Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

regiane87

[Arquivado] com virus

Recommended Posts

Boa Noite,

meu pc esta infectado com um virus, acho que wintems.exe, nao consigo instalar nenhum anti-virus pq aparece uma msg dizendo que nao eh um aplicativo win32 valido, tentei rodar o hijackthis mas acontece o mesmo.. nao sei o que fazer, por favor me ajudem!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post


Link para o post
Compartilhar em outros sites

apos o scan do msnfix..

 

MSNFix 1.720-1

 

C:\Documents and Settings\oscar\デスクトップ\MSNFix

Fix lan軋do dia 2008/06/12 - 12:51:10.57 By oscar

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\Program Files\MSN Messenger\lvback.gif

... C:\??????.exe

... C:\WINDOWS\Tasks\At1.job

... C:\WINDOWS\Tasks\At2.job

... C:\WINDOWS\system32\ban_list.txt

... C:\WINDOWS\system32\wintems.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\Program Files\MSN Messenger\lvback.gif

.. OK ... C:\??????.exe

.. OK ... C:\WINDOWS\Tasks\At1.job

.. OK ... C:\WINDOWS\Tasks\At2.job

.. OK ... C:\WINDOWS\system32\ban_list.txt

/!\ ... C:\WINDOWS\system32\wintems.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes ser縊 apagado no proximo boot

 

 

************************ Apagando os arquivos

 

.. OK ... C:\WINDOWS\system32\ban_list.txt

/!\ ... C:\WINDOWS\system32\wintems.exe

 

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo 20080612_174231.84.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

 

 

e quanto ao Hijackthis, nao consigo executa-lo, pois diz que nao e um aplicativo win32 valido..

o problema persiste

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Silas,

 

segue o log co combofix:

 

ComboFix 08-06-10.5 - oscar 2008-06-13 7:24:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.1033 [GMT -3:00]

Running from: C:\Documents and Settings\oscar\デスクトップ\Kombo.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\oscar\Application Data\m

C:\Program Files\ActivationManager

C:\Program Files\ActivationManager\ActivationManager.dll

C:\Program Files\ActivationManager\Uninstall.exe

C:\WINDOWS\system32\ban_list.txt

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\down\101203.exe

C:\WINDOWS\system32\drivers\down\101281.exe

C:\WINDOWS\system32\drivers\down\101562.exe

C:\WINDOWS\system32\drivers\down\104593.exe

C:\WINDOWS\system32\drivers\down\105437.exe

C:\WINDOWS\system32\drivers\down\105781.exe

C:\WINDOWS\system32\drivers\down\106046.exe

C:\WINDOWS\system32\drivers\down\107625.exe

C:\WINDOWS\system32\drivers\down\107781.exe

C:\WINDOWS\system32\drivers\down\108468.exe

C:\WINDOWS\system32\drivers\down\109031.exe

C:\WINDOWS\system32\drivers\down\109156.exe

C:\WINDOWS\system32\drivers\down\110328.exe

C:\WINDOWS\system32\drivers\down\110828.exe

C:\WINDOWS\system32\drivers\down\112718.exe

C:\WINDOWS\system32\drivers\down\113015.exe

C:\WINDOWS\system32\drivers\down\113343.exe

C:\WINDOWS\system32\drivers\down\113796.exe

C:\WINDOWS\system32\drivers\down\114031.exe

C:\WINDOWS\system32\drivers\down\114281.exe

C:\WINDOWS\system32\drivers\down\115203.exe

C:\WINDOWS\system32\drivers\down\115281.exe

C:\WINDOWS\system32\drivers\down\115593.exe

C:\WINDOWS\system32\drivers\down\118265.exe

C:\WINDOWS\system32\drivers\down\119734.exe

C:\WINDOWS\system32\drivers\down\122515.exe

C:\WINDOWS\system32\drivers\down\123609.exe

C:\WINDOWS\system32\drivers\down\123812.exe

C:\WINDOWS\system32\drivers\down\125093.exe

C:\WINDOWS\system32\drivers\down\129390.exe

C:\WINDOWS\system32\drivers\down\130265.exe

C:\WINDOWS\system32\drivers\down\142359.exe

C:\WINDOWS\system32\drivers\down\14647437.exe

C:\WINDOWS\system32\drivers\down\14653078.exe

C:\WINDOWS\system32\drivers\down\14658125.exe

C:\WINDOWS\system32\drivers\down\14660296.exe

C:\WINDOWS\system32\drivers\down\14660875.exe

C:\WINDOWS\system32\drivers\down\14665812.exe

C:\WINDOWS\system32\drivers\down\14678390.exe

C:\WINDOWS\system32\drivers\down\14689546.exe

C:\WINDOWS\system32\drivers\down\14693281.exe

C:\WINDOWS\system32\drivers\down\14693671.exe

C:\WINDOWS\system32\drivers\down\14694343.exe

C:\WINDOWS\system32\drivers\down\14699421.exe

C:\WINDOWS\system32\drivers\down\14703093.exe

C:\WINDOWS\system32\drivers\down\14706859.exe

C:\WINDOWS\system32\drivers\down\147093.exe

C:\WINDOWS\system32\drivers\down\14730312.exe

C:\WINDOWS\system32\drivers\down\14732859.exe

C:\WINDOWS\system32\drivers\down\14734171.exe

C:\WINDOWS\system32\drivers\down\14743031.exe

C:\WINDOWS\system32\drivers\down\14745093.exe

C:\WINDOWS\system32\drivers\down\14746843.exe

C:\WINDOWS\system32\drivers\down\14747765.exe

C:\WINDOWS\system32\drivers\down\14752812.exe

C:\WINDOWS\system32\drivers\down\14756546.exe

C:\WINDOWS\system32\drivers\down\14774921.exe

C:\WINDOWS\system32\drivers\down\14783593.exe

C:\WINDOWS\system32\drivers\down\14789078.exe

C:\WINDOWS\system32\drivers\down\14790796.exe

C:\WINDOWS\system32\drivers\down\14793640.exe

C:\WINDOWS\system32\drivers\down\14794906.exe

C:\WINDOWS\system32\drivers\down\14797937.exe

C:\WINDOWS\system32\drivers\down\14799171.exe

C:\WINDOWS\system32\drivers\down\14808968.exe

C:\WINDOWS\system32\drivers\down\14811015.exe

C:\WINDOWS\system32\drivers\down\14812437.exe

C:\WINDOWS\system32\drivers\down\14813015.exe

C:\WINDOWS\system32\drivers\down\14818203.exe

C:\WINDOWS\system32\drivers\down\14854984.exe

C:\WINDOWS\system32\drivers\down\14857421.exe

C:\WINDOWS\system32\drivers\down\14859828.exe

C:\WINDOWS\system32\drivers\down\14860125.exe

C:\WINDOWS\system32\drivers\down\14865468.exe

C:\WINDOWS\system32\drivers\down\14876171.exe

C:\WINDOWS\system32\drivers\down\14886062.exe

C:\WINDOWS\system32\drivers\down\14887187.exe

C:\WINDOWS\system32\drivers\down\14898906.exe

C:\WINDOWS\system32\drivers\down\149046.exe

C:\WINDOWS\system32\drivers\down\14922156.exe

C:\WINDOWS\system32\drivers\down\14930359.exe

C:\WINDOWS\system32\drivers\down\14932812.exe

C:\WINDOWS\system32\drivers\down\14936468.exe

C:\WINDOWS\system32\drivers\down\14939406.exe

C:\WINDOWS\system32\drivers\down\14940625.exe

C:\WINDOWS\system32\drivers\down\14951859.exe

C:\WINDOWS\system32\drivers\down\14953421.exe

C:\WINDOWS\system32\drivers\down\14954640.exe

C:\WINDOWS\system32\drivers\down\14957390.exe

C:\WINDOWS\system32\drivers\down\14982343.exe

C:\WINDOWS\system32\drivers\down\15023031.exe

C:\WINDOWS\system32\drivers\down\15025296.exe

C:\WINDOWS\system32\drivers\down\15029843.exe

C:\WINDOWS\system32\drivers\down\150953.exe

C:\WINDOWS\system32\drivers\down\151218.exe

C:\WINDOWS\system32\drivers\down\154703.exe

C:\WINDOWS\system32\drivers\down\157296.exe

C:\WINDOWS\system32\drivers\down\158921.exe

C:\WINDOWS\system32\drivers\down\161546.exe

C:\WINDOWS\system32\drivers\down\161984.exe

C:\WINDOWS\system32\drivers\down\162734.exe

C:\WINDOWS\system32\drivers\down\163281.exe

C:\WINDOWS\system32\drivers\down\163671.exe

C:\WINDOWS\system32\drivers\down\165609.exe

C:\WINDOWS\system32\drivers\down\167406.exe

C:\WINDOWS\system32\drivers\down\169093.exe

C:\WINDOWS\system32\drivers\down\170640.exe

C:\WINDOWS\system32\drivers\down\170953.exe

C:\WINDOWS\system32\drivers\down\174156.exe

C:\WINDOWS\system32\drivers\down\175203.exe

C:\WINDOWS\system32\drivers\down\175421.exe

C:\WINDOWS\system32\drivers\down\175500.exe

C:\WINDOWS\system32\drivers\down\176000.exe

C:\WINDOWS\system32\drivers\down\178312.exe

C:\WINDOWS\system32\drivers\down\179437.exe

C:\WINDOWS\system32\drivers\down\180312.exe

C:\WINDOWS\system32\drivers\down\180671.exe

C:\WINDOWS\system32\drivers\down\181062.exe

C:\WINDOWS\system32\drivers\down\182515.exe

C:\WINDOWS\system32\drivers\down\183937.exe

C:\WINDOWS\system32\drivers\down\184359.exe

C:\WINDOWS\system32\drivers\down\185921.exe

C:\WINDOWS\system32\drivers\down\186718.exe

C:\WINDOWS\system32\drivers\down\186875.exe

C:\WINDOWS\system32\drivers\down\187843.exe

C:\WINDOWS\system32\drivers\down\187890.exe

C:\WINDOWS\system32\drivers\down\189484.exe

C:\WINDOWS\system32\drivers\down\191500.exe

C:\WINDOWS\system32\drivers\down\191687.exe

C:\WINDOWS\system32\drivers\down\192140.exe

C:\WINDOWS\system32\drivers\down\192578.exe

C:\WINDOWS\system32\drivers\down\193328.exe

C:\WINDOWS\system32\drivers\down\194031.exe

C:\WINDOWS\system32\drivers\down\194531.exe

C:\WINDOWS\system32\drivers\down\195796.exe

C:\WINDOWS\system32\drivers\down\195859.exe

C:\WINDOWS\system32\drivers\down\201828.exe

C:\WINDOWS\system32\drivers\down\205000.exe

C:\WINDOWS\system32\drivers\down\208125.exe

C:\WINDOWS\system32\drivers\down\210453.exe

C:\WINDOWS\system32\drivers\down\212734.exe

C:\WINDOWS\system32\drivers\down\222187.exe

C:\WINDOWS\system32\drivers\down\223890.exe

C:\WINDOWS\system32\drivers\down\225671.exe

C:\WINDOWS\system32\drivers\down\227796.exe

C:\WINDOWS\system32\drivers\down\230078.exe

C:\WINDOWS\system32\drivers\down\234953.exe

C:\WINDOWS\system32\drivers\down\237875.exe

C:\WINDOWS\system32\drivers\down\238500.exe

C:\WINDOWS\system32\drivers\down\238968.exe

C:\WINDOWS\system32\drivers\down\240468.exe

C:\WINDOWS\system32\drivers\down\240531.exe

C:\WINDOWS\system32\drivers\down\242281.exe

C:\WINDOWS\system32\drivers\down\242531.exe

C:\WINDOWS\system32\drivers\down\245234.exe

C:\WINDOWS\system32\drivers\down\246734.exe

C:\WINDOWS\system32\drivers\down\249437.exe

C:\WINDOWS\system32\drivers\down\250593.exe

C:\WINDOWS\system32\drivers\down\253390.exe

C:\WINDOWS\system32\drivers\down\257546.exe

C:\WINDOWS\system32\drivers\down\259140.exe

C:\WINDOWS\system32\drivers\down\260078.exe

C:\WINDOWS\system32\drivers\down\261453.exe

C:\WINDOWS\system32\drivers\down\262093.exe

C:\WINDOWS\system32\drivers\down\263171.exe

C:\WINDOWS\system32\drivers\down\264812.exe

C:\WINDOWS\system32\drivers\down\266375.exe

C:\WINDOWS\system32\drivers\down\270453.exe

C:\WINDOWS\system32\drivers\down\270734.exe

C:\WINDOWS\system32\drivers\down\270796.exe

C:\WINDOWS\system32\drivers\down\273671.exe

C:\WINDOWS\system32\drivers\down\274921.exe

C:\WINDOWS\system32\drivers\down\29200375.exe

C:\WINDOWS\system32\drivers\down\29200390.exe

C:\WINDOWS\system32\drivers\down\29200468.exe

C:\WINDOWS\system32\drivers\down\29200531.exe

C:\WINDOWS\system32\drivers\down\29200562.exe

C:\WINDOWS\system32\drivers\down\29200609.exe

C:\WINDOWS\system32\drivers\down\29200640.exe

C:\WINDOWS\system32\drivers\down\29200703.exe

C:\WINDOWS\system32\drivers\down\29268718.exe

C:\WINDOWS\system32\drivers\down\29279937.exe

C:\WINDOWS\system32\drivers\down\29282593.exe

C:\WINDOWS\system32\drivers\down\29286437.exe

C:\WINDOWS\system32\drivers\down\29313062.exe

C:\WINDOWS\system32\drivers\down\29323218.exe

C:\WINDOWS\system32\drivers\down\29326281.exe

C:\WINDOWS\system32\drivers\down\29331156.exe

C:\WINDOWS\system32\drivers\down\29333812.exe

C:\WINDOWS\system32\drivers\down\29334984.exe

C:\WINDOWS\system32\drivers\down\29345093.exe

C:\WINDOWS\system32\drivers\down\29347171.exe

C:\WINDOWS\system32\drivers\down\29348937.exe

C:\WINDOWS\system32\drivers\down\29349562.exe

C:\WINDOWS\system32\drivers\down\29355421.exe

C:\WINDOWS\system32\drivers\down\29391671.exe

C:\WINDOWS\system32\drivers\down\29393843.exe

C:\WINDOWS\system32\drivers\down\29396484.exe

C:\WINDOWS\system32\drivers\down\29449531.exe

C:\WINDOWS\system32\drivers\down\29456062.exe

C:\WINDOWS\system32\drivers\down\29459031.exe

C:\WINDOWS\system32\drivers\down\29460687.exe

C:\WINDOWS\system32\drivers\down\29464046.exe

C:\WINDOWS\system32\drivers\down\29530500.exe

C:\WINDOWS\system32\drivers\down\29550359.exe

C:\WINDOWS\system32\drivers\down\29553343.exe

C:\WINDOWS\system32\drivers\down\29557328.exe

C:\WINDOWS\system32\drivers\down\29560796.exe

C:\WINDOWS\system32\drivers\down\29561968.exe

C:\WINDOWS\system32\drivers\down\29572218.exe

C:\WINDOWS\system32\drivers\down\29574015.exe

C:\WINDOWS\system32\drivers\down\29575546.exe

C:\WINDOWS\system32\drivers\down\29576171.exe

C:\WINDOWS\system32\drivers\down\29583218.exe

C:\WINDOWS\system32\drivers\down\29620125.exe

C:\WINDOWS\system32\drivers\down\29622406.exe

C:\WINDOWS\system32\drivers\down\29626281.exe

C:\WINDOWS\system32\drivers\down\391656.exe

C:\WINDOWS\system32\drivers\down\393890.exe

C:\WINDOWS\system32\drivers\down\395890.exe

C:\WINDOWS\system32\drivers\down\403359.exe

C:\WINDOWS\system32\drivers\down\43812843.exe

C:\WINDOWS\system32\drivers\down\43815531.exe

C:\WINDOWS\system32\drivers\down\43817187.exe

C:\WINDOWS\system32\drivers\down\43829375.exe

C:\WINDOWS\system32\drivers\down\43855656.exe

C:\WINDOWS\system32\drivers\down\43865750.exe

C:\WINDOWS\system32\drivers\down\43869093.exe

C:\WINDOWS\system32\drivers\down\43871921.exe

C:\WINDOWS\system32\drivers\down\43875218.exe

C:\WINDOWS\system32\drivers\down\43879718.exe

C:\WINDOWS\system32\drivers\down\43889625.exe

C:\WINDOWS\system32\drivers\down\43892093.exe

C:\WINDOWS\system32\drivers\down\43894406.exe

C:\WINDOWS\system32\drivers\down\43897093.exe

C:\WINDOWS\system32\drivers\down\43903343.exe

C:\WINDOWS\system32\drivers\down\439218.exe

C:\WINDOWS\system32\drivers\down\43938593.exe

C:\WINDOWS\system32\drivers\down\43941343.exe

C:\WINDOWS\system32\drivers\down\43952515.exe

C:\WINDOWS\system32\drivers\down\441968.exe

C:\WINDOWS\system32\drivers\down\450312.exe

C:\WINDOWS\system32\drivers\down\58360203.exe

C:\WINDOWS\system32\drivers\down\58369171.exe

C:\WINDOWS\system32\drivers\down\58371765.exe

C:\WINDOWS\system32\drivers\down\58372390.exe

C:\WINDOWS\system32\drivers\down\58381828.exe

C:\WINDOWS\system32\drivers\down\58383078.exe

C:\WINDOWS\system32\drivers\down\58437125.exe

C:\WINDOWS\system32\drivers\down\58445828.exe

C:\WINDOWS\system32\drivers\down\58449140.exe

C:\WINDOWS\system32\drivers\down\58452234.exe

C:\WINDOWS\system32\drivers\down\58455046.exe

C:\WINDOWS\system32\drivers\down\58456187.exe

C:\WINDOWS\system32\drivers\down\58468656.exe

C:\WINDOWS\system32\drivers\down\58470640.exe

C:\WINDOWS\system32\drivers\down\58471921.exe

C:\WINDOWS\system32\drivers\down\58472718.exe

C:\WINDOWS\system32\drivers\down\58478453.exe

C:\WINDOWS\system32\drivers\down\58523468.exe

C:\WINDOWS\system32\drivers\down\58525671.exe

C:\WINDOWS\system32\drivers\down\58528343.exe

C:\WINDOWS\system32\drivers\down\72965171.exe

C:\WINDOWS\system32\drivers\down\72967312.exe

C:\WINDOWS\system32\drivers\down\72967890.exe

C:\WINDOWS\system32\drivers\down\72978859.exe

C:\WINDOWS\system32\drivers\down\73023031.exe

C:\WINDOWS\system32\drivers\down\73034125.exe

C:\WINDOWS\system32\drivers\down\73037125.exe

C:\WINDOWS\system32\drivers\down\73042859.exe

C:\WINDOWS\system32\drivers\down\73045843.exe

C:\WINDOWS\system32\drivers\down\73046718.exe

C:\WINDOWS\system32\drivers\down\73056812.exe

C:\WINDOWS\system32\drivers\down\73058781.exe

C:\WINDOWS\system32\drivers\down\73059953.exe

C:\WINDOWS\system32\drivers\down\91578.exe

C:\WINDOWS\system32\drivers\down\95343.exe

C:\WINDOWS\system32\drivers\down\98156.exe

C:\WINDOWS\system32\drivers\down\98234.exe

C:\WINDOWS\system32\drivers\hldrrr.exe

C:\WINDOWS\system32\drivers\srosa.sys

C:\WINDOWS\system32\mdelk.exe

C:\WINDOWS\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

-------\Service_srosa

 

 

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))

.

 

2008-06-12 08:23 . 2008-06-12 12:26 15,220 --a------ C:\WINDOWS\system32\ban_list.MSNFix

2008-06-11 20:42 . 2008-06-11 21:35 <DIR> d-------- C:\Documents and Settings\oscar\Application Data\Uniblue

2008-06-11 19:58 . 2008-06-12 19:57 <DIR> d-------- C:\!KillBox

2008-06-11 19:37 . 2008-06-11 19:37 <DIR> d-------- C:\Program Files\Windows Defender

2008-06-11 19:29 . 2008-06-11 19:29 <DIR> d-------- C:\Program Files\CCleaner

2008-06-11 07:00 . 2008-06-11 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-06-10 19:47 . 2008-06-10 19:47 <DIR> d-------- C:\Program Files\Zone Labs

2008-06-10 19:39 . 2008-06-10 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-06-10 17:52 . 2008-06-10 17:52 <DIR> d-------- C:\Program Files\AVG

2008-06-10 12:35 . 2008-06-10 19:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-10 07:22 . 2008-06-10 21:37 <DIR> d-------- C:\Program Files\Panda Security

2008-06-10 07:13 . 2008-06-11 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-08 20:45 . 2008-06-08 20:45 <DIR> dr-h----- C:\Documents and Settings\oscar\Application Data\SecuROM

2008-06-08 20:45 . 2008-06-08 20:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-13 10:28 --------- d-----w C:\Documents and Settings\oscar\Application Data\DNA

2008-06-12 15:52 --------- d-----w C:\Program Files\MSN Messenger

2008-06-12 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-11 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 23:16 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-11 10:03 --------- d-----w C:\Documents and Settings\oscar\Application Data\BitTorrent

2008-06-11 01:11 --------- d-----w C:\Program Files\eMule

2008-06-10 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-10 22:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\Symantec

2008-06-08 21:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\SopCast

2008-05-25 07:34 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-18 07:58 --------- d-----w C:\Documents and Settings\oscar\Application Data\BSplayer

2008-05-08 22:10 --------- d-----w C:\Program Files\MSXML 6.0

2008-05-05 11:27 --------- d-----w C:\Program Files\Webteh

2008-05-05 11:27 --------- d-----w C:\Documents and Settings\oscar\Application Data\BSplayer Pro

2008-05-04 23:15 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-05-04 23:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\TuneUp Software

2008-05-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-04 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-04 16:19 --------- d-----w C:\Program Files\TGTSoft

2008-05-04 02:38 --------- d-----w C:\Program Files\Sony

2008-05-04 02:31 --------- d-----w C:\Program Files\ExpWin32

2008-05-04 02:23 --------- d-----w C:\Documents and Settings\oscar\Application Data\Sony Corporation

2008-05-04 02:14 --------- d-----w C:\Program Files\InterVideo

2008-05-03 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-05-03 23:10 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-03 22:05 --------- d-----w C:\Documents and Settings\oscar\Application Data\skypePM

2008-05-01 19:07 --------- d-----w C:\Program Files\YouTube Downloader

2008-05-01 05:49 --------- d-----w C:\Program Files\mIRC

2007-12-13 10:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-07-22 00:23 24,192 ----a-w C:\Documents and Settings\oscar\usbsermptxp.sys

2006-07-22 00:23 22,768 ----a-w C:\Documents and Settings\oscar\usbsermpt.sys

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 114,688 2003-11-07 08:21:28 C:\Program Files\Apoint\bak\Apoint.exe

 

----a-w 43,008 2006-11-01 00:34:54 C:\Program Files\BitTorrent\bak\bittorrent.exe

----a-w 588,080 2007-11-27 22:45:20 C:\Program Files\BitTorrent\bittorrent.exe

 

----a-w 118,984 2005-03-17 21:40:03 C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\bak\IMJPMIG.EXE

 

----a-w 180,269 2006-06-24 15:40:46 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

 

----a-w 245,760 2005-02-16 09:41:14 C:\Program Files\Common Files\Sony Shared\TVTunerLib\bak\TVTLInstTool.exe

 

----a-w 58,984 2008-06-11 23:15:13 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

 

----a-w 32,768 2004-11-02 23:24:46 C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

 

----a-w 36,975 2005-08-26 09:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe

 

----a-w 53,248 2003-05-19 14:21:00 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe

 

----a-w 114,688 2003-05-19 14:21:00 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

 

----a-w 282,624 2006-07-05 07:10:09 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 286,720 2007-06-29 09:24:52 C:\Program Files\QuickTime\QTTask.exe

 

----a-w 45,056 2005-04-29 05:56:44 C:\Program Files\Realtek\InstallShield\bak\AzMixerSel.exe

 

----a-w 192,512 2005-01-31 01:10:44 C:\Program Files\Sony\Do VAIO Remocon\bak\AvRmtCtr.exe

 

----a-w 32,768 2004-02-20 05:12:34 C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe

 

----a-w 118,784 2005-01-21 06:36:40 C:\Program Files\Sony\Prepare your VAIO\bak\PYVAlert.exe

 

----a-w 94,208 2005-08-10 11:24:48 C:\Program Files\Sony\SetGamma\bak\SetGamma.exe

 

----a-w 184,320 2005-10-19 13:07:34 C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe

 

----a-w 151,552 2005-10-11 12:36:38 C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe

 

----a-w 167,936 2005-01-20 11:24:00 C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe

 

----a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE

----a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

 

----a-w 44,032 2004-08-05 12:00:00 C:\WINDOWS\ime\IMKR6_1\bak\IMEKRMIG.EXE

----a-w 44,032 2004-08-05 12:00:00 C:\WINDOWS\ime\IMKR6_1\imekrmig.exe

 

----a-w 15,360 2004-08-05 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-05 12:00:00 C:\WINDOWS\system32\ctfmon.exe

 

----a-w 77,824 2005-06-29 05:33:40 C:\WINDOWS\system32\bak\hkcmd.exe

 

----a-w 114,688 2005-06-29 05:33:42 C:\WINDOWS\system32\bak\igfxpers.exe

 

----a-w 94,208 2005-06-29 05:33:46 C:\WINDOWS\system32\bak\igfxtray.exe

 

----a-w 155,648 2001-07-09 13:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

 

----a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe

----a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

 

----a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE

----a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C893A505-44D3-4184-9888-2179DFF75707}]

2005-05-11 02:37 200704 --a------ C:\Program Files\Sony\EasyRegister\EasyRegister.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-10 03:36 289088]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-08 19:38 204288]

"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 15:17 196864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 09:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]

"Mouse Suite 98 Daemon"="ICO.EXE" []

"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 01:25 14720000 C:\WINDOWS\RTHDCPL.EXE]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 09:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 09:00 59392]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 20:54 269104]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 20:55 707376]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"MircoSoftSN"="system.exe" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"MircoSoftSN"="system.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2004-08-05 09:00 15360 C:\WINDOWS\system32\ctfmon.exe]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 21:04 5562368]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

 

C:\Documents and Settings\Default User\スタート メニュー\プログラム\スタートアップ\

E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2005-11-08 22:55:14 491520]

 

C:\Documents and Settings\Default User\スタート メニュー\プログラム\スタートアップ\

E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2005-11-08 22:55:14 491520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdw000]

mdw000.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2005-05-20 05:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.DIVF"= DivX412.dll

"VIDC.HFYU"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"vidc.xvid"= xvid.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^oscar^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2007-11-27 19:45 588080 C:\Program Files\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

--a------ 2007-08-13 21:04 5562368 C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Sony\\VAIO Media 5.0\\você.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 TxVDrv;TxVDrv;C:\WINDOWS\system32\drivers\TxVDrv.sys [2005-10-05 00:00]

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 20:54]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 05:57]

R2 TxVDrvSvc;TXVDrv Service;C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe [2005-10-05 00:00]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-05 09:00]

R3 Sonyddpu;Sony FeliCa Reader/Writer;C:\WINDOWS\system32\Drivers\Sonyddpu.sys [2005-03-24 04:26]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 05:23]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-04 20:13]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-08 15:07:13 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClick.exe

"2008-06-12 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 13:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 22:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 00:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 01:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-12 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\nUKF1AVx.exe

"2008-06-13 05:11:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2008-06-11 23:42:29 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-06-11 23:42:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-13 07:30:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\conime.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v1.42.exe

G:\57dce38103419df18ea2937224b9d210\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

.

**************************************************************************

.

Completion time: 2008-06-13 7:40:43 - machine was rebooted [oscar]

ComboFix-quarantined-files.txt 2008-06-13 10:40:38

 

9 個のディレクトリ 2,594,103,296 バイトの空き領域

12 個のディレクトリ 2,452,115,456 バイトの空き領域

 

579 --- E O F --- 2008-06-12 20:37:50

 

 

 

agora, como devo proceder?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o bloco de notas e cole as entradas abaixo:

File::

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"?

C:\WINDOWS\Tasks\At12.job"

C:\WINDOWS\Tasks\At13.job"

C:\WINDOWS\Tasks\At14.job"

C:\WINDOWS\Tasks\At15.job"

:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At18.job"

C:\WINDOWS\Tasks\At19.job"

C:\WINDOWS\Tasks\At20.job"

C:\WINDOWS\Tasks\At21.job"

C:\WINDOWS\Tasks\At22.job"

C:\WINDOWS\Tasks\At23.job"

C:\WINDOWS\Tasks\At4.job"

:\WINDOWS\Tasks\At5.job"

C:\WINDOWS\Tasks\At6.job"

C:\WINDOWS\Tasks\At7.job"

C:\WINDOWS\Tasks\At8.job"

C:\WINDOWS\Tasks\At9.job"

C:\WINDOWS\system32\nUKF1AVx.exe

Salve como CFScript.txt e arraste parao combofix, como figura abaixo:

 

 

 

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

combofiztu1.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

Aguardo Retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

agora ja consigo instalar um anti-virus.. muito obrigada!!

 

o log do combofix e hjt respectivamente:

 

ComboFix 08-06-10.5 - oscar 2008-06-13 20:39:05.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.754 [GMT -3:00]

Running from: C:\Documents and Settings\oscar\デスクトップ\Kombo.exe

Command switches used :: C:\Documents and Settings\oscar\デスクトップ\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\nUKF1AVx.exe

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))

.

 

2008-06-13 07:41 . 2008-06-13 07:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-06-12 08:23 . 2008-06-12 12:26 15,220 --a------ C:\WINDOWS\system32\ban_list.MSNFix

2008-06-11 20:42 . 2008-06-11 21:35 <DIR> d-------- C:\Documents and Settings\oscar\Application Data\Uniblue

2008-06-11 19:58 . 2008-06-12 19:57 <DIR> d-------- C:\!KillBox

2008-06-11 19:37 . 2008-06-11 19:37 <DIR> d-------- C:\Program Files\Windows Defender

2008-06-11 19:29 . 2008-06-11 19:29 <DIR> d-------- C:\Program Files\CCleaner

2008-06-11 07:00 . 2008-06-11 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-06-10 19:47 . 2008-06-10 19:47 <DIR> d-------- C:\Program Files\Zone Labs

2008-06-10 19:39 . 2008-06-10 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-06-10 17:52 . 2008-06-10 17:52 <DIR> d-------- C:\Program Files\AVG

2008-06-10 12:35 . 2008-06-10 19:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-10 07:22 . 2008-06-10 21:37 <DIR> d-------- C:\Program Files\Panda Security

2008-06-10 07:13 . 2008-06-11 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-08 20:45 . 2008-06-08 20:45 <DIR> dr-h----- C:\Documents and Settings\oscar\Application Data\SecuROM

2008-06-08 20:45 . 2008-06-08 20:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-13 23:41 --------- d-----w C:\Documents and Settings\oscar\Application Data\DNA

2008-06-12 15:52 --------- d-----w C:\Program Files\MSN Messenger

2008-06-12 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-11 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 23:16 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-11 10:03 --------- d-----w C:\Documents and Settings\oscar\Application Data\BitTorrent

2008-06-11 01:11 --------- d-----w C:\Program Files\eMule

2008-06-10 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-10 22:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\Symantec

2008-06-08 21:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\SopCast

2008-05-25 07:34 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-18 07:58 --------- d-----w C:\Documents and Settings\oscar\Application Data\BSplayer

2008-05-08 22:10 --------- d-----w C:\Program Files\MSXML 6.0

2008-05-05 11:27 --------- d-----w C:\Program Files\Webteh

2008-05-05 11:27 --------- d-----w C:\Documents and Settings\oscar\Application Data\BSplayer Pro

2008-05-04 23:15 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-05-04 23:13 --------- d-----w C:\Documents and Settings\oscar\Application Data\TuneUp Software

2008-05-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-04 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-04 16:19 --------- d-----w C:\Program Files\TGTSoft

2008-05-04 02:38 --------- d-----w C:\Program Files\Sony

2008-05-04 02:31 --------- d-----w C:\Program Files\ExpWin32

2008-05-04 02:23 --------- d-----w C:\Documents and Settings\oscar\Application Data\Sony Corporation

2008-05-04 02:14 --------- d-----w C:\Program Files\InterVideo

2008-05-03 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-05-03 23:10 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-03 22:05 --------- d-----w C:\Documents and Settings\oscar\Application Data\skypePM

2008-05-01 19:07 --------- d-----w C:\Program Files\YouTube Downloader

2008-05-01 05:49 --------- d-----w C:\Program Files\mIRC

2007-12-13 10:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-07-22 00:23 24,192 ----a-w C:\Documents and Settings\oscar\usbsermptxp.sys

2006-07-22 00:23 22,768 ----a-w C:\Documents and Settings\oscar\usbsermpt.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-13_ 7.37.22.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-13 10:29:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-13 23:42:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-06 01:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-29 19:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-06-13 23:42:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 114,688 2003-11-07 08:21:28 C:\Program Files\Apoint\bak\Apoint.exe

 

----a-w 43,008 2006-11-01 00:34:54 C:\Program Files\BitTorrent\bak\bittorrent.exe

----a-w 588,080 2007-11-27 22:45:20 C:\Program Files\BitTorrent\bittorrent.exe

 

----a-w 118,984 2005-03-17 21:40:03 C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\bak\IMJPMIG.EXE

 

----a-w 180,269 2006-06-24 15:40:46 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

 

----a-w 245,760 2005-02-16 09:41:14 C:\Program Files\Common Files\Sony Shared\TVTunerLib\bak\TVTLInstTool.exe

 

----a-w 58,984 2008-06-11 23:15:13 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

 

----a-w 32,768 2004-11-02 23:24:46 C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

 

----a-w 36,975 2005-08-26 09:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe

 

----a-w 53,248 2003-05-19 14:21:00 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe

 

----a-w 114,688 2003-05-19 14:21:00 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

 

----a-w 282,624 2006-07-05 07:10:09 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 286,720 2007-06-29 09:24:52 C:\Program Files\QuickTime\QTTask.exe

 

----a-w 45,056 2005-04-29 05:56:44 C:\Program Files\Realtek\InstallShield\bak\AzMixerSel.exe

 

----a-w 192,512 2005-01-31 01:10:44 C:\Program Files\Sony\Do VAIO Remocon\bak\AvRmtCtr.exe

 

----a-w 32,768 2004-02-20 05:12:34 C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe

 

----a-w 118,784 2005-01-21 06:36:40 C:\Program Files\Sony\Prepare your VAIO\bak\PYVAlert.exe

 

----a-w 94,208 2005-08-10 11:24:48 C:\Program Files\Sony\SetGamma\bak\SetGamma.exe

 

----a-w 184,320 2005-10-19 13:07:34 C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe

 

----a-w 151,552 2005-10-11 12:36:38 C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe

 

----a-w 167,936 2005-01-20 11:24:00 C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe

 

----a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE

----a-w 208,952 2004-08-05 12:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

 

----a-w 44,032 2004-08-05 12:00:00 C:\WINDOWS\ime\IMKR6_1\bak\IMEKRMIG.EXE

----a-w 44,032 2004-08-05 12:00:00 C:\WINDOWS\ime\IMKR6_1\imekrmig.exe

 

----a-w 15,360 2004-08-05 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-05 12:00:00 C:\WINDOWS\system32\ctfmon.exe

 

----a-w 77,824 2005-06-29 05:33:40 C:\WINDOWS\system32\bak\hkcmd.exe

 

----a-w 114,688 2005-06-29 05:33:42 C:\WINDOWS\system32\bak\igfxpers.exe

 

----a-w 94,208 2005-06-29 05:33:46 C:\WINDOWS\system32\bak\igfxtray.exe

 

----a-w 155,648 2001-07-09 13:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

 

----a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe

----a-w 59,392 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

 

----a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE

----a-w 455,168 2004-08-05 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C893A505-44D3-4184-9888-2179DFF75707}]

2005-05-11 02:37 200704 --a------ C:\Program Files\Sony\EasyRegister\EasyRegister.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-10 03:36 289088]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-08 19:38 204288]

"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 15:17 196864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 09:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 01:25 14720000 C:\WINDOWS\RTHDCPL.EXE]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 09:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 09:00 59392]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 20:54 269104]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 20:55 707376]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2004-08-05 09:00 15360 C:\WINDOWS\system32\ctfmon.exe]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 21:04 5562368]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

 

C:\Documents and Settings\Default User\スタート メニュー\プログラム\スタートアップ\

E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2005-11-08 22:55:14 491520]

 

C:\Documents and Settings\Default User\スタート メニュー\プログラム\スタートアップ\

E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2005-11-08 22:55:14 491520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdw000]

mdw000.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2005-05-20 05:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.DIVF"= DivX412.dll

"VIDC.HFYU"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"vidc.xvid"= xvid.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^oscar^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2007-11-27 19:45 588080 C:\Program Files\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

--a------ 2007-08-13 21:04 5562368 C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Sony\\VAIO Media 5.0\\você.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 TxVDrv;TxVDrv;C:\WINDOWS\system32\drivers\TxVDrv.sys [2005-10-05 00:00]

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 20:54]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 05:57]

R2 TxVDrvSvc;TXVDrv Service;C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe [2005-10-05 00:00]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-05 09:00]

R3 Sonyddpu;Sony FeliCa Reader/Writer;C:\WINDOWS\system32\Drivers\Sonyddpu.sys [2005-03-24 04:26]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 05:23]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-04 20:13]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-13 22:21:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClick.exe

"2008-06-13 05:11:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-13 20:42:53

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-06-13 20:48:50 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-13 23:48:45

ComboFix2.txt 2008-06-13 10:40:44

 

9 個のディレクトリ 2,447,007,744 バイトの空き領域

11 個のディレクトリ 2,559,516,672 バイトの空き領域

 

268 --- E O F --- 2008-06-13 10:41:10

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:12:00, on 2008/06/14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft LifeCam\MSCamSvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\vVX3000.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: InfoMaker Class - {C893A505-44D3-4184-9888-2179DFF75707} - C:\Program Files\Sony\EasyRegister\EasyRegister.dll

O2 - BHO: FeliCaブラウザエクステンション - {EC5D2125-D8AB-4a18-A599-D97D2731DE19} - C:\Program Files\Sony\FeliCaBrowserExtension\fbe.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart

O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/Owner/2006a.html

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/p...opcaploader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: mdw000 - mdw000.dll (file missing)

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TXVDrv Service (TxVDrvSvc) - Unknown owner - C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.