[Arquivado]Meu Pc Ta Travando.

[AlissonCosta 0]

Meu Pc está Travando..

Uso o antivirus Avast, ele detecta o virus quando está inicializando

o windows. Mais mesmo assim, ele n deleta... td vez qe reinicio ele detecta!!

 

ja tentei várias soluções e a ultima esperança é postar esse tópico aqui, peço ajuda a vocês para a resolução desse problema!

 

aqui está o Log Dele!!

---------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:54:22, on 28/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

D:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd3.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\vssms32.exe

C:\WINDOWS\system32\ctfmon.exe

D:\arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Orbit.lnk = D:\arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E311599F-4AAB-4078-B9BD-28BD66D42738}: NameServer = 200.223.189.70 200.223.189.67

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 7433 bytes

[Sam Spade 2]

Olá AlissonCosta! Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

 

Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro.

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
   
2. Tecle Y para que a ferramenta inicie o processo de remoção
   
3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
   
4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
   
5. Uma janela com o relatório do SDFix irá aparecer.
   
6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt
   
7. Poste também um novo log do HijackThis.
   

[AlissonCosta 0]

Caro Amigo Sam Spade,

 

Não Conseguir rodar o SDFix.Exe, Pois minha máquina aparentemente esteje com um pequeno problema ou até mesmo um grande problema.

 

e com isso, hoje resolvi mandar um novo conteúdo sobre a máquina!

- Aqui a baixo segue o Log do "Hijackthis" com o log do "ComboFix" mais uma foto de uma dúvida minha, espero que você tenha paciência em resolver ete problema.

 

1- (LOG DO HIJACKTHIS)

 

*Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:11:39, on 29/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

D:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd3.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\vssms32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

D:\arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

D:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Orbit.lnk = D:\arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E311599F-4AAB-4078-B9BD-28BD66D42738}: NameServer = 200.223.189.70 200.223.189.67

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 7091 bytes

 

 

 

 

 

2- (LOG DO COMBOFIX)

 

*ComboFix 07-10-28.2 - Dndré 2007-10-29 22:13:28.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.59 [GMT -3:00]

Executando de: D:\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))

.

 

2007-10-29 14:55 23,552 --a------ C:\WINDOWS\system32\ntcvx32.dll

2007-10-29 14:55 8,704 --a------ C:\WINDOWS\system32\ntswrl32.dll

2007-10-28 19:22 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-28 16:37 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-10-28 15:37 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-10-28 15:37 812,344 --a------ C:\HJTInstall.exe

2007-10-26 21:40 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-10-26 21:14 1,561,088 ---hs---- C:\WINDOWS\system32\vssms32.exe

2007-10-26 21:14 1,561,088 --a------ C:\Documents and Settings\Dndré\config.dll.exe

2007-10-26 21:14 1,561,088 --a------ C:\Documents and Settings\Dndré\config.dll.exe

2007-10-26 21:14 1,248,768 --a------ C:\Documents and Settings\Dndré\join.dll

2007-10-26 21:14 1,248,768 --a------ C:\Documents and Settings\Dndré\join.dll

2007-10-14 20:14 <DIR> d-------- C:\Steam

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\Steam

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\SecondLife

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\OnGame

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-10-12 19:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-10-12 19:27 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-12 19:27 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-12 19:27 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-12 19:27 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-12 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-12 19:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-12 19:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Incomplete

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Incomplete

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Dados de aplicativos\LimeWire

2007-09-29 12:59 <DIR> d-------- C:\Documents and Settings\Dndré\Dados de aplicativos\Uniblue

2007-09-27 19:41 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe

2007-09-27 19:41 278,528 --a------ C:\WINDOWS\system32\ammpp.dll

2007-09-27 19:41 193,536 --a------ C:\WINDOWS\system32\atomid.exe

2007-09-27 19:41 65,536 --a------ C:\WINDOWS\system32\a1.dll

2007-09-22 15:55 936 --a------ C:\logMX500.dat

2007-09-22 15:46 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2007-09-22 15:46 41,664 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2007-09-22 15:46 39,136 --a------ C:\WINDOWS\system32\drivers\lgUsbDiag.sys

2007-09-22 15:46 20,092 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2007-09-22 15:17 135,168 --a------ C:\WINDOWS\system32\wab.dll

2007-09-22 15:17 89,360 --a------ C:\WINDOWS\system32\vb5db.dll

2007-09-22 15:17 77,824 --a------ C:\WINDOWS\system32\msbind.dll

2007-09-21 00:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-09-13 16:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2007-09-13 16:37 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2007-09-10 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WildTangent

2007-09-08 23:38 249,856 --------- C:\WINDOWS\Setup1.exe

2007-09-08 23:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-09-08 18:48 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-09-08 18:48 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-09-08 18:48 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-09-08 18:48 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-09-08 18:48 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-09-08 18:47 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-09-08 18:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-09-07 14:54 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2007-09-07 14:54 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2007-09-07 14:54 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2007-09-07 14:54 81,920 --a------ C:\WINDOWS\system32\Install6x.dll

2007-09-07 14:54 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2007-09-07 12:15 <DIR> d-------- C:\WINDOWS\InCD

2007-09-07 12:15 1,974,272 --------- C:\WINDOWS\NuNinst.exe

2007-09-07 12:15 91,136 --a------ C:\WINDOWS\system32\drivers\InCDfs.sys

2007-09-07 12:15 28,544 --a------ C:\WINDOWS\system32\drivers\InCDpass.sys

2007-09-07 12:15 5,760 --a------ C:\WINDOWS\system32\drivers\InCDrec.sys

2007-09-07 12:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-09-07 12:11 569,344 --------- C:\WINDOWS\system32\imagr5.dll

2007-09-07 12:11 544,768 --------- C:\WINDOWS\system32\imagx5.dll

2007-09-07 12:11 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll

2007-09-07 12:11 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-09-07 12:11 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-09-07 12:11 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-09-05 21:22 149,504 --a------ C:\WINDOWS\UNWISE.EXE

2007-09-03 19:18 4,096 --a------ C:\WINDOWS\d3dx.dat

2007-09-02 12:55 <DIR> d-------- C:\WINDOWS\A6W_DATA

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 01:09 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\Orbit

2007-10-24 18:37 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\Tibia

2007-09-29 19:34 --------- d-----w C:\Arquivos de programas\Windows Live

2007-09-29 19:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-09-29 19:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2007-09-22 18:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-09-21 09:52 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\AdobeUM

2007-09-21 02:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-09-08 01:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3

2007-09-07 17:54 --------- d-----w C:\Arquivos de programas\RALINK

2007-08-31 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-08-31 02:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2007-08-28 16:57 --------- d-----w C:\Arquivos de programas\Java

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll

.

 

((((((((((((((((((((((((((((( snapshot@2007-10-28_19.27.53.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-30 01:08:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_544.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2004-01-15 09:33 C:\WINDOWS\system32\VTTimer.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"InCD"="D:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-06-04 08:33]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]

"avast!"="D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"vssms32"="C:\WINDOWS\system32\vssms32.exe" [2007-08-14 17:10]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Orbit.lnk - D:\arquivos de programas\Orbitdownloader\orbitdm.exe [2007-08-20 23:50:46]

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2007-08-06 18:03:33]

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 Sex1;Sex1;\??\D:\Downloads\SexEngine By Ch4c4L~\SexEngine By Ch4c4L~\---.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108d2d66-5d6b-11dc-ac09-000fea9d4402}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46988617-4f37-11dc-abc6-000e2e42ef84}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2b758e-4fff-11dc-abc9-000e2e42ef84}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-09-29 16:26:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- D:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

 

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-29 22:15:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-29 22:15:59

C:\ComboFix2.txt ... 2007-10-28 19:28

.

--- E O F ---

 

 

3- (ENCONTRA-SE AQUI AS IMAGENS SOBRE MINHA DÚVIDAS)[/color)

 

*

 

[AI SE ENCONTRA A DETECTAÇÃO VO VIRUS, FEITO PELO AVAST]

 

*

 

[AQUI SE ENCONTRA MINHA DÚVIDA SOBRE O SDFIX.EXE, COMO QUE DEVO PROSSEGUIR COM ESSE PROGRAMA]

 

 

Aguardo Respostas!

 

Abraços...

[Sam Spade 2]

Ok, o PC está mesmo com sérios problemas. O SDFix não pode ser rodado por este motivo:

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

Vamos usar uma ferramenta que repara esta chave e então poderá rodar o SDFix. Há além da infecção de que se queixa, uma com o vírus do pendrive. O que também obrigará ao uso de uma ferramenta especializada. Baixe:

 

PenClean

ELIBAGLA

 

No final da página clique no botão Descargar Elibagla. Salve-a no desktop.

 

Salve ou imprima estas instruções:

 

1 - Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\system32\ldapi32.exe

C:\WINDOWS\system32\ntcvx32.dll

C:\WINDOWS\system32\ntswrl32.dll

C:\WINDOWS\system32\vssms32.exe

C:\Documents and Settings\Dndré\config.dll.exe

C:\Documents and Settings\Dndré\join.dll

 

2 - Rode o ELIBAGLA e aguarde, pois o scan é um pouco demorado.

 

Ao final será gerado um log que encontrará em C:\infoSat.txt

 

3 - Se você tem um pendrive que costuma usar no seu PC, coloque-o. Rode o PenClean.

 

4 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix > C:\combofix.txt

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

5 - Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro.

 

Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

 

Tecle Y para que a ferramenta inicie o processo de remoção

 

Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente

 

Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.

 

Uma janela com o relatório do SDFix irá aparecer. Este relatório estará salvo na pasta SDFix com o nome Report.txt.

 

6 - Gere um novo log com o HijackThis.

 

Poste:

 

infoSat.txt

ComboFix.txt

log do HijackThis

Report.txt do SDFix

 

OBS: é importante que poste todos os logs pedidos sem esquecer nenhum.

[AlissonCosta 0]

Primeiramente, gostaria de agradecer pelo seu ótimo trabalho...

espero que continue assim!

 

segue a baixo os logs pedidos:

 

1-infoSat.txt

2-ComboFix.txt

3-log do HijackThis

4-Report.txt do SDFix

 

------------------------------------------------

 

infoSat.txt

 

Wed Oct 31 13:03:25 2007

EliBagle v10.65 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Wed Oct 31 13:03:31 2007

EliBagle v10.65 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 2157

Nº Total de Ficheros: 31251

Nº de Ficheros Analizados: 6345

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

ComboFix.txt

 

ComboFix 07-10-28.2 - Dndré 2007-10-31 13:09:59.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.45 [GMT -3:00]

Executando de: C:\Documents and Settings\Dndré\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Dndré\Desktop\CFScript.txt

 

FILE::

C:\Documents and Settings\Dndré\config.dll.exe

C:\Documents and Settings\Dndré\join.dll

C:\WINDOWS\system32\ldapi32.exe

C:\WINDOWS\system32\ntcvx32.dll

C:\WINDOWS\system32\ntswrl32.dll

C:\WINDOWS\system32\vssms32.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Dndré\config.dll.exe

C:\Documents and Settings\Dndré\join.dll

C:\WINDOWS\system32\ntcvx32.dll

C:\WINDOWS\system32\ntswrl32.dll

C:\WINDOWS\system32\vssms32.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))

.

 

2007-10-31 13:22 <DIR> d-------- C:\WINDOWS\ERUNT

2007-10-28 19:22 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-28 16:37 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-10-28 15:37 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-10-28 15:37 812,344 --a------ C:\HJTInstall.exe

2007-10-26 21:40 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-10-14 20:14 <DIR> d-------- C:\Steam

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\Steam

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\SecondLife

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\OnGame

2007-10-14 20:14 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-10-12 19:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-10-12 19:27 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-12 19:27 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-12 19:27 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-12 19:27 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-12 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-12 19:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-12 19:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Incomplete

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Incomplete

2007-10-12 00:12 <DIR> d-------- C:\Documents and Settings\Dndré\Dados de aplicativos\LimeWire

2007-09-29 12:59 <DIR> d-------- C:\Documents and Settings\Dndré\Dados de aplicativos\Uniblue

2007-09-27 19:41 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe

2007-09-27 19:41 278,528 --a------ C:\WINDOWS\system32\ammpp.dll

2007-09-27 19:41 193,536 --a------ C:\WINDOWS\system32\atomid.exe

2007-09-27 19:41 65,536 --a------ C:\WINDOWS\system32\a1.dll

2007-09-22 15:55 936 --a------ C:\logMX500.dat

2007-09-22 15:46 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2007-09-22 15:46 41,664 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2007-09-22 15:46 39,136 --a------ C:\WINDOWS\system32\drivers\lgUsbDiag.sys

2007-09-22 15:46 20,092 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2007-09-22 15:17 135,168 --a------ C:\WINDOWS\system32\wab.dll

2007-09-22 15:17 89,360 --a------ C:\WINDOWS\system32\vb5db.dll

2007-09-22 15:17 77,824 --a------ C:\WINDOWS\system32\msbind.dll

2007-09-21 00:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-09-13 16:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2007-09-13 16:37 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2007-09-10 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WildTangent

2007-09-08 23:38 249,856 --------- C:\WINDOWS\Setup1.exe

2007-09-08 23:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-09-08 18:48 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-09-08 18:48 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-09-08 18:48 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-09-08 18:48 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-09-08 18:48 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-09-08 18:47 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-09-08 18:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-09-07 14:54 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2007-09-07 14:54 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2007-09-07 14:54 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2007-09-07 14:54 81,920 --a------ C:\WINDOWS\system32\Install6x.dll

2007-09-07 14:54 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2007-09-07 14:54 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2007-09-07 12:15 <DIR> d-------- C:\WINDOWS\InCD

2007-09-07 12:15 1,974,272 --------- C:\WINDOWS\NuNinst.exe

2007-09-07 12:15 91,136 --a------ C:\WINDOWS\system32\drivers\InCDfs.sys

2007-09-07 12:15 28,544 --a------ C:\WINDOWS\system32\drivers\InCDpass.sys

2007-09-07 12:15 5,760 --a------ C:\WINDOWS\system32\drivers\InCDrec.sys

2007-09-07 12:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-09-07 12:11 569,344 --------- C:\WINDOWS\system32\imagr5.dll

2007-09-07 12:11 544,768 --------- C:\WINDOWS\system32\imagx5.dll

2007-09-07 12:11 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll

2007-09-07 12:11 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-09-07 12:11 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-09-07 12:11 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-09-05 21:22 149,504 --a------ C:\WINDOWS\UNWISE.EXE

2007-09-03 19:18 4,096 --a------ C:\WINDOWS\d3dx.dat

2007-09-02 12:55 <DIR> d-------- C:\WINDOWS\A6W_DATA

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-31 16:11 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\Orbit

2007-10-30 21:37 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\Tibia

2007-09-29 19:34 --------- d-----w C:\Arquivos de programas\Windows Live

2007-09-29 19:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-09-29 19:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2007-09-22 18:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-09-21 09:52 --------- d-----w C:\Documents and Settings\Dndré\Dados de aplicativos\AdobeUM

2007-09-21 02:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-09-08 01:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3

2007-09-07 17:54 --------- d-----w C:\Arquivos de programas\RALINK

2007-08-31 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-08-31 02:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2007-08-28 16:57 --------- d-----w C:\Arquivos de programas\Java

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2004-01-15 09:33 C:\WINDOWS\system32\VTTimer.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"InCD"="D:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-06-04 08:33]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]

"avast!"="D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - D:\arquivos de programas\Orbitdownloader\orbitdm.exe [2007-08-20 23:50:46]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 Sex1;Sex1;\??\D:\Downloads\SexEngine By Ch4c4L~\SexEngine By Ch4c4L~\---.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108d2d66-5d6b-11dc-ac09-000fea9d4402}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46988617-4f37-11dc-abc6-000e2e42ef84}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2b758e-4fff-11dc-abc9-000e2e42ef84}]

Auto\command - fun.xls.exe

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-09-29 16:26:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- D:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

 

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-31 13:28:19

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-31 13:30:01 - machine was rebooted

.

--- E O F ---

 

log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:36:31, on 31/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

D:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd3.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E311599F-4AAB-4078-B9BD-28BD66D42738}: NameServer = 200.223.189.70 200.223.189.67

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 6347 bytes

 

 

Report.txt do SDFix

 

 

SDFix: Version 1.112

 

Run by Dndré on 2007-10-31 at 13:22

 

Microsoft Windows XP [versão 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\hkr32.asm - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Tue 11 Sep 2007 33,792 ..SH. --- "C:\Steam\Steam.exe"

Sat 15 Sep 2007 348,160 ..SH. --- "C:\Arquivos de programas\SecondLife\SecondLife.exe"

Tue 11 Sep 2007 33,792 ..SH. --- "C:\Arquivos de programas\Steam\Steam.exe"

Sat 15 Sep 2007 348,160 ..SH. --- "C:\Arquivos de programas\KAIZEN Games\SecondLifeBrasil\SecondLife.exe"

Tue 11 Sep 2007 178,176 ..SH. --- "C:\Arquivos de programas\OnGame\GunboundWC\gwcl.exe"

Mon 6 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ea39eb67545fd2ec9095bec39ab77c7\BIT11.tmp"

Mon 20 Aug 2007 6,948,754 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7f8bd0bb5d6bc3b9738fd62ddc5b9ece\BIT54.tmp"

Mon 6 Aug 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3a0ae13426d9897a0df545a4e9494a4b\download\BIT225.tmp"

 

Finished!

 

 

Ok! Logs Postados com sucesso...

[Sam Spade 2]

Ok, baixe: Flash_Disinfector > salve-o no desktop.

 

Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix > C:\combofix.txt

 

Dê um duplo clique no Flash_Disinfector.exe. Vá seguindo os prompts que poderão aparecer.

Espere até que o programa conclua a busca e depois saia do programa.

 

Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.

 

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

 

Poste o ComboFix.txt.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.