Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Dygo

[Resolvido!]Coisas abrindo sozinhas

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Dygo    0

Dygo
Postado

Deem uma olhada no meu log

vou mexer com cartão de credito amanha em meu computador e estou com suspeita q ele esteja com virus por favor

virifiquem....

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:27:00, on 9/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\Notepad.exe

C:\Arquivos de programas\Tibia Auto\tibiaauto.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat

 

6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search &

 

Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application

 

Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos

 

comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

 

programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil

 

Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service

 

(file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service

 

(file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos

 

comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia

 

Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WIN

 

 

 

TENHO MINHAS SUSPEITAS Q ESTES LOG Q SEJAM OS INFECTADOS

DEEM UMA OLHADA

 

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos

 

comuns\Ahead\lib\NMBgMonitor.exe"

 

 

porfavor me ajudem o mais rapido possivel..

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

ajuda plx

preciso saber se esta td ok e q prevençoes tomar

preciso disso para amanha

por favor me ajudem :mellow:

 

 

por faovr

me ajudeeemmmm

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite Dygo!

 

>@< Pelo msconfig ou services.msc,pare este serviço: O23 - Service: Pml Driver HPZ12 - HP - C:\WIN

_________________

 

>@< No Executar,digite: ComboFix /u

>@< Clique em Ok.

>@< Aguarde a conclusão!

_________________

 

>@< Baixe um novo ComboFix,e execute-o em Modo de Segurança.

>@< Poste,na sua resposta: ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

fiz oq você disse

e esta o o log

do combofix e hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 02:25:52, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

 

ComboFix 08-01-10.2 - Rodrigo de Andrade 2008-01-10 2:19:25.3 - NTFSx86 MINIMAL

 

Executando de: C:\Documents and Settings\Rodrigo de Andrade\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))

.

 

2008-01-10 02:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-09 10:07 . 2008-01-09 10:07 <DIR> d-------- C:\Temp\WPDNSE

2008-01-07 13:09 . 2008-01-07 13:09 <DIR> d-------- C:\Temp\is-PSSOG.tmp

2008-01-03 23:01 . 2008-01-06 15:07 <DIR> d-------- C:\Arquivos de programas\Tibia Auto

2008-01-03 22:58 . 2008-01-03 22:58 <DIR> d-------- C:\Python24

2008-01-02 14:05 . 2008-01-02 14:05 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-01-01 12:57 . 2008-01-10 01:21 <DIR> d-------- C:\Temp\MessengerCache

2008-01-01 12:55 . 2008-01-01 12:55 <DIR> d-------- C:\Temp\_avast4_

2007-12-31 06:24 . 2008-01-10 02:21 <DIR> d-------- C:\Temp

2007-12-28 18:04 . 2007-12-28 18:04 <DIR> d-------- C:\CFindLop.exe

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Real

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmnoopt08.sqm

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmdata08.sqm

2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm

2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm

2007-12-17 22:04 . 2008-01-09 15:10 <DIR> d-------- C:\hijackthis

2007-12-14 18:16 . 2007-12-14 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-14 16:24 . 2007-12-14 23:22 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-12-14 16:12 . 2007-12-14 16:12 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2007-12-13 13:12 . 2007-12-13 13:12 268 --ah----- C:\sqmdata06.sqm

2007-12-13 13:12 . 2007-12-13 13:12 244 --ah----- C:\sqmnoopt06.sqm

2007-12-13 01:12 . 2007-12-16 16:49 <DIR> d-------- C:\Arquivos de programas\Coding Workshop Ringtone Converter

2007-12-13 01:12 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll

2007-12-13 01:12 . 2001-02-15 19:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2007-12-13 01:12 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx

2007-12-13 01:12 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX

2007-12-13 01:12 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll

2007-12-10 01:06 . 2008-01-08 13:28 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 01:03 --------- d-----w C:\Arquivos de programas\Tibia

2008-01-01 14:38 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2008-01-01 14:38 --------- d-----w C:\Arquivos de programas\MessengerPlus! 3

2007-12-14 18:15 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-09 17:59 8,042 ----a-w C:\WINDOWS\PP.reg

2007-12-09 17:59 31,170 ----a-w C:\WINDOWS\system32\drivers\Partizan.sys

2007-12-09 17:59 3,331,584 ----a-w C:\WINDOWS\WLLogoin.exe

2007-12-09 17:59 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe

2007-12-06 00:23 --------- d-----w C:\Arquivos de programas\Lineage II

2007-12-05 20:15 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Tibia

2007-12-02 12:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-02 12:39 --------- d-----w C:\Arquivos de programas\LiveUpdate

2007-12-01 09:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Macromedia

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2007-12-01 05:38 --------- d-----w C:\Arquivos de programas\C-Media Audio

2007-11-30 14:27 --------- d-----w C:\Arquivos de programas\Cebolinha Script

2007-11-30 11:08 --------- d-----w C:\Arquivos de programas\Filzip

2007-11-29 15:33 --------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-11-27 02:29 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\AdobeUM

2007-11-27 02:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-26 21:03 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\MyPhoneExplorer

2007-11-26 20:58 --------- d-----w C:\Arquivos de programas\MyPhoneExplorer

2007-11-26 20:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-11-26 20:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2007-11-25 14:42 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2007-11-25 14:42 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2007-11-25 14:42 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2007-11-22 22:06 --------- d-----w C:\Arquivos de programas\LG Electronics

2007-11-22 22:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-22 22:04 --------- d-----w C:\Arquivos de programas\LG mobile

2007-11-19 14:50 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Image Zone Express

2007-11-15 12:28 --------- d-----w C:\Arquivos de programas\Jufsoft

2007-11-13 21:06 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\teamspeak2

2007-11-13 21:05 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-03 18:13 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [ ]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 19:54 961536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]

"vssms32"="" []

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-12-28 17:38 180269]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:45 159744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide3"="cmd.exe" [2004-08-04 01:45 400384 C:\WINDOWS\system32\cmd.exe]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2007-07-16 19:54 961536 C:\Arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-05 20:46 286016 C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

 

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 02:21:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-10 2:22:37

ComboFix2.txt 2007-12-31 19:42:11

.

2008-01-03 19:04:57 --- E O F ---

 

 

e agora oq devo fazer?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Dygo!

 

>@< Cole no Bloco de Notas.

>@< Em Salvar como tipo: escolha Todos os arquivos.

>@< Em Nome do Arquivo: coloque Temp.bat

 

@ECHO OFF

IF NOT %temp% == %tmp% GOTO both

GOTO single

:both

DEL %temp%\*.* /F /S /Q

DEL %tmp%\*.* /F /S /Q

CLS

ECHO Deleted all files in the TEMP folder: %temp%

ECHO Deleted all files in the TMP folder: %tmp%

GOTO end

:single

DEL %temp%\*.* /F /S /Q

DEL %systemroot%\Temp\*.* /F /S /Q

CLS

ECHO Deleted all files in the TEMP folder: %temp%

:end

>@< Esta é uma forma,elaborada pela colega Ideiafix,muito eficiente de remover temporários.

>@< Execute o arquivo com um duplo clique!

_________________________

 

>@< Faça o download do RenV.exe

>@< Salve-o no Desktop!

>@< Dê um duplo-clique no RenV.exe

>@< Procure colocar o relatório ( log.txt ) em um quote ou code,para a sua resposta.

_________________________

 

>@< Rode,novamente,o FindLop e poste o relatório + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

Bom eu tentei faze essas parada ai

 

ve os logs q deu

 

 

TEMP.BAT

 

Ran on qui 10/01/2008 -  9:18:40,40 Entries:				0  (0) Directories:			0  Files:			 0 Bytes:				  0  Blocks:			0

 

 

 

FINDLOP

 

[TRACE] Enumerating jobs and queues

 

 

HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 09:20:52, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\Arquivos de programas\Tibia Auto\tibiaauto.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

e agora??

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Dygo!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\iun6002.exe

 

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vssms32]

 

Folder::

C:\CFindLop.exe

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

AI fiz o q você mando

mais naum reinciiou sozinho.. dae reinciei manuamente e atualiza o log do hijackthis

ta ai

 

 

COMBOFIX

 

ComboFix 08-01-10.2 - Rodrigo de Andrade 2008-01-10 11:12:46.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.800 [GMT -2:00]

Executando de: C:\Documents and Settings\Rodrigo de Andrade\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Rodrigo de Andrade\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE

C:\WINDOWS\iun6002.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\CFindLop.exe

C:\CFindLop.exe\findlop.bat

C:\CFindLop.exe\jt.exe

C:\WINDOWS\iun6002.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))

.

 

2008-01-10 11:13 . 2008-01-10 11:13 <DIR> d-------- C:\Temp\WPDNSE

2008-01-10 09:11 . 2008-01-10 10:50 <DIR> d-------- C:\Temp\MessengerCache

2008-01-10 02:24 . 2008-01-10 08:10 <DIR> d-------- C:\Temp\_avast4_

2008-01-10 02:23 . 2008-01-10 11:13 <DIR> d-------- C:\Temp

2008-01-10 02:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 23:01 . 2008-01-06 15:07 <DIR> d-------- C:\Arquivos de programas\Tibia Auto

2008-01-03 22:58 . 2008-01-03 22:58 <DIR> d-------- C:\Python24

2008-01-02 14:05 . 2008-01-02 14:05 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Real

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-28 17:38 . 2007-12-28 17:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmnoopt08.sqm

2007-12-27 17:29 . 2007-12-27 17:29 172 --ah----- C:\sqmdata08.sqm

2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm

2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm

2007-12-17 22:04 . 2008-01-10 09:20 <DIR> d-------- C:\hijackthis

2007-12-14 18:16 . 2007-12-14 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-14 16:24 . 2007-12-14 23:22 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-12-14 16:12 . 2007-12-14 16:12 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2007-12-13 13:12 . 2007-12-13 13:12 268 --ah----- C:\sqmdata06.sqm

2007-12-13 13:12 . 2007-12-13 13:12 244 --ah----- C:\sqmnoopt06.sqm

2007-12-13 01:12 . 2007-12-16 16:49 <DIR> d-------- C:\Arquivos de programas\Coding Workshop Ringtone Converter

2007-12-13 01:12 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll

2007-12-13 01:12 . 2001-02-15 19:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2007-12-13 01:12 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx

2007-12-13 01:12 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX

2007-12-13 01:12 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll

2007-12-10 01:06 . 2008-01-08 13:28 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 01:03 --------- d-----w C:\Arquivos de programas\Tibia

2008-01-01 14:38 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2008-01-01 14:38 --------- d-----w C:\Arquivos de programas\MessengerPlus! 3

2007-12-14 18:15 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-09 17:59 8,042 ----a-w C:\WINDOWS\PP.reg

2007-12-09 17:59 31,170 ----a-w C:\WINDOWS\system32\drivers\Partizan.sys

2007-12-09 17:59 3,331,584 ----a-w C:\WINDOWS\WLLogoin.exe

2007-12-09 17:59 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe

2007-12-06 00:23 --------- d-----w C:\Arquivos de programas\Lineage II

2007-12-05 20:15 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Tibia

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-12-02 12:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-02 12:39 --------- d-----w C:\Arquivos de programas\LiveUpdate

2007-12-01 09:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Macromedia

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2007-12-01 09:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2007-12-01 05:38 --------- d-----w C:\Arquivos de programas\C-Media Audio

2007-11-30 14:27 --------- d-----w C:\Arquivos de programas\Cebolinha Script

2007-11-30 11:08 --------- d-----w C:\Arquivos de programas\Filzip

2007-11-29 15:33 --------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-11-27 02:29 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\AdobeUM

2007-11-27 02:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-26 21:03 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\MyPhoneExplorer

2007-11-26 20:58 --------- d-----w C:\Arquivos de programas\MyPhoneExplorer

2007-11-26 20:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-11-26 20:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2007-11-25 14:42 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2007-11-25 14:42 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2007-11-25 14:42 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2007-11-22 22:06 --------- d-----w C:\Arquivos de programas\LG Electronics

2007-11-22 22:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-22 22:04 --------- d-----w C:\Arquivos de programas\LG mobile

2007-11-19 14:50 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\Image Zone Express

2007-11-15 12:28 --------- d-----w C:\Arquivos de programas\Jufsoft

2007-11-13 21:06 --------- d-----w C:\Documents and Settings\Rodrigo de Andrade\Dados de aplicativos\teamspeak2

2007-11-13 21:05 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [ ]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 19:54 961536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]

"vssms32"="" []

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-12-28 17:38 180269]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide3"="cmd.exe" [2004-08-04 01:45 400384 C:\WINDOWS\system32\cmd.exe]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2007-07-16 19:54 961536 C:\Arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-05 20:46 286016 C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

 

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-11-26 12:11]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-25 12:42]

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2006-02-07 13:50]

S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-12-09 15:59]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 16:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 16:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 16:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 16:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 16:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 16:11]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 11:13:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-10 11:14:20

ComboFix-quarantined-files.txt 2008-01-10 13:14:12

.

2008-01-03 19:04:57 --- E O F ---

 

 

HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 11:20:38, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Notepad.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

^^ e agora oq faco??

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Dygo!

 

>@< O Log está Limpo!

>@< Caso,ainda,queira uma verificação de desinfecção,sugiro que a faça em BitDefender. ( OnLine )

_______________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

>@< Poste,então: Relatório do BitDefender.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

eai digram valeu

gostei mt do site

 

olha soh o relatorio

 

BitDefender Online Scanner - Real Time Virus Report

 

 

 

Generated at: Thu, Jan 10, 2008 - 19:15:45

 

 

--------------------------------------------------------------------------------

 

 

 

 

 

Scan Info

 

 

 

Scanned Files

497654

 

Infected Files

31

 

 

 

 

 

 

 

 

Virus Detected

 

 

 

Trojan.Peflog.31

2

 

MemScan:Trojan.Juan.G

1

 

Trojan.Downloader.Istbar.MH

1

 

Trojan.Starter.V

1

 

DeepScan:Generic.Zlob.7.F16D393E

1

 

Java.Trojan.Exploit.Bytverify

2

 

Trojan.Java.Classloader.E

1

 

Trojan.Downloader.PromoCarto

1

 

Generic.Malware.E.463A1DE9

1

 

Trojan.Agent.AYV

5

 

Trojan.Generic.73846

3

 

Trojan.Obfus.6.Gen

4

 

Trojan.Keygen.Q

1

 

Generic.Banker.Delf.B139796E

1

 

Trojan.Downloader.Istbar.LR

1

 

Generic.Perfloger.F020C33C

1

 

Trojan.Dropper.Vb.NN

1

 

Generic.Adw.SaveNow.56AD4696

2

 

Trojan.Generic.52224

1

 

 

 

 

 

 

 

 

axo bastante coisa =X

 

sera q agora meu computador esta seguro ??

 

demoro 3 hrs o scan =X

 

gostaria de algumas dicas para o uso de cartao de credito e compras online.. para eu ter mais segurança se você poder me dar alguma dicas ^^

 

masi agradeço por td ^^

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite Dygo!

 

sera q agora meu computador esta seguro ??

>@< Isso irá depender dos seus hábitos,de navegação! Cuidado,aonde clica!

____________________

 

gostaria de algumas dicas para o uso de cartao de credito e compras online.. para eu ter mais segurança se você poder me dar alguma dicas ^^

>@< Os cuidados,são os de praxe,mas...o importante é conhecer a idoneidade da Firma,que se está negociando uma compra.

____________________

 

>@< O relatório do BitDefender,está incompleto.Amigo,voçê possui a parte faltante?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

viu digram

o site q eu vo fazer a compra eh de segurança sim

estava apenas preocupado com o meu computador

 

mas digram olha eu naum sei tipow qd eu fiz o scan a hora q acabou

eu apenas cliquei em finish ou algo assim

e me pergunta algo sobre report .. eu cliquei em sim e apareceu apenas aquilo você sabe aonde eu posso encontra o resto do log ???

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
mas digram olha eu naum sei tipow qd eu fiz o scan a hora q acabou

eu apenas cliquei em finish ou algo assim

e me pergunta algo sobre report .. eu cliquei em sim e apareceu apenas aquilo você sabe aonde eu posso encontra o resto do log ???

____________________

 

Opa!Dygo

Bom Dia!

 

>@< Não importa mais,pois a parte faltante do relatório,por um erro,será irrecuperável.

>@< Para a total limpeza,faça outro scan em BitDefender,até que nada mais seja encontrado.

____________________

 

>@< Algum problema,ainda,com o computador?

>@< Bom trabalho!

>@< Log Limpo! :thumbsup:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

ai digram

fiz o scan novamente

e agora estou com o log ai

da uma olhada

 

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Fri, Jan 11, 2008 - 12:56:08

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;F:\;

 

 

 

 

 

 

 

Statistics

 

Time

02:03:40

 

Files

487884

 

Folders

7145

 

Boot Sectors

5

 

Archives

15754

 

Packed Files

21657

 

 

 

 

Results

 

Identified Viruses

12

 

Infected Files

24

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

26

 

 

 

 

Engines Info

 

Virus Definitions

888035

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006502.exe

Infected with: Generic.Banker.Delf.B139796E

 

C:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006502.exe

Disinfection failed

 

C:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006502.exe

Deleted

 

D:\Animes\Negima\1136491019-FAKETI~1.RAR=>FakeTibia\files\IP_Changer.zip=>Tibia MULTI-ip changer.exe

Infected with: Trojan.Agent.AYV

 

D:\Animes\Negima\1136491019-FAKETI~1.RAR=>FakeTibia\files\IP_Changer.zip=>Tibia MULTI-ip changer.exe

Disinfection failed

 

D:\Animes\Negima\1136491019-FAKETI~1.RAR=>FakeTibia\files\IP_Changer.zip=>Tibia MULTI-ip changer.exe

Deleted

 

D:\Animes\Negima\1136491019-FAKETI~1.RAR=>FakeTibia\files\IP_Changer.zip

Updated

 

D:\Animes\Negima\1136491019-FAKETI~1.RAR

Update failed

 

D:\Animes\Negima\PHP_Created_by_KronOX_v2[1].0.rar=>PHP_Created_by_KronOX_v2.0\www\downloads\Changer.rar=>Jungle OTS IP-Changer.exe

Infected with: Trojan.Agent.AYV

 

D:\Animes\Negima\PHP_Created_by_KronOX_v2[1].0.rar=>PHP_Created_by_KronOX_v2.0\www\downloads\Changer.rar=>Jungle OTS IP-Changer.exe

Disinfection failed

 

D:\Animes\Negima\PHP_Created_by_KronOX_v2[1].0.rar=>PHP_Created_by_KronOX_v2.0\www\downloads\Changer.rar=>Jungle OTS IP-Changer.exe

Deleted

 

D:\Animes\Negima\PHP_Created_by_KronOX_v2[1].0.rar=>PHP_Created_by_KronOX_v2.0\www\downloads\Changer.rar

Update failed

 

D:\Animes\Negima\public_version_full.rar=>public_version\downloads\ipchanger.rar=>ipchanger\Tibia MULTI-ip changer.exe

Infected with: Trojan.Agent.AYV

 

D:\Animes\Negima\public_version_full.rar=>public_version\downloads\ipchanger.rar=>ipchanger\Tibia MULTI-ip changer.exe

Disinfection failed

 

D:\Animes\Negima\public_version_full.rar=>public_version\downloads\ipchanger.rar=>ipchanger\Tibia MULTI-ip changer.exe

Deleted

 

D:\Animes\Negima\public_version_full.rar=>public_version\downloads\ipchanger.rar

Update failed

 

D:\Animes\Negima\www.rar=>www\downloads\Tibia MULTI-ip changer.exe

Infected with: Trojan.Agent.AYV

 

D:\Animes\Negima\www.rar=>www\downloads\Tibia MULTI-ip changer.exe

Disinfection failed

 

D:\Animes\Negima\www.rar=>www\downloads\Tibia MULTI-ip changer.exe

Deleted

 

D:\Animes\Negima\www.rar

Update failed

 

D:\Animes\Negima\www4.rar=>www\downloads\Tibia MULTI-ip changer.exe

Infected with: Trojan.Agent.AYV

 

D:\Animes\Negima\www4.rar=>www\downloads\Tibia MULTI-ip changer.exe

Disinfection failed

 

D:\Animes\Negima\www4.rar=>www\downloads\Tibia MULTI-ip changer.exe

Deleted

 

D:\Animes\Negima\www4.rar

Update failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 6)

Infected with: Trojan.Downloader.Istbar.MH

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 6)

Disinfection failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 6)

Deleted

 

D:\Downloads\ak162.exe=>(Instyler o)

Update failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Infected with: Trojan.Dropper.Vb.NN

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Disinfection failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Deleted

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)

Update failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Infected with: Trojan.Starter.V

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Disinfection failed

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Deleted

 

D:\Downloads\ak162.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)

Update failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE)

Infected with: Generic.Perfloger.F020C33C

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE)

Disinfection failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE)

Deleted

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)

Update failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE)

Infected with: Trojan.Peflog.31

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE)

Disinfection failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE)

Deleted

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)

Update failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>rinst.exe

Infected with: Trojan.Peflog.31

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>rinst.exe

Disinfection failed

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)=>rinst.exe

Deleted

 

D:\Downloads\Archives\tibia_bot_7.72.rar=>tibia bot 7.72\Tibia Bot.exe=>(RAR Sfx o)

Update failed

 

D:\Downloads2\birthdaybeer.exe=>(Instyler o)=>(Instyler Module 4)

Infected with: Trojan.Downloader.Istbar.LR

 

D:\Downloads2\birthdaybeer.exe=>(Instyler o)=>(Instyler Module 4)

Disinfection failed

 

D:\Downloads2\birthdaybeer.exe=>(Instyler o)=>(Instyler Module 4)

Deleted

 

D:\Downloads2\birthdaybeer.exe=>(Instyler o)

Update failed

 

D:\Downloads2\BSINSTALL.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696

 

D:\Downloads2\BSINSTALL.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

D:\Downloads2\BSINSTALL.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Deleted

 

D:\Downloads2\BSINSTALL.exe=>wise0025=>(CAB Sfx r)

Update failed

 

D:\Downloads2\BSINSTALL.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696

 

D:\Downloads2\BSINSTALL.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

D:\Downloads2\BSINSTALL.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Deleted

 

D:\Downloads2\BSINSTALL.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006504.exe

Infected with: Trojan.Keygen.Q

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006504.exe

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006504.exe

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006505.scr

Infected with: Trojan.Downloader.PromoCarto

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006505.scr

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0006505.scr

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>wise0025=>(CAB Sfx r)=>VVSN.exe

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>wise0025=>(CAB Sfx r)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)=>VVSN.exe

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007521.exe=>(Embedded EXE r)=>wise0025=>(CAB Sfx r)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007522.exe=>(Instyler o)=>(Instyler Module 4)

Infected with: Trojan.Downloader.Istbar.LR

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007522.exe=>(Instyler o)=>(Instyler Module 4)

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007522.exe=>(Instyler o)=>(Instyler Module 4)

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007522.exe=>(Instyler o)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 6)

Infected with: Trojan.Downloader.Istbar.MH

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 6)

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 6)

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Infected with: Trojan.Dropper.Vb.NN

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)=>zlib_nsis0005

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 7)=>(NSIS o)

Update failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Infected with: Trojan.Starter.V

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Disinfection failed

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)=>lzma_solid_nsis0003

Deleted

 

D:\System Volume Information\_restore{F5F4118F-5CAF-437D-9A43-B3AA88AD6252}\RP9\A0007523.exe=>(Instyler o)=>(Instyler Module 8)=>(NSIS o)

Update failed

 

D:\UNIDADE C\Downloads\Apple_Quicktime_Pro_v7.0.3.25.zip.exe=>(ZIP Sfx o)=>crack.exe

Infected with: DeepScan:Generic.Zlob.7.F16D393E

 

D:\UNIDADE C\Downloads\Apple_Quicktime_Pro_v7.0.3.25.zip.exe=>(ZIP Sfx o)=>crack.exe

Disinfection failed

 

D:\UNIDADE C\Downloads\Apple_Quicktime_Pro_v7.0.3.25.zip.exe=>(ZIP Sfx o)=>crack.exe

Deleted

 

D:\UNIDADE C\Downloads\Apple_Quicktime_Pro_v7.0.3.25.zip.exe=>(ZIP Sfx o)

Updated

 

D:\UNIDADE C\Downloads\Apple_Quicktime_Pro_v7.0.3.25.zip.exe

Update failed

 

 

 

 

 

 

naum sei fikou bom ai no forum pq ele he um log cheio de tabelas caso naum entenda eu tento hospedar o arquivo dps e você da uma olhada melhor ok ??

 

eu dei uma olhada nos arquivos q estavam com virus.. a maioria era .exe e tentei deletar os q eu consegui

 

naum consegui acessar esta pagina

D:\System Volume Information

 

para dar uma olhada nesses arquivos...

 

estou esperando suas informaçoes logo farei otro scan naquele site mais tarde e postarei o log novamente ^^

 

abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite Dygo!

 

naum sei fikou bom ai no forum pq ele he um log cheio de tabelas caso naum entenda eu tento hospedar o arquivo dps e você da uma olhada melhor ok ??

>@< Não há necessidade.Está ótimo!

____________________

 

naum consegui acessar esta pagina

D:\System Volume Information

>@< Este diretório,guarda a Restauração do Sistema.

____________________

 

estou esperando suas informaçoes logo farei otro scan naquele site mais tarde e postarei o log novamente ^^

>@< Para que este scan venha resumido,apague este Volume e estabeleça outro,que estará completamente limpo.Desta forma,o relatório do BitDefender,não listará este diretório.

____________________

 

>@< Crie um Ponto de Restauração do Sistema,completamente limpo!

>@< Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema.

>@< Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

>@< Faça,agora,uma limpeza de Disco ou rode o seu Antivírus. ( Avast )

>@< Terminando,desmarque novamente! >> Aplicar >> Ok.

____________________

 

>@< Estas,são as condições ideais,para fazer este último escaneamento,em BitDefender.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

bom fiz oq tu disse

agora meu pc ta benm limpiinho da uma olhada no log do bit defender

 

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Sat, Jan 12, 2008 - 06:44:26

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;F:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:57:04

 

Files

476878

 

Folders

7049

 

Boot Sectors

5

 

Archives

15520

 

Packed Files

22086

 

 

 

 

Results

 

Identified Viruses

0

 

Infected Files

0

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

0

 

 

 

 

Engines Info

 

Virus Definitions

888775

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

No virus found.

 

 

 

 

 

 

----------------------------------------------------------------------

 

bom pelo q parece esta td ok...

entaum vo manda ai meu log do hijackthis.. pra ve se ta td certinhô ^^

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:47:45, on 12/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\Notepad.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMIndexStoreSvr.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

XDDDD

 

 

certinho ??

 

abraços .. vlw pela ajuda ^^

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Dygo!

 

certinho ??

 

abraços .. vlw pela ajuda ^^

>@< OK!

>@< Está tudo certo.Meus parabéms!

______________________

 

>@< Para limpar o PC,dos componentes da ferramenta ComboFix,basta digitar no Executar:

 

ComboFix /u

 

>@< Dê o Ok e,aguarde a finalização!

______________________

 

>@< Bom trabalho!

>@< Log Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

ai digram

o avast qd fez o scan

axou alguns arquivos com senhas e outros corrompidos

mas este arquivo aki

 

D:\UNIDADE C\Downloads\downloads\xp atualiado.. 2007(abril)\FULLXPSP2_by_Guilhermeb.UV.ISO\I386\SVCPACK\FOXITBR.EXE

 

eu naum consigo deletado

tem como você me ajudar???

 

eu preciso deletar o .iso.. do windows ??

Compartilhar este post

Link para o post
Compartilhar em outros sites

Dygo    0

Dygo
Postado

aew digram

to com mais problema ai

 

olha soh

eu inicio o computador

aparece um alerta

dizendo assim

 

LANCHER

Não foi possivel carregar a configuração

 

e notei q o avast fikava do lado do relogio com dois icones um com a letra A e outro com a letra I

agora esta apenas o icone com a letra A

 

e tb quando vou abrir o internet explorer em vez de ele ir para o endereço q esta no home ...

 

ele abre isto

 

http://de%20programas/Internet%20Explorer/IEXPLORE.EXE

 

ja verifiquei as configurações de internet e a pagina inicial esta como

www.google.com.br

como sempre esteve...

por favor

peço sua ajuda

vou postar meu log atualizado do hijack this

 

 

Logfile of HijackThis v1.99.1

Scan saved at 01:33:57, on 15/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

 

ajuda ai plx

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Dygo!

 

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

___________________

 

>@< Faça e poste,na sua resposta: infoSat.txt + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito