[Arquivado] Muitos virus

[Maurelli 0]

Galera pelo que parece estou infectado com muitos virus, meu NOD 32 os detecta mas eu clico em remover e quando eu passo o antivirus de novo lá estão eles....

PS: São muitos...

Aqui segue o log do HijackThis, se alguem puder me ajudar eu agradeço..

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:48:39, on 15/2/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Program Files\Venturi2\Configurator\ventcfg.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Program Files\Venturi2\Client\ventc.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Venturi 2.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

[DigRam 144]

Boa Noite Maurelli!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no teclado ou mouse!

_______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Maurelli 0]

Pronto...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:00:06, on 16/2/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Program Files\Venturi2\Client\ventc.exe

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Venturi2\Configurator\ventcfg.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Venturi 2.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

 

________________________________________________________________________________

________________

 

ComboFix 08-02-16.2 - Caio 2008-02-16 20:54:12.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.728 [GMT -3:00]

Executando de: C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\.exe

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll

C:\WINDOWS\system32\wsnpoem\audio.dll.cla

C:\WINDOWS\system32\wsnpoem\video.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_FMTR

 

 

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))

.

 

2008-02-15 20:28 . 2008-02-15 20:28 <DIR> d-------- C:\Arquivos de programas\Repair Registry Pro

2008-02-15 19:52 . 2003-07-25 11:17 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll

2008-02-15 19:44 . 2008-02-15 19:44 <DIR> d-------- C:\Arquivos de programas\e-Games

2008-02-15 17:48 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-02-15 17:33 . 2008-02-15 17:33 <DIR> d---s---- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\UserData

2008-02-15 17:21 . 2008-02-15 17:24 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-02-14 20:06 . 2008-02-14 20:06 <DIR> d-------- C:\Arquivos de programas\RegFix Mantra

2008-02-14 18:49 . 2008-02-14 19:04 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-02-13 22:03 . 2008-02-13 22:04 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos\Media Player Classic

2008-02-11 21:55 . 2008-02-11 21:56 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Shared

2008-02-11 21:55 . 2008-02-11 22:00 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Incomplete

2008-02-11 21:55 . 2008-02-11 22:01 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos\LimeWire

2008-02-09 01:22 . 2008-02-09 01:23 <DIR> d-------- C:\Soldat

2008-02-09 00:56 . 2008-02-09 00:56 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos\Soldat

2008-02-08 14:01 . 2008-02-08 14:01 268 --ah----- C:\sqmdata13.sqm

2008-02-08 14:01 . 2008-02-08 14:01 244 --ah----- C:\sqmnoopt13.sqm

2008-02-07 17:12 . 2008-02-07 17:13 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Contacts

2008-02-07 17:11 . 2008-02-07 17:11 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos\teamspeak2

2008-02-06 23:45 . 2008-02-06 23:45 <DIR> d-------- C:\Arquivos de programas\Phoenxsoftware

2008-02-06 23:41 . 2008-02-06 23:41 <DIR> d-------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos\MSN6

2008-02-06 23:39 . 2004-01-27 18:25 <DIR> d--h----- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Modelos

2008-02-06 23:39 . 2008-02-15 20:34 <DIR> dr------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Meus documentos

2008-02-06 23:39 . 2008-02-14 19:04 <DIR> dr------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Menu Iniciar

2008-02-06 23:39 . 2008-02-06 23:39 <DIR> dr------- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Favoritos

2008-02-06 23:39 . 2008-02-14 19:04 <DIR> d--h----- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Dados de aplicativos

2008-02-06 23:39 . 2008-02-06 23:39 <DIR> d--h----- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Configurações locais

2008-02-06 23:39 . 2004-01-27 19:19 <DIR> d--h----- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Ambiente de rede

2008-02-06 23:39 . 2004-01-27 19:19 <DIR> d--h----- C:\Documents and Settings\Caio.MAURELLI-HOTVHN\Ambiente de impressão

2008-02-06 23:39 . 2008-02-06 23:39 268 --ah----- C:\sqmdata12.sqm

2008-02-06 23:39 . 2008-02-06 23:39 244 --ah----- C:\sqmnoopt12.sqm

2008-02-03 11:50 . 2008-02-03 11:50 268 --ah----- C:\sqmdata11.sqm

2008-02-03 11:50 . 2008-02-03 11:50 244 --ah----- C:\sqmnoopt11.sqm

2008-02-01 19:28 . 2008-02-15 20:24 <DIR> d-------- C:\Arquivos de programas\RF Revolution

2008-01-30 22:47 . 2008-01-30 22:47 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-01-30 17:48 . 2008-01-30 17:48 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-01-30 17:37 . 2008-01-30 17:37 <DIR> d-------- C:\Arquivos de programas\PC Registry Cleaner

2008-01-30 17:37 . 2008-01-30 17:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-19 17:48 . 2008-01-19 17:48 268 --ah----- C:\sqmdata10.sqm

2008-01-19 17:48 . 2008-01-19 17:48 244 --ah----- C:\sqmnoopt10.sqm

2008-01-18 21:37 . 2008-01-18 21:37 268 --ah----- C:\sqmdata09.sqm

2008-01-18 21:37 . 2008-01-18 21:37 244 --ah----- C:\sqmnoopt09.sqm

2008-01-18 10:06 . 2008-01-18 10:06 268 --ah----- C:\sqmdata08.sqm

2008-01-18 10:06 . 2008-01-18 10:06 244 --ah----- C:\sqmnoopt08.sqm

2008-01-16 21:36 . 2005-05-26 14:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-01-16 21:27 . 2007-05-16 15:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-01-16 21:19 . 2008-01-16 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-01-16 21:02 . 2004-06-16 05:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-15 22:44 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-07 22:08 --------- d-----w C:\Arquivos de programas\ESET

2008-01-30 22:00 --------- d-----w C:\Arquivos de programas\Google

2008-01-17 00:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-01-15 22:37 --------- d-----w C:\Arquivos de programas\LimeWire

2008-01-15 22:00 --------- d-----w C:\Arquivos de programas\AnMing

2008-01-15 21:35 720,896 ----a-w C:\WINDOWS\iun6002.exe

2007-12-24 22:33 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2007-12-24 22:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2007-12-24 22:29 23,616 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys

2007-12-24 22:24 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

2007-12-23 19:04 --------- d-----w C:\Arquivos de programas\NCH Software

2007-12-23 18:52 --------- d-----w C:\Arquivos de programas\MIKSOFT

2007-12-23 16:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-23 15:22 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-12-23 15:22 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2007-12-23 01:56 --------- d-----w C:\Documents and Settings\Walmir\Dados de aplicativos\LimeWire

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 11:08 13312]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-07-28 01:35 949376]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"WatchDog"="C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 03:42 36864]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 11:08 13312]

 

 

 

O que faço agora???

[DigRam 144]

Boa Noite Maurelli!

 

>@< Faça um scan,com o seu Nod32,e verifique se o mesmo detecta os vírus e os remove.

______________________

 

>@< Algum problema,ainda,com o computador?

>@< O Log está Limpo!

 

Abraços!

[Maurelli 0]

Cara passei o antivirus ele detectou soh 3 virus, bem melhor pq ele detectava uns 15...

mas agora está falando que eu estou infectado com uma Variante de win32/poebot trojan....

O que fasso????

[DigRam 144]

Boa Noite Maurelli!

 

>@< Faça o download do a-squared Free 3.0

 

Link Opcional: < a-squared >

 

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Caso possa,procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.