[Resolvido] IEXPLORE.EXE abre toda hora ==virus,spyware?

[bielmontes 0]

o IEXPLORE.EXE fica abrindo toda hora ja passei meu antivirus ele retirou alguns mas mesmo assim continua abrindo...

alguem me ajuda pelo amor de deus

 

log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 16:05:20, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

M:\Gabriel\aaw\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\MMKeybd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

m:\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\taskmgr.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: MMKeybd.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?01d5199ecea5428e9af199ec67087c61

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?01d5199ecea5428e9af199ec67087c61

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFF2A062-63B7-4647-AA8F-7F8671A577C5}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - M:\Gabriel\aaw\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[jgarcia 1]

Opa bielmontes,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[bielmontes 0]

o beleza, desculpa a demora

 

bom aqui o log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 22:39:34, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

M:\Gabriel\aaw\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\MMKeybd.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\explorer.exe

M:\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Winpooch] m:\gabriel\dog\Winpooch.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: MMKeybd.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?01d5199ecea5428e9af199ec67087c61

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?01d5199ecea5428e9af199ec67087c61

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFF2A062-63B7-4647-AA8F-7F8671A577C5}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - M:\Gabriel\aaw\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

aqui o do combofix:

ComboFix 08-03-22.1 - GABRIEL 2008-03-23 21:27:20.1 - NTFSx86

Executando de: M:\Gabriel\cm\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\exefld

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

 

2008-03-22 19:59 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-03-22 19:59 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-03-22 14:10 . 2008-03-22 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-22 14:09 . 2008-03-22 14:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-21 20:27 . 2008-03-21 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-03-21 20:10 . 2008-03-21 20:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-21 14:39 . 2008-03-21 14:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 14:18 . 2008-03-21 14:52 <DIR> d-------- C:\Documents and Settings\GABRIEL\.housecall6.6

2008-03-21 09:14 . 2008-03-21 09:14 <DIR> d-------- C:\Arquivos de programas\eAcceleration

2008-03-21 09:12 . 2008-03-21 09:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\eAcceleration

2008-03-20 19:43 . 2008-03-22 16:04 <DIR> d-------- C:\HijackThis

2008-03-20 17:29 . 2008-03-20 18:12 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2008-03-19 19:11 . 2008-03-19 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2008-03-19 13:20 . 2008-03-19 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-18 16:56 . 2008-03-18 16:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-18 16:56 . 2008-03-18 16:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 16:56 . 2008-03-18 16:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-18 16:56 . 2008-03-18 16:56 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-12 21:17 . 2004-08-30 21:00 1,470,464 --a------ C:\WINDOWS\system32\WinSecure.exe

2008-03-12 21:17 . 2008-03-12 21:17 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-03-02 14:09 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-03-02 13:02 . 2002-03-27 14:54 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll

2008-03-02 13:02 . 2002-03-29 10:13 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-22 23:31 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-22 19:24 4,980,736 ---ha-w C:\Documents and Settings\°Cris°\NTUSER.DAT

2008-03-22 19:24 4,980,736 ---ha-w C:\Documents and Settings\°Cris°\NTUSER.DAT

2008-03-13 00:17 753,664 ----a-w C:\WINDOWS\system32\NTSpool.exe

2008-02-21 02:05 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-21 02:05 129,784 -c----w C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe

2008-02-21 02:05 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 14:40 172032]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 07:49 217088]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:45 110592 C:\WINDOWS\system32\bthprops.cpl]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-11-06 16:50 185632]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

"Winpooch"="m:\gabriel\dog\Winpooch.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

MMKeybd.exe [2002-06-19 09:50:36 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Security Tool"= WinSecure.exe

"NTSpool"= NTSpool.exe

"NT Security Service"= NTSecurity.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"M:\\Gabriel\\CDs\\DreMule\\emule.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde7e020-edde-11db-86d4-000854d5608f}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-24 00:50:03 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

"2008-03-24 00:25:01 C:\WINDOWS\Tasks\WebReg 20070101212514.job"

- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20070101212514 /N

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 22:01:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-23 22:11:30

ComboFix-quarantined-files.txt 2008-03-24 01:10:45

 

a,meu amigo me disse para fazer um scan com o kaspersky scan ai ta aqui o log caso isso tambem possa ajudar:

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 23, 2008 7:39:46 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 21/03/2008

Kaspersky Anti-Virus database records: 653398

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

M:\

 

Scan Statistics:

Total number of scanned objects: 53329

Number of viruses found: 12

Number of infected objects: 25

Number of suspicious objects: 0

Duration of the scan process: 22:21:33

 

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\autorun.inf Infected: Trojan.Win32.VB.aqt skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\cris\Configurações locais\Temp\bl4ck.com Infected: Trojan-Downloader.Win32.Banload.brq skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Histórico\History.IE5\MSHist012008032320080324\index.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\TEMP1.ZIP/Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\TEMP1.ZIP CAB: infected - 1 skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Configurações locais\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\GABRIEL\Dados de aplicativos\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\GABRIEL\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\GABRIEL\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142358.exe Infected: Trojan-Spy.Win32.Ardamax.e skipped

C:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142359.exe Infected: Trojan-Spy.Win32.Ardamax.f skipped

C:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142360.exe Infected: Trojan-Spy.Win32.Banker.chc skipped

C:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP141\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\NTSecurity.exe Infected: Trojan-Downloader.Win32.Agent.kzm skipped

C:\WINDOWS\system32\NTSpool.exe Infected: Trojan.Win32.Agent.ftz skipped

C:\WINDOWS\system32\Sys32\WMDJ.006 Infected: not-a-virus:Monitor.Win32.Ardamax.o skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\WinSecure.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

M:\Cristina\Meus arquivos recebidos\incredimail_install.zip/incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.b skipped

M:\Cristina\Meus arquivos recebidos\incredimail_install.zip ZIP: infected - 1 skipped

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip/UltraVNC-100-RC18-Setup.exe/Stream/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip/UltraVNC-100-RC18-Setup.exe/Stream Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip/UltraVNC-100-RC18-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip ZIP: infected - 3 skipped

M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP133\A0131738.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP136\A0137385.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142361.inf Infected: Trojan.Win32.VB.aqt skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142362.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142363.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142364.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP138\A0142365.Exe Infected: Worm.Win32.Viking.ce skipped

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}\RP141\change.log Object is locked skipped

 

Scan process completed.

 

ps:desculpa o post gigante

[jgarcia 1]

Opa bielmontes,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

M:\Cristina\Meus arquivos recebidos\incredimail_install.zip

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\Installer-Crack-Keygen.exe

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\TEMP1.ZIP

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\rar.exe

C:\WINDOWS\system32\WinSecure.exe

C:\WINDOWS\system32\NTSpool.exe

C:\WINDOWS\system32\NTSecurity.exe

C:\WINDOWS\system32\Sys32\WMDJ.006

C:\WINDOWS\Tasks\WebReg 20070101212514.job

C:\WINDOWS\unvise32.exe

C:\autorun.inf

Folder::

C:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}

M:\System Volume Information\_restore{F9DDFF7D-FAC3-4B24-BADB-38AFF40E1E72}

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Security Tool"=-

"NTSpool"=-

"NT Security Service"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde7e020-edde-11db-86d4-000854d5608f}]=-

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[bielmontes 0]

po cara nao sei se resolveu mais por enquanto nao abriu mais nenhuma pagina do explorer :grin:

bom aqui esta o log do combofix:

 

ComboFix 08-03-22.1 - GABRIEL 2008-03-24 8:25:53.2 - NTFSx86

Executando de: M:\Gabriel\cm\ComboFix.exe

Command switches used :: C:\Documents and Settings\GABRIEL\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\autorun.inf

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\Installer-Crack-Keygen.exe

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\TEMP1.ZIP

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\NTSecurity.exe

C:\WINDOWS\system32\NTSpool.exe

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\rar.exe

C:\WINDOWS\system32\Sys32\WMDJ.006

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\WinSecure.exe

C:\WINDOWS\Tasks\WebReg 20070101212514.job

C:\WINDOWS\unvise32.exe

M:\Cristina\Meus arquivos recebidos\incredimail_install.zip

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\Installer-Crack-Keygen.exe

C:\Documents and Settings\GABRIEL\Configurações locais\Temp\TEMP1.ZIP

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\NTSecurity.exe

C:\WINDOWS\system32\NTSpool.exe

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\rar.exe

C:\WINDOWS\system32\Sys32\WMDJ.006

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\WinSecure.exe

C:\WINDOWS\Tasks\WebReg 20070101212514.job

C:\WINDOWS\unvise32.exe

M:\Cristina\Meus arquivos recebidos\incredimail_install.zip

M:\Cristina\Meus arquivos recebidos\UltraVNC-100-RC18-Setup.zip

 

.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))

.

 

2008-03-22 19:59 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-03-22 19:59 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-03-22 14:10 . 2008-03-22 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-22 14:09 . 2008-03-22 14:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-21 20:27 . 2008-03-21 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-03-21 20:10 . 2008-03-21 20:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-21 14:39 . 2008-03-21 14:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 14:18 . 2008-03-21 14:52 <DIR> d-------- C:\Documents and Settings\GABRIEL\.housecall6.6

2008-03-21 09:14 . 2008-03-21 09:14 <DIR> d-------- C:\Arquivos de programas\eAcceleration

2008-03-21 09:12 . 2008-03-21 09:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\eAcceleration

2008-03-20 19:43 . 2008-03-23 22:38 <DIR> d-------- C:\HijackThis

2008-03-20 17:29 . 2008-03-20 18:12 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2008-03-19 19:11 . 2008-03-19 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2008-03-19 13:20 . 2008-03-19 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-18 16:56 . 2008-03-18 16:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-02 13:02 . 2002-03-27 14:54 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll

2008-03-02 13:02 . 2002-03-29 10:13 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 11:06 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-21 02:05 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-21 02:05 129,784 -c----w C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe

2008-02-21 02:05 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-23_22.08.04,37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-24 12:01:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 14:40 172032]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 07:49 217088]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:45 110592 C:\WINDOWS\system32\bthprops.cpl]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-11-06 16:50 185632]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

"Winpooch"="m:\gabriel\dog\Winpooch.exe" [ ]

"combofix"="C:\WINDOWS\system32\CF22138.exe" [2004-08-04 00:45 400384]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

MMKeybd.exe [2002-06-19 09:50:36 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"M:\\Gabriel\\CDs\\DreMule\\emule.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

 

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]

S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-09-05 20:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde7e020-edde-11db-86d4-000854d5608f}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-24 01:50:05 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

ps:esqueci de perguntar criou duas pastaa em m:\qoobox e outra c:\qoobox, o que é isso?

[bielmontes 0]

o cara desculpa o post duplo mais é qui agora aparece uma janela aqui mais fica aparecendo muitas:

 

primeiro aparece essa:

svchost.exe

exceção exceção de software desconhecida (0xc0000409) em 0x5bcba3c0

 

e depois essa:

generic host process for win32 services

O Generic Host Process for Win32 Services encontrou um problema e precisa ser fechado.

se estava no meio se um processo, você poderá perder as informações com as quais estava trabalhando.

 

desculpa te torra a paciencia mais ta plantando erro no pc...

[jgarcia 1]

Opa bielmontes,

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

No painel à direita localize e delete as seguintes entradas:

 

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u"

"Winpooch"="m:\gabriel\dog\Winpooch.exe"

"combofix"="C:\WINDOWS\system32\CF22138.exe"

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

Localize e delete a seguinte pasta

 

{bde7e020-edde-11db-86d4-000854d5608f}

 

Saia do Editor do Registro.

 

Agora, vamos tentar resolver o outro problema por meio do CCleaner -> baixe aqui.

 

1. Para efetivar a limpeza basta marcar a opção Limpeza – no alto e à esquerda – e clicar em Executar Limpeza – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

 

2. Para a correção de erros basta escolher a opção Registro – no alto e à esquerda – clicar em Procurar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

 

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

 

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

 

Execute as ações acima (apenas 1. e 2.) e retorne com o resultado.

 

... quanto à sua dúvida:

ps:esqueci de perguntar criou duas pastaa em m:\qoobox e outra c:\qoobox, o que é isso?

É um procedimento comum do ComboFix, portanto não se preocupe.

 

Abraços.

[bielmontes 0]

nossa cara valeu mesmo, agora meu pc ta 100% voce me ajudou mesmo muito obrigado cara, sem palavras

vlw mesmo, até a proxima :clap: :clap: :clap: :clap: :clap:

[jgarcia 1]

Opa bielmontes,

 

Fico feliz por saber que o seu problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.