Services;C:\WINDOWS\System32\svchost.exe -k netsvcs

S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa6aa9ba-34e7-11dc-b495-005056c00008}]

AutoRun\command- E:\autorun.exe

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-05 11:31:31

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2007-10-05 11:33:30 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-05 11:33

.

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 11:34:16, on 5/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\RDPSSW32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Abraços e obrigada

Giovanna

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Outubro 5, 2007

Boa Noite GCW!

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

____________________

Já tive meu PC infectado por essa coisa chata do Vundo. Não sinto a diferença no meu PC como sentia da primeira vez. A única coisa, que verifiquei hoje depois do scan, é que não consigo restaurar o sistema.

>@< Vá em Iniciar >> Executar.

>@< Digite: rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf

>@< Dê o Ok.

>@< Aguarde! Quando houver uma solicitação,do sistema,dê o seguinte caminho: %Windir%\ServicePackFiles

>@< Aceite,também,a solicitação para Reiniciar o computador.

>@< Tente,agora,utilizar a Restauração do Sistema!

____________________

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Na página,clique no botão Scan you PC.

>@< Clique em Next.

>@< Digite o seu E-Mail.

>@< Clique em Send.

>@< Finalize clicando em All PC. ( All My Computer )

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

>@< Ps: Cabe lhe esclarecer,que o Log do HijackThis está limpo e,não há traços do Vundo.

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

GCW 0

GCW

Denunciar post

Postado Outubro 7, 2007

Bom dia, DigRam!

A Restauração do Sistema já está funcionando normalmente.

Porém, o Panda não consegue finalizar o scan.

Quando acaba a transferência, ele mostra a seguinte mensagem:

Erro durante o processo de instalação

Deu-se um erro aquando do download do Panda ActiveScan. Repita o processo, de novo. Se se produzir um novo erro, reinicie o seu PC e tente de novo

As causas possíveis deste erro são:

O controle ActiveX da aplicação não está a ser descarregado.

Problemas com a ligação à Internet.

Pode dever-se a um erro, no momento do download ou a um erro na instalação devido à falta de espaço no seu disco duro, privilegios,...

Já tentei reiniciar, mas a mensagem não muda.

De qualquer forma, envio o último log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 11:31:34, on 7/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\RDPSSW32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\INCRED~1\bin\IMApp.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Outubro 7, 2007

Boa Tarde GCW!

>@< Apague a pasta: C:\QooBox\Quarantine << Pertence ao ComboFix.

_________________

>@< Desabilite a proteção residente,do Avira,e tente o scan pelo Panda.

>@< Caso não funcione,faça o escaneamento em Kaspersky e poste o relatório.

_________________

>@< Se,também,não tiver sucesso,faça um scan com o seu AntiVírus e poste o relatório.

>@< Não há necessidade de postar um nôvo Log,do HijackThis,pois o mesmo está limpo!

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

GCW 0

GCW

Denunciar post

Postado Outubro 8, 2007

Boa tarde, DigRam!

Apaguei a pasta do ComboFix.

Realmente, o Panda não consegue finalizar o scan, mesmo depois de eu desabilitar o Avira.

Porém, obtive sucesso com o Kaspersky. Segue abaixo o relatório:

KASPERSKY ONLINE SCANNER REPORT

Monday, October 08, 2007 1:42:37 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.1

Kaspersky Anti-Virus database last update: 8/10/2007

Kaspersky Anti-Virus database records: 429153

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

Scan Statistics

Total number of scanned objects 38975

Number of viruses found 0

Number of infected objects 0

Number of suspicious objects 0

Duration of the scan process 02:45:13

Infected Object Name Virus Name Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_31c.dat Object is locked skipped

C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{4E850136-C3F0-4C25-9AF9-EB3458A7E806}.bin Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\VMware\vmnetdhcp.leases Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Giovanna\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Histórico\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\giovannacw@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\giovannacw@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF512B.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF514E.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF6215.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF3FE1.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF404A.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Configurações locais\Temp\AcrD596.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\Elkan Lubliner, 3 of 3.doc Object is locked skipped

C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\original messages.doc Object is locked skipped

C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\~WRL0004.tmp Object is locked skipped

C:\Documents and Settings\Giovanna\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Microsoft\Modelos\Normal.dot Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\history.dat Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\cert8.db Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\key3.db Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\parent.lock Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Giovanna\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP2\change.log Object is locked skipped

Scan process completed.

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Outubro 9, 2007

Bom Dia GCW!

>@< O relatório do Kaspersky,está apontando para um computador limpo!

>@< Crie um Ponto de Restauração...,LIMPO! < Docs >

____________________

>@< Procure navegar com segurança: < Dicas de Segurança >

@@@@@@@@@@@@@@@@@@@@

>@< Bom trabalho!

>@< Log Limpo!

Abraços! :thumbsup:

Compartilhar este post

Link para o post

Compartilhar em outros sites

GCW 0

GCW

Denunciar post

Postado Outubro 9, 2007

Que bom, DigRam! :clap:Muito obrigada mesmo pelo tempo e pela ajuda dispensados!Abraços e tudo de bom,Giovanna

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Denunciar post

Postado Novembro 9, 2007

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)

- JavaScript - Exibir logo dentro da Tabela html
  
  Por violin101, 6 horas em Javascript
- PHP+Codeigniter - Implementar o Input CÓDIGO ou ID do Produto
  
  Por violin101, Wednesday às 15:11 em PHP
- recuperando parametros simplexml_load_file
  
  Por daemon, Novembro 30 em PHP

×

Fóruns
Tempo Real

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Aceito