[Resolvido!]problema com pop-up CID

[Dygo 0]

Ae .. meu amigo instalo o msn discovery e aceito o um negocio de patrociono naum sei oq

e agora meu pc ta bolas de lento e fika abrindo pop-up de CID:

=X

 

ai vai meu log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:04:18, on 18/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\WindowsUpdate.scr

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Ping upload extra road] C:\Documents and Settings\All Users\Dados de aplicativos\burn spam ping upload\Barb Bind.exe

O4 - HKLM\..\Run: [WindowsUpdate] C:\Arquivos de programas\WindowsUpdate.scr

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [four bolt] C:\DOCUME~1\RODRIG~1\DADOSD~1\PLATFO~1\active dent lies.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WindowsUpdate.scr

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

.. se alguem poder me ajuda a tirar isso .. fikaria grato.. vlw ^^

[Dygo 0]

será q ninguem pode me ajudar :'( :natal_sad:

[Dygo 0]

malz ai pessoal

naum he querer fika revivendo o post

mas ja faz bem mais de 5 dias q eu criei o post e ninguem me ajuda :'(

[DigRam 144]

malz ai pessoal

naum he querer fika revivendo o post

mas ja faz bem mais de 5 dias q eu criei o post e ninguem me ajuda :'(

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Opa!Dygo.

Bom Dia!

Vou lhe ajudar!

______________________

 

>@< Faça o download do FindLop.

>@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!

>@< Digite os números e,confirme!

>@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

>@< Execute,agora,o findlop.bat

>@< Será gerado um relatório ( findlop.txt ) no Disco Local-C.

_____________________

 

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório [ findlop.txt ] que está em C:\xxx..

 

Abraços!

[Dygo 0]

aew vlw pela ajuda e desculpa a demora pra responde

:'(

 

olha esse eu fiz todo o procedimento e esse he meu log no hijackthis dps q eu fiz as paradas

 

Logfile of HijackThis v1.99.1

Scan saved at 18:06:02, on 28/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\WindowsUpdate.scr

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WindowsUpdate] C:\Arquivos de programas\WindowsUpdate.scr

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WindowsUpdate.scr

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

.................

 

e dae qd eu fiz abri o arquivo bat lah

ele abriu um bloco de notas soh q tava soh isso escrito

 

[TRACE] Enumerating jobs and queues

 

 

:'(

 

 

meu log ta limpo.=.. ?? fiz algo errado ?? :'(

[DigRam 144]

Bom Dia Dygo!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,as proteções residentes de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

_____________________

 

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

[Dygo 0]

beleza fiz td q se mando e ta ai os relatorios

 

bankerfix

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 30/12/2007 - 10:9

-------------------------------------------------------

Lista de Definição: 2007-12-25-1

=======================================================

 

Arquivo infectado detectado: C:\Arquivos de programas\WindowsUpdate.scr

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WindowsUpdate.scr

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 10:11:57, on 30/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

e ai ???

 

ta td limpo agora????

[DigRam 144]

Boa Tarde Dygo!

 

e ai ???

 

ta td limpo agora????

>@< Falta um último procedimento!

_____________________

 

>@< Apague a pasta: C:\LinhaDefensiva

_____________________

 

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox,e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\system32\vssms32.exe

 

>@< Clique no botão X e,na pergunta sobre o reboot,confirme!

>@< O computador vai reiniciar!

>@< Aproveite este reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

 

>@< Reinicie,normalmente,o computador!

_____________________

 

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

 

Abraços!

[Dygo 0]

ai manim

quando eu cliquei e arumei as parada no killbox e apertei no X ele naum reiniciou o pc

apenas deu um alerta

 

PedingFileRenameOperations Registry Data has been Removed by External Process!

 

dae eu reiniciei o computador e tentei entrar e modo de segurança e naum consegui :'(

[DigRam 144]

Boa Noite Dygo!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Dygo 0]

Ta ai DigRam......

 

 

log do COMBOFIX

 

ComboFix 07-12-31.4 - Rodrigo de Andrade 2007-12-31 6:21:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.875 [GMT -2:00]

Executando de: C:\Documents and Settings\Rodrigo de Andrade\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\29HPA8E2\iforex.com

C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\29HPA8E2\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))

.

 

2007-12-31 06:23 . 2007-12-31 06:23 <DIR> d-------- C:\Temp\WPDNSE

2007-12-31 06:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-28 18:04 . 2007-12-28 18:04 <DIR> d-------- C:\CFindLop.exe

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Real

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-28 17:37 . 2007-12-28 17:39 <DIR> d-------- C:\Temp\~rnsetup

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmnoopt08.sqm

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmdata08.sqm

2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm

2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm

2007-12-25 07:22 . 2007-12-25 07:22 378,880 --a------ C:\Temp\sta1E7.exe

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 61 para pokemon.zip

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 60 para pokemon.zip

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 59 para pokemon.zip

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 58 para pokemon.zip

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 57 para pokemon.zip

2007-12-25 04:16 . 2007-12-25 04:16 <DIR> d--h----- C:\Temp\Diretório temporário 56 para pokemon.zip

2007-12-25 04:15 . 2007-12-25 04:15 <DIR> d--h----- C:\Temp\Diretório temporário 55 para pokemon.zip

2007-12-25 04:15 . 2007-12-25 04:15 <DIR> d--h----- C:\Temp\Diretório temporário 54 para pokemon.zip

2007-12-25 04:15 . 2007-12-25 04:15 <DIR> d--h----- C:\Temp\Diretório temporário 53 para pokemon.zip

2007-12-25 04:15 . 2007-12-25 04:15 <DIR> d--h----- C:\Temp\Diretório temporário 52 para pokemon.zip

2007-12-25 04:15 . 2007-12-25 04:15 <DIR> d--h----- C:\Temp\Diretório temporário 51 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 50 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 49 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 48 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 47 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 46 para pokemon.zip

2007-12-25 04:14 . 2007-12-25 04:14 <DIR> d--h----- C:\Temp\Diretório temporário 45 para pokemon.zip

2007-12-25 03:31 . 2007-12-25 03:31 <DIR> d--h----- C:\Temp\Diretório temporário 44 para pokemon.zip

2007-12-25 03:31 . 2007-12-25 03:31 <DIR> d--h----- C:\Temp\Diretório temporário 43 para pokemon.zip

2007-12-25 03:03 . 2007-12-25 03:03 <DIR> d--h----- C:\Temp\Diretório temporário 42 para pokemon.zip

2007-12-25 03:02 . 2007-12-25 03:02 <DIR> d--h----- C:\Temp\Diretório temporário 2 para a_empregada_quente_e_o_elevador_BR.zip

2007-12-25 03:02 . 2007-12-25 03:02 <DIR> d--h----- C:\Temp\Diretório temporário 1 para a_empregada_quente_e_o_elevador_BR.zip

2007-12-25 02:40 . 2007-12-25 02:40 <DIR> d--h----- C:\Temp\Diretório temporário 1 para chapeuzinho_vermelho.zip

2007-12-25 02:03 . 2007-12-25 02:03 <DIR> d--h----- C:\Temp\Diretório temporário 41 para pokemon.zip

2007-12-25 02:00 . 2007-12-25 02:00 <DIR> d--h----- C:\Temp\Diretório temporário 40 para pokemon.zip

2007-12-25 01:56 . 2007-12-25 01:56 <DIR> d--h----- C:\Temp\Diretório temporário 39 para pokemon.zip

2007-12-25 01:56 . 2007-12-25 01:56 <DIR> d--h----- C:\Temp\Diretório temporário 38 para pokemon.zip

2007-12-25 01:56 . 2007-12-25 01:56 <DIR> d--h----- C:\Temp\Diretório temporário 37 para pokemon.zip

2007-12-25 01:55 . 2007-12-25 01:55 <DIR> d--h----- C:\Temp\Diretório temporário 36 para pokemon.zip

2007-12-25 01:31 . 2007-12-25 01:31 <DIR> d--h----- C:\Temp\Diretório temporário 35 para pokemon.zip

2007-12-25 01:30 . 2007-12-25 01:30 <DIR> d--h----- C:\Temp\Diretório temporário 34 para pokemon.zip

2007-12-24 12:01 . 2007-12-24 12:01 <DIR> d--h----- C:\Temp\Diretório temporário 33 para pokemon.zip

2007-12-24 12:01 . 2007-12-24 12:01 <DIR> d--h----- C:\Temp\Diretório temporário 32 para pokemon.zip

2007-12-24 11:40 . 2007-12-24 11:40 <DIR> d--h----- C:\Temp\Diretório temporário 31 para pokemon.zip

2007-12-24 11:40 . 2007-12-24 11:40 <DIR> d--h----- C:\Temp\Diretório temporário 30 para pokemon.zip

2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d--h----- C:\Temp\Diretório temporário 29 para pokemon.zip

2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d--h----- C:\Temp\Diretório temporário 28 para pokemon.zip

2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d--h----- C:\Temp\Diretório temporário 27 para pokemon.zip

2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d--h----- C:\Temp\Diretório temporário 26 para pokemon.zip

2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d--h----- C:\Temp\Diretório temporário 25 para pokemon.zip

2007-12-24 11:15 . 2007-12-24 11:15 <DIR> d--h----- C:\Temp\Diretório temporário 24 para pokemon.zip

2007-12-24 11:15 . 2007-12-24 11:15 <DIR> d--h----- C:\Temp\Diretório temporário 23 para pokemon.zip

2007-12-24 10:54 . 2007-12-24 10:54 <DIR> d--h----- C:\Temp\Diretório temporário 22 para pokemon.zip

2007-12-24 10:04 . 2007-12-24 10:04 <DIR> d--h----- C:\Temp\Diretório temporário 21 para pokemon.zip

2007-12-24 09:34 . 2007-12-24 09:34 <DIR> d--h----- C:\Temp\Diretório temporário 20 para pokemon.zip

2007-12-24 09:34 . 2007-12-24 09:34 <DIR> d--h----- C:\Temp\Diretório temporário 19 para pokemon.zip

2007-12-24 09:12 . 2007-12-24 09:12 <DIR> d--h----- C:\Temp\Diretório temporário 18 para pokemon.zip

2007-12-24 07:11 . 2007-12-24 07:11 <DIR> d--h----- C:\Temp\Diretório temporário 17 para pokemon.zip

2007-12-24 07:11 . 2007-12-24 07:11 <DIR> d--h----- C:\Temp\Diretório temporário 16 para pokemon.zip

2007-12-24 07:11 . 2007-12-24 07:11 <DIR> d--h----- C:\Temp\Diretório temporário 15 para pokemon.zip

2007-12-24 07:10 . 2007-12-24 07:10 <DIR> d--h----- C:\Temp\Diretório temporário 14 para pokemon.zip

2007-12-24 04:22 . 2007-12-24 04:22 <DIR> d--h----- C:\Temp\Diretório temporário 13 para pokemon.zip

2007-12-24 04:22 . 2007-12-24 04:22 <DIR> d--h----- C:\Temp\Diretório temporário 12 para pokemon.zip

2007-12-24 04:21 . 2007-12-24 04:21 <DIR> d--h----- C:\Temp\Diretório temporário 11 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 9 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 8 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 7 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 6 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 5 para pokemon.zip

2007-12-24 03:59 . 2007-12-24 03:59 <DIR> d--h----- C:\Temp\Diretório temporário 10 para pokemon.zip

2007-12-24 03:58 . 2007-12-24 03:58 <DIR> d--h----- C:\Temp\Diretório temporário 4 para pokemon.zip

2007-12-24 03:35 . 2007-12-24 03:35 <DIR> d--h----- C:\Temp\Diretório temporário 3 para pokemon.zip

2007-12-24 02:53 . 2007-12-24 02:53 <DIR> d--h----- C:\Temp\Diretório temporário 2 para pokemon.zip

2007-12-24 02:53 . 2007-12-24 02:53 <DIR> d--h----- C:\Temp\Diretório temporário 1 para pokemon.zip

2007-12-23 22:30 . 2007-12-23 22:31 <DIR> d-------- C:\Temp\HPSURYCC.FO4

2007-12-17 22:04 . 2007-12-30 10:11 <DIR> d-------- C:\hijackthis

2007-12-14 18:16 . 2007-12-14 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-14 16:24 . 2007-12-14 23:22 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-12-14 16:13 . 2007-12-14 16:13 445,440 --a------ C:\Temp\bis1A6.exe

2007-12-14 16:12 . 2007-12-14 16:12 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2007-12-13 13:43 . 2007-12-18 17:20 <DIR> d-------- C:\Temp\w610_quality_megabass_acoustic

2007-12-13 13:12 . 2007-12-13 13:12 268 --ah----- C:\sqmdata06.sqm

2007-12-13 13:12 . 2007-12-13 13:12 244 --ah----- C:\sqmnoopt06.sqm

2007-12-13 01:12 . 2007-12-16 16:49 <DIR> d-------- C:\Arquivos de programas\Coding Workshop Ringtone Converter

2007-12-13 01:12 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll

2007-12-13 01:12 . 2001-02-15 19:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2007-12-13 01:12 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx

2007-12-13 01:12 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX

2007-12-13 01:12 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll

2007-12-10 01:06 . 2007-12-10 01:06 <DIR> d-------- C:\Temp\tz_exec.tmp130

2007-12-10 01:06 . 2007-12-10 01:07 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2007-12-09 20:17 . 2007-12-09 20:17 52,595 ---h----- C:\Temp\bt0663.bat

2007-12-09 19:56 . 2007-12-09 19:56 52,595 ---h----- C:\Temp\bt4174.bat

2007-12-09 19:51 . 2007-12-09 19:51 52,595 ---h----- C:\Temp\bt6066.bat

2007-12-09 16:17 . 2007-12-09 16:17 0 ---hs---- C:\WINDOWS\system32\ghost.ini

2007-12-09 16:17 . 2007-12-09 16:17 0 ---hs---- C:\WINDOWS\system32\aoutox.ini

2007-12-09 15:59 . 2007-12-09 15:59 149,646 --a------ C:\WINDOWS\addreg.exe

2007-12-09 15:59 . 2007-12-09 15:59 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-14 18:15 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-06 00:23 --------- d-----w C:\Arquivos de programas\Lineage II

2007-12-02 12:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-29 15:33 --------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-11-22 22:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-19 14:50 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Image Zone Express

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 20:31 --------- d-----w C:\Arquivos de programas\Asprate

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-17 14:09 190024]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 19:54 961536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]

"vssms32"="C:\WINDOWS\system32\vssms32.exe" [ ]

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-12-28 17:38 180269]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide3"="cmd.exe" [2004-08-04 01:45 400384 C:\WINDOWS\system32\cmd.exe]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Arquivos de programas\Ares\Ares.exe -h

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2007-10-05 20:46 286016 --a------ C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-11-26 12:11]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-25 12:42]

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2006-02-07 13:50]

S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-12-09 15:59]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 16:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 16:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 16:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 16:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 16:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 16:11]

 

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 06:23:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-12-31 6:24:04

C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 08:23:56

.

2007-12-22 02:30:25 --- E O F ---

 

 

 

LOG DO HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 06:25:23, on 31/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

e agora oq devo faze?

[DigRam 144]

Boa Tarde Dygo!

 

>@< Como a chave SafeBoot está corrompida,nós caminharemos um pouco mais!

___________________

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone e execute a ferramenta!

>@< Aguarde a finalização do scan e,reserve o relatório. ( infoSat.txt )

___________________

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\vssms32.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vssms32"=""

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

__________________

 

>@< Terminando,poste o relatório C:\ComboFix.txt + infoSAT.txt + HJT,atualizado.

 

Abraços!

[Dygo 0]

ai manim

o compuitador naum reincio sozinho

da uma olhada ai eu reiniciei ele dae e fiz o log no hijackthis

 

HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 06:25:23, on 31/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

COMBOFIX

 

ComboFix 07-12-31.4 - Rodrigo de Andrade 2007-12-31 17:40:35.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.819 [GMT -2:00]

Executando de: C:\Documents and Settings\Rodrigo de Andrade\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Rodrigo de Andrade\Desktop\CFScript.txt

 

FILE

C:\WINDOWS\system32\vssms32.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))

.

 

2007-12-31 17:40 . 2007-12-31 17:40 <DIR> d-------- C:\Temp\WPDNSE

2007-12-31 06:24 . 2007-12-31 17:41 <DIR> d-------- C:\Temp

2007-12-31 06:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-28 18:04 . 2007-12-28 18:04 <DIR> d-------- C:\CFindLop.exe

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Real

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmnoopt08.sqm

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmdata08.sqm

2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm

2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm

2007-12-17 22:04 . 2007-12-31 06:25 <DIR> d-------- C:\hijackthis

2007-12-14 18:16 . 2007-12-14 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-14 16:24 . 2007-12-14 23:22 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-12-14 16:12 . 2007-12-14 16:12 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2007-12-13 13:12 . 2007-12-13 13:12 268 --ah----- C:\sqmdata06.sqm

2007-12-13 13:12 . 2007-12-13 13:12 244 --ah----- C:\sqmnoopt06.sqm

2007-12-13 01:12 . 2007-12-16 16:49 <DIR> d-------- C:\Arquivos de programas\Coding Workshop Ringtone Converter

2007-12-13 01:12 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll

2007-12-13 01:12 . 2001-02-15 19:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2007-12-13 01:12 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx

2007-12-13 01:12 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX

2007-12-13 01:12 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll

2007-12-10 01:06 . 2007-12-10 01:07 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2007-12-09 16:17 . 2007-12-09 16:17 0 ---hs---- C:\WINDOWS\system32\ghost.ini

2007-12-09 16:17 . 2007-12-09 16:17 0 ---hs---- C:\WINDOWS\system32\aoutox.ini

2007-12-09 15:59 . 2007-12-09 15:59 149,646 --a------ C:\WINDOWS\addreg.exe

2007-12-09 15:59 . 2007-12-09 15:59 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys

2007-12-09 15:59 . 2007-12-09 15:59 22,528 --a------ C:\WINDOWS\system32\Partizan.exe

2007-12-09 15:59 . 2007-12-09 15:59 8,042 --a------ C:\WINDOWS\PP.reg

2007-12-09 15:59 . 2007-12-09 15:59 0 --a------ C:\WINDOWS\system32\aviso.123456

2007-12-09 15:57 . 2007-12-09 15:59 3,331,584 --a------ C:\WINDOWS\WLLogoin.exe

2007-12-05 18:15 . 2007-12-05 18:15 <DIR> d-------- C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Tibia

2007-12-05 18:14 . 2007-12-05 18:14 <DIR> d-------- C:\Arquivos de programas\Tibia

2007-12-02 10:39 . 2007-12-02 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-02 10:39 . 2007-12-02 10:39 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools

2007-12-02 10:39 . 2007-12-02 10:39 <DIR> d-------- C:\Arquivos de programas\LiveUpdate

2007-12-02 10:39 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-12-02 10:39 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2007-12-01 07:14 . 2007-12-01 07:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2007-12-01 07:14 . 2007-12-01 07:14 <DIR> d-------- C:\Arquivos de programas\Macromedia

2007-12-01 07:14 . 2007-12-01 07:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2007-12-01 07:14 . 2007-12-01 07:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

2007-12-01 07:14 . 2002-01-05 07:48 974,848 --------- C:\WINDOWS\system32\mfc70.dll

2007-12-01 07:14 . 2002-01-05 07:10 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll

2007-12-01 03:39 . 2000-10-20 08:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll

2007-12-01 03:39 . 2001-11-23 02:08 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll

2007-12-01 03:39 . 2001-11-23 02:08 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2007-12-01 03:39 . 2002-06-27 00:33 524,288 --a------ C:\WINDOWS\system\cmicnfg.cpl

2007-12-01 03:39 . 2002-06-29 04:41 414,543 --a------ C:\WINDOWS\system32\drivers\cmuda.sys

2007-12-01 03:39 . 2002-06-13 23:51 28,672 --a------ C:\WINDOWS\system32\udaprop.dll

2007-12-01 03:38 . 2007-12-01 03:38 <DIR> d-------- C:\Arquivos de programas\C-Media Audio

2007-12-01 03:38 . 2000-10-24 17:12 352,256 --------- C:\WINDOWS\system32\ActiveSkin.ocx

2007-12-01 03:38 . 2001-08-06 10:48 188,416 --------- C:\WINDOWS\system32\CMIMPEG2V.ax

2007-12-01 03:38 . 2001-11-28 18:35 114,688 --------- C:\WINDOWS\system32\CMIEffect.ax

2007-12-01 03:38 . 2002-07-02 17:11 98,304 --------- C:\WINDOWS\system32\CMIVCDNav.ax

2007-12-01 03:38 . 2002-02-19 15:27 65,536 --------- C:\WINDOWS\system32\CMIEchoFilter.ax

2007-12-01 03:38 . 2002-06-28 16:37 61,440 --------- C:\WINDOWS\system32\CMICDDAFilter.ax

2007-11-30 08:57 . 2003-08-29 23:51 156,160 --a------ C:\WINDOWS\system32\unrar3.dll

2007-11-30 08:57 . 2003-08-29 23:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-11-29 11:24 . 2007-11-29 11:24 268 --ah----- C:\sqmdata05.sqm

2007-11-29 11:24 . 2007-11-29 11:24 244 --ah----- C:\sqmnoopt05.sqm

2007-11-29 00:14 . 2007-11-29 00:14 41 --a------ C:\WINDOWS\system32\Filzip.ini

2007-11-27 18:33 . 2007-11-30 09:02 41 --a------ C:\WINDOWS\Filzip.ini

2007-11-27 18:31 . 2007-11-30 09:08 <DIR> d-------- C:\Arquivos de programas\Filzip

2007-11-27 00:48 . 2002-07-10 08:32 2,124 --a------ C:\WINDOWS\CMUDA.INI

2007-11-27 00:48 . 2007-12-01 03:39 92 --a------ C:\WINDOWS\CMISETUP.INI

2007-11-27 00:48 . 2007-12-01 03:39 26 --a------ C:\WINDOWS\CMCDPLAY.INI

2007-11-27 00:47 . 2002-07-01 12:01 237,568 --a------ C:\WINDOWS\CMIUninstall.exe

2007-11-27 00:47 . 2002-07-01 12:01 212,992 --a------ C:\WINDOWS\CmiRmRedundDir.exe

2007-11-27 00:47 . 2002-02-27 17:14 28,672 --------- C:\WINDOWS\CMIRmDriver.dll

2007-11-27 00:27 . 2007-11-27 00:29 <DIR> d-------- C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\AdobeUM

2007-11-27 00:27 . 2007-11-27 00:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-27 00:24 . 2007-11-27 00:24 <DIR> d-------- C:\WINDOWS\Cache

2007-11-26 18:58 . 2007-11-26 19:03 <DIR> d-------- C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\MyPhoneExplorer

2007-11-26 18:58 . 2007-11-26 18:58 <DIR> d-------- C:\Arquivos de programas\MyPhoneExplorer

2007-11-26 18:51 . 2007-11-26 18:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-11-26 18:51 . 2007-11-26 18:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2007-11-25 12:42 . 2007-11-25 12:42 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2007-11-25 12:42 . 2007-11-25 12:42 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2007-11-25 12:42 . 2007-11-25 12:42 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys

2007-11-22 20:06 . 2007-11-22 20:06 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2007-11-22 20:06 . 2006-02-07 13:50 42,436 --a------ C:\WINDOWS\system32\drivers\lgusbsmodem.sys

2007-11-22 20:04 . 2007-11-22 20:04 <DIR> d-------- C:\Arquivos de programas\LG mobile

2007-11-15 10:28 . 2007-11-15 10:28 <DIR> d-------- C:\Arquivos de programas\Jufsoft

2007-11-15 09:55 . 2007-11-15 09:55 268 --ah----- C:\sqmdata04.sqm

2007-11-15 09:55 . 2007-11-15 09:55 244 --ah----- C:\sqmnoopt04.sqm

2007-11-14 18:05 . 2007-11-14 18:05 268 --ah----- C:\sqmdata03.sqm

2007-11-14 18:05 . 2007-11-14 18:05 244 --ah----- C:\sqmnoopt03.sqm

2007-11-14 17:50 . 2007-11-14 17:50 172 --ah----- C:\sqmnoopt02.sqm

2007-11-14 17:50 . 2007-11-14 17:50 172 --ah----- C:\sqmdata02.sqm

2007-11-14 17:36 . 2007-11-14 17:36 268 --ah----- C:\sqmdata01.sqm

2007-11-14 17:36 . 2007-11-14 17:36 244 --ah----- C:\sqmnoopt01.sqm

2007-11-13 19:05 . 2007-11-13 19:06 <DIR> d-------- C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\teamspeak2

2007-11-13 19:05 . 2007-11-13 19:05 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-11-13 19:05 . 2007-11-13 19:05 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2007-11-11 14:27 . 2007-11-11 14:27 <DIR> d-------- C:\mobile

2007-11-09 00:31 . 2007-11-30 12:27 <DIR> d-------- C:\Arquivos de programas\Cebolinha Script

2007-11-05 01:31 . 2007-11-05 01:32 <DIR> d-------- C:\Arquivos de programas\No-IP

2007-11-05 01:18 . 2007-11-05 01:18 <DIR> d-------- C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\sqlitestudio

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-14 18:15 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-06 00:23 --------- d-----w C:\Arquivos de programas\Lineage II

2007-12-02 12:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-29 15:33 --------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-11-22 22:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-19 14:50 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Image Zone Express

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 20:31 --------- d-----w C:\Arquivos de programas\Asprate

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-17 14:09 190024]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 19:54 961536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]

"vssms32"="" []

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-12-28 17:38 180269]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide3"="cmd.exe" [2004-08-04 01:45 400384 C:\WINDOWS\system32\cmd.exe]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Arquivos de programas\Ares\Ares.exe -h

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2007-10-05 20:46 286016 --a------ C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-11-26 12:11]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-25 12:42]

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2006-02-07 13:50]

S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-12-09 15:59]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 16:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 16:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 16:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 16:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 16:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 16:11]

 

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 17:41:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-12-31 17:42:11

.

2007-12-22 02:30:25 --- E O F ---

 

 

 

INFO SAT

 

 

Mon Dec 31 17:33:38 2007

EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Mon Dec 31 17:33:49 2007

EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 4613

Nº Total de Ficheros: 56928

Nº de Ficheros Analizados: 10044

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

 

ta td ai...

o q devo fazer agora??

[Dygo 0]

aew dps

do procedimento ali

eu consegui entra em modo de segurança se isso ajudar em algo beleza...

espero sua resposta

[DigRam 144]

Boa Noite Dygo!

 

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador,em Modo de Segurança.

>@< Mas,não execute-a ainda!

____________________

 

>@< Cole,todo o conteúdo que está abaixo da palavra quote,para o Bloco de Notas.

 

@echo off

DEL /Q /S C:\WINDOWS\system32\vssms32.exe

@pause

>@< Salve-o,no Desktop,como "Del.bat"

>@< É importante que o nome fique,entre aspas.

>@< Dê um duplo clique em "Del.bat",para executá-lo.

>@< Ps:Execute-o apenas uma vez!

>@< Abra o HijackThis e clique em: Do a system scan only.

>@< Marque a entrada,logo abaixo,e clique em Fix checked.

 

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

>@< Vá,agora,ao ícone de EliStarA e execute a ferramenta.

>@< Aguarde,com paciência,a conclusão do scan.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

____________________

 

>@< Faça e poste,na sua resposta: infoSat.txt + Log do HJT,atualizado.

 

Abraços!

[Dygo 0]

eai digram

olha quando eu cliquei no Del.bat e foi para o hijackthis

a linha

 

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

 

naum estava lah =X

 

dae eu so eu fiz o scan com o ELISTARA

 

TA AI O SCAN

 

 

Mon Dec 31 17:33:38 2007

EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Mon Dec 31 17:33:49 2007

EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 4613

Nº Total de Ficheros: 56928

Nº de Ficheros Analizados: 10044

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jan 01 12:36:43 2008

EliStartPage v15.34 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Tue Jan 01 12:36:59 2008

EliStartPage v15.34 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\MessengerPlus! 3\MSGPLUS.EXE --> Eliminado, MessengerPlus

C:\Arquivos de programas\mobile PhoneTools\MEXPLORER.DLL --> Eliminado, EliteToolBar (dropper)

C:\Documents and Settings\Rodrigo de Andrade\Meus documentos\Downloads\RCSETUP.EXE --> Eliminado, P2PAdware.A

C:\WINDOWS\ADDREG.EXE --> Eliminado, QuickBatch

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZ3A054.DLL --> Eliminado, MoviePass

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\HPZ3A054.DLL --> Eliminado, MoviePass

 

Nº Total de Directorios: 4601

Nº Total de Ficheros: 55479

Nº de Ficheros Analizados: 20129

Nº de Ficheros Infectados: 7

Nº de Ficheros Limpiados: 7

 

SCAN DO HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 12:58:02, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Notepad.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

e agora q o vamos fazer ??

 

a lembrando soh FELIZ ANO NOVO ^^

[DigRam 144]

Boa Tarde Dygo!

 

>@< Vá em Iniciar >> Executar >> Digite: ComboFix /u >> Ok.

>@< Na mensagem,selecione o 2. ( Dois )

_____________________

 

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\MessengerPlus!3\MSGPLUS.EXE --> Eliminado, MessengerPlus

>@< EliStarA,por exploração,removeu o MessengerPlus!3.

>@< Como o programa foi instalado,primordialmente,aceitando-se o Patrocínio,acredito que a reinstalação foi executada sem aceitá-lo!

_____________________

 

Ae .. meu amigo instalo o msn discovery e aceito o um negocio de patrociono naum sei oq

e agora meu pc ta bolas de lento e fika abrindo pop-up de CID:

>@< Esse problema,ainda,lhe incomoda?

>@< Bom trabalho!

>@< Log Limpo!

 

Abraços!

[Dygo 0]

Obrigada ^^ akele problema ja naum me encomoda mais

mas eu estou com outro problema

naum estou conseguindo fazer restauração do sistema

quando eu clico em RESTAURAÇÂO DO SISTEMA

aparece esta mensagem

 

"A restauração do sistema não pode proteger o computador. Reinicie-o e execute a restauração novamente"

 

ja tentei reiniciar o computador varias vezes e o problema continua

se você poder me ajuda fikarei grato ^^

[DigRam 144]

Obrigada ^^ akele problema ja naum me encomoda mais

mas eu estou com outro problema

naum estou conseguindo fazer restauração do sistema

quando eu clico em RESTAURAÇÂO DO SISTEMA

aparece esta mensagem

 

"A restauração do sistema não pode proteger o computador. Reinicie-o e execute a restauração novamente"

 

ja tentei reiniciar o computador varias vezes e o problema continua

se você poder me ajuda fikarei grato ^^

_________________

Opa!Dygo.

Boa Noite!

 

>@< Vá em Iniciar >> Executar.

>@< Digite: rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf

>@< Dê o Ok.

>@< Aguarde! Quando houver uma solicitação,do sistema,dê o seguinte caminho: %Windir%\ServicePackFiles

>@< Aceite,também,a solicitação para Reiniciar o computador.

>@< Tente,agora,utilizar a Restauração do Sistema!

 

Abraços!

[Dygo 0]

fiz o procedimento

mas naum funcionou

primeiro eles naum tinha os arquvi no diretorio q você passou entaum peguei o cd do windows e coloqueis os arquivo naquele diretorio

ele usou a função mas dps de completo naum pediu para reiniciar a maquina e eu reiniciei manualmente

e o problema continua

a msg continua aparecendo .