[Resolvido!] VIRUS NO MSN E NU PC OMG!

hanabi · Outubro 9, 2008

bom.. meu computador recebeu um daqueles virus de MSN... quando entro nu msn ele fika mandando arquivos para baixar pro meus colegas porém... passei us anti-virus.. e detectaram win32rookie algo assim! mais agr meu msn num abre e meu pc fiko lerdo!

u log du hijackthis!

Logfile of HijackThis v1.99.1

Scan saved at 20:02:29, on 9/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Windows Defender\MsMpEng.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\ZoneLabs\vsmon.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\igfxtray.exe

E:\WINDOWS\system32\hkcmd.exe

E:\WINDOWS\system32\igfxpers.exe

E:\Arquivos de programas\ASUSTeK\ASUSDVD\PDVDServ.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe

E:\Arquivos de programas\Windows Defender\MSASCui.exe

E:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

E:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\Arquivos de programas\WinRAR\WinRAR.exe

E:\DOCUME~1\AVELIN~1\CONFIG~1\Temp\Rar$EX84.312\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\Documents and Settings\Avelino Silva\eid.exe \o

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)

O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "E:\Arquivos de programas\ASUSTeK\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [HP Software Update] E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [smartRAM] E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe /m

O4 - HKLM\..\Run: [Windows Defender] "E:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ccleaner] "E:\Arquivos de programas\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [Orb] "E:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://E:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219505082828

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

me ajudem por favor!!!!!!!!! quero q meu pc fike livre dessa infecção!

PedroN · Outubro 10, 2008

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

hanabi · Outubro 10, 2008

ComboFix 08-10-09.06 - Avelino Silva 2008-10-10 13:37:56.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.622 [GMT -3:00]

Executando de: E:\Documents and Settings\Avelino Silva\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))))

.

2008-10-09 17:14 . 2008-10-09 17:14 <DIR> d-------- E:\WINDOWS\system32\NtmsData

2008-10-09 16:52 . 2008-10-09 19:06 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-09 16:52 . 2008-10-09 16:59 <DIR> d-------- E:\Arquivos de programas\Spybot - Search & Destroy

2008-10-09 16:46 . 2008-10-09 16:46 <DIR> d-------- E:\Arquivos de programas\Windows Defender

2008-10-09 14:27 . 2008-10-09 14:27 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Dados de aplicativos\IObit

2008-10-09 13:32 . 2008-10-09 13:32 <DIR> d-------- E:\Arquivos de programas\Microsoft

2008-10-08 22:24 . 2008-10-08 22:24 236 --a------ E:\sqmdata05.sqm

2008-10-08 22:24 . 2008-10-08 22:24 200 --a------ E:\sqmnoopt05.sqm

2008-10-08 22:16 . 2008-10-09 13:32 <DIR> d-------- E:\MSNCleaner

2008-10-08 21:27 . 2008-10-09 13:32 <DIR> d-------- E:\Arquivos de programas\Windows Live Safety Center

2008-10-08 21:24 . 2008-10-09 19:17 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Tracing

2008-10-08 21:14 . 2008-10-08 21:14 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-03 17:47 . 2001-09-05 23:50 99,328 --a------ E:\WINDOWS\system32\srusd.dll

2008-10-03 17:47 . 2001-09-05 23:50 99,328 --a--c--- E:\WINDOWS\system32\dllcache\srusd.dll

2008-10-03 17:47 . 2001-09-05 23:50 71,680 --a------ E:\WINDOWS\system32\fnfilter.dll

2008-10-03 17:47 . 2001-09-05 23:50 71,680 --a--c--- E:\WINDOWS\system32\dllcache\fnfilter.dll

2008-10-03 17:47 . 2001-09-05 23:27 6,912 --a------ E:\WINDOWS\system32\drivers\serscan.sys

2008-10-03 17:47 . 2001-09-05 23:27 6,912 --a--c--- E:\WINDOWS\system32\dllcache\serscan.sys

2008-09-22 07:11 . 2008-09-22 07:11 <DIR> d-------- E:\Arquivos de programas\Realteck

2008-09-20 14:39 . 2008-09-20 14:39 244 --ah----- E:\sqmnoopt04.sqm

2008-09-20 14:39 . 2008-09-20 14:39 232 --ah----- E:\sqmdata04.sqm

2008-09-17 19:53 . 2008-09-17 19:53 <DIR> d-------- E:\Arquivos de programas\Easy Icon Maker

2008-09-17 19:40 . 2008-09-17 19:42 <DIR> d-------- E:\Arquivos de programas\Password Protect

2008-09-17 19:20 . 2008-09-17 19:20 6,693 --a------ E:\78875.sym

2008-09-17 19:20 . 2008-09-17 19:20 3,982 --a------ E:\WINDOWS\kj01d.sys

2008-09-17 19:17 . 2008-09-17 19:27 246 --a------ E:\WINDOWS\z56k2.ini

2008-09-16 22:26 . 2008-09-16 22:26 <DIR> d-------- E:\Arquivos de programas\MSXML 4.0

2008-09-15 17:12 . 2008-10-03 09:52 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Image Zone Express

2008-09-15 17:10 . 2008-09-15 17:15 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Dados de aplicativos\HP

2008-09-15 17:09 . 2008-09-15 17:09 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-09-15 17:07 . 2008-09-15 17:08 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\HP

2008-09-15 17:03 . 2008-09-15 17:04 <DIR> d-------- E:\Arquivos de programas\Hewlett-Packard

2008-09-15 17:01 . 2006-04-10 14:03 48,128 --a------ E:\WINDOWS\system32\hpzll054.dll

2008-09-15 16:56 . 2008-09-15 17:09 119,558 --a------ E:\WINDOWS\hpoins11.dat

2008-09-12 10:14 . 2008-09-12 10:17 <DIR> d-------- E:\Data

2008-09-12 10:14 . 2008-09-13 20:05 <DIR> d-------- E:\Avi

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-10 16:39 25,057,312 --sha-w E:\WINDOWS\system32\drivers\fidbox.dat

2008-10-10 02:17 294,872 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx

2008-10-09 22:25 --------- d-----w E:\Arquivos de programas\Windows Live

2008-10-09 22:03 --------- d-----w E:\Arquivos de programas\Google

2008-10-09 22:02 194,048 ----a-w E:\WINDOWS\Internet Logs\xDB10.tmp

2008-10-09 22:02 1,758,720 ----a-w E:\WINDOWS\Internet Logs\xDB11.tmp

2008-10-09 16:45 108,544 ----a-w E:\WINDOWS\system32\services.exe

2008-10-09 16:32 --------- d-----w E:\Arquivos de programas\Windows Live Toolbar

2008-10-09 16:32 --------- d-----w E:\Arquivos de programas\MSN Messenger

2008-10-09 01:24 1,717,248 ----a-w E:\WINDOWS\Internet Logs\xDBF.tmp

2008-10-09 01:24 1,519,104 ----a-w E:\WINDOWS\Internet Logs\xDBE.tmp

2008-10-08 16:55 --------- d-----w E:\Arquivos de programas\Winamp

2008-10-03 02:19 1,886,720 ----a-w E:\WINDOWS\Internet Logs\xDBC.tmp

2008-10-03 02:19 1,692,672 ----a-w E:\WINDOWS\Internet Logs\xDBD.tmp

2008-10-01 20:36 --------- d-----w E:\Arquivos de programas\Tibia

2008-09-24 02:15 2,254,848 ----a-w E:\WINDOWS\Internet Logs\xDBA.tmp

2008-09-24 02:15 1,670,144 ----a-w E:\WINDOWS\Internet Logs\xDBB.tmp

2008-09-22 16:59 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\LimeWire

2008-09-18 02:12 1,450,496 ----a-w E:\WINDOWS\Internet Logs\xDB9.tmp

2008-09-15 20:08 --------- d-----w E:\Arquivos de programas\HP

2008-09-10 02:04 417,792 ----a-w E:\WINDOWS\Internet Logs\xDB7.tmp

2008-09-10 02:04 1,527,808 ----a-w E:\WINDOWS\Internet Logs\xDB8.tmp

2008-09-07 04:15 1,521,664 ----a-w E:\WINDOWS\Internet Logs\xDB6.tmp

2008-09-07 04:15 1,158,656 ----a-w E:\WINDOWS\Internet Logs\xDB5.tmp

2008-09-05 02:08 2,060,288 ----a-w E:\WINDOWS\Internet Logs\xDB3.tmp

2008-09-05 02:08 1,516,032 ----a-w E:\WINDOWS\Internet Logs\xDB4.tmp

2008-09-01 21:15 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-08-30 16:49 98,304 ----a-w E:\WINDOWS\system32\CmdLineExt.dll

2008-08-30 16:49 --------- d--h--w E:\Arquivos de programas\InstallShield Installation Information

2008-08-30 16:47 --------- d-----w E:\Arquivos de programas\KONAMI

2008-08-30 16:44 --------- d-----w E:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-29 00:24 18,800 ----a-w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-08-27 01:31 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-08-26 20:39 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Winamp

2008-08-26 20:39 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\OrbNetworks

2008-08-26 20:36 --------- d-----w E:\Arquivos de programas\Winamp Remote

2008-08-24 02:03 482,304 ----a-w E:\WINDOWS\Internet Logs\xDB1.tmp

2008-08-24 02:03 1,398,784 ----a-w E:\WINDOWS\Internet Logs\xDB2.tmp

2008-08-23 16:37 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Tibia

2008-08-23 15:34 --------- d-----w E:\Arquivos de programas\Circle Developement

2008-08-23 15:33 --------- d-----w E:\Arquivos de programas\Messenger Plus! Live

2008-08-23 15:31 --------- d-----w E:\Arquivos de programas\Windows Live Favorites

2008-08-23 15:30 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Windows Live Toolbar

2008-08-23 15:20 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 14:27 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-23 14:27 --------- d-----w E:\Arquivos de programas\IObit

2008-08-23 14:26 --------- d-----w E:\Arquivos de programas\Yahoo!

2008-08-23 14:26 --------- d-----w E:\Arquivos de programas\CCleaner

2008-08-23 11:46 --------- d-----w E:\Arquivos de programas\ZoneAlarmSB

2008-08-23 11:44 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\MailFrontier

2008-08-23 11:44 --------- d-----w E:\Arquivos de programas\Zone Labs

2008-08-23 03:42 --------- d-----w E:\Arquivos de programas\Sun

2008-08-23 03:41 --------- d-----w E:\Arquivos de programas\Java

2008-08-23 03:40 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Java

2008-08-23 03:38 --------- d-----w E:\Arquivos de programas\LimeWire

2008-08-23 01:17 --------- dcsh--w E:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 01:03 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Talkback

2008-08-23 01:02 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Grisoft

2008-08-23 01:02 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-08-23 00:19 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-23 00:15 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\AdobeUM

2008-08-22 21:44 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\CyberLink

2008-08-22 12:07 --------- d-----w E:\Arquivos de programas\Alwil Software

2008-08-22 12:03 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-08-22 11:32 --------- d-----w E:\Arquivos de programas\ASUSTeK

2008-08-22 11:31 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-08-22 11:31 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Nero

2008-08-22 11:31 --------- d-----w E:\Arquivos de programas\Ahead

2008-08-22 11:30 --------- d-----w E:\Arquivos de programas\Arquivos comuns\LightScribe

2008-08-22 11:29 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-22 11:24 --------- d-----w E:\Documents and Settings\Avelino Silva\Dados de aplicativos\InstallShield

2008-08-22 11:23 --------- d-----w E:\Arquivos de programas\Realtek

2008-08-22 11:21 --------- d-----w E:\Arquivos de programas\Intel

2008-08-22 11:14 --------- d-----w E:\Arquivos de programas\microsoft frontpage

2008-08-22 11:13 --------- d-----w E:\Arquivos de programas\Serviços on-line

2008-08-22 11:12 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w E:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w E:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w E:\WINDOWS\system32\muweb.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="E:\Arquivos de programas\CCleaner\CCleaner.exe" [2008-07-29 1213680]

"Orb"="E:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]

"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]

"SpybotSD TeaTimer"="E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="E:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="E:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="E:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]

"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="E:\Arquivos de programas\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]

"avast!"="E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"!AVG Anti-Spyware"="E:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"SunJavaUpdateSched"="E:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"ZoneAlarm Client"="E:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"HP Software Update"="E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"SmartRAM"="E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 E:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 E:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

HP Digital Imaging Monitor.lnk - E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Microsoft Office.lnk - E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"E:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"E:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"E:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"E:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"E:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);E:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7331b4a-76d9-11dd-b972-001a4da1c570}]

\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-10 E:\WINDOWS\Tasks\MP Scheduled Scan.job

- E:\Arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-09 E:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- E:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]

.

- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)

.

------- Scan Suplementar -------

.

FireFox -: Profile - E:\Documents and Settings\Avelino Silva\Dados de aplicativos\Mozilla\Firefox\Profiles\s1od3pcs.default\

FF -: plugin - E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - E:\Arquivos de programas\Mozilla Firefox\plugins\NPZoneSB.dll

FF -: plugin - E:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-10 13:39:29

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-10 13:40:33

ComboFix-quarantined-files.txt 2008-10-10 16:40:29

Pré-execução: 8 pasta(s) 27.814.768.640 bytes disponíveis

Pós execução: 11 pasta(s) 27,841,773,568 bytes disponíveis

231 --- E O F --- 2008-09-17 01:26:12

ta aew u resultado do combo fix! está tudo bem com meu pc?!obrigado pela atenção desde já!

PedroN · Outubro 10, 2008

Acesse o site do Virus Total

- Faça uma busca pelo arquivo

E:\78875.sym

- Depois clique em Enviar Arquivo

- Poste os resultados

- Faça o mesmo com o(s) arquivo(s) abaixo(s)

E:\WINDOWS\z56k2.ini

E:\WINDOWS\kj01d.sys

E:\WINDOWS\hpoins11.dat

hanabi · Outubro 10, 2008

E:\78875.sym esse arquivo <

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.10.1 2008.10.10 -

AntiVir 7.8.1.34 2008.10.10 -

Authentium 5.1.0.4 2008.10.10 -

Avast 4.8.1248.0 2008.10.10 -

AVG 8.0.0.161 2008.10.10 -

BitDefender 7.2 2008.10.10 -

CAT-QuickHeal 9.50 2008.10.10 -

ClamAV 0.93.1 2008.10.10 -

DrWeb 4.44.0.09170 2008.10.10 -

eSafe 7.0.17.0 2008.10.08 -

eTrust-Vet 31.6.6137 2008.10.09 -

Ewido 4.0 2008.10.10 -

F-Prot 4.4.4.56 2008.10.10 -

F-Secure 8.0.14332.0 2008.10.10 -

Fortinet 3.113.0.0 2008.10.10 -

GData 19 2008.10.10 -

Ikarus T3.1.1.34.0 2008.10.10 -

K7AntiVirus 7.10.490 2008.10.10 -

Kaspersky 7.0.0.125 2008.10.10 -

McAfee 5402 2008.10.09 -

Microsoft 1.4005 2008.10.10 -

NOD32 3512 2008.10.10 -

Norman 5.80.02 2008.10.10 -

Panda 9.0.0.4 2008.10.10 -

PCTools 4.4.2.0 2008.10.10 -

Prevx1 V2 2008.10.10 -

Rising 20.65.42.00 2008.10.10 -

SecureWeb-Gateway 6.7.6 2008.10.10 -

Sophos 4.34.0 2008.10.10 -

Sunbelt 3.1.1708.1 2008.10.10 -

Symantec 10 2008.10.10 -

TheHacker 6.3.1.0.105 2008.10.10 -

TrendMicro 8.700.0.1004 2008.10.10 -

E:\WINDOWS\z56k2.ini esse arquivo <

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.10.1 2008.10.10 -

AntiVir 7.8.1.34 2008.10.10 -

Authentium 5.1.0.4 2008.10.10 -

Avast 4.8.1248.0 2008.10.10 -

AVG 8.0.0.161 2008.10.10 -

BitDefender 7.2 2008.10.10 -

CAT-QuickHeal 9.50 2008.10.10 -

ClamAV 0.93.1 2008.10.10 -

DrWeb 4.44.0.09170 2008.10.10 -

eSafe 7.0.17.0 2008.10.08 -

eTrust-Vet 31.6.6139 2008.10.09 -

Ewido 4.0 2008.10.10 -

F-Prot 4.4.4.56 2008.10.10 -

F-Secure 8.0.14332.0 2008.10.10 -

Fortinet 3.113.0.0 2008.10.10 -

GData 19 2008.10.10 -

Ikarus T3.1.1.34.0 2008.10.10 -

K7AntiVirus 7.10.490 2008.10.10 -

Kaspersky 7.0.0.125 2008.10.10 -

McAfee 5402 2008.10.09 -

Microsoft 1.4005 2008.10.10 -

NOD32 3512 2008.10.10 -

Norman 5.80.02 2008.10.10 -

Panda 9.0.0.4 2008.10.10 -

PCTools 4.4.2.0 2008.10.10 -

Prevx1 V2 2008.10.10 -

Rising 20.65.42.00 2008.10.10 -

SecureWeb-Gateway 6.7.6 2008.10.10 -

Sophos 4.34.0 2008.10.10 -

Sunbelt 3.1.1708.1 2008.10.10 -

Symantec 10 2008.10.10 -

TheHacker 6.3.1.0.105 2008.10.10 -

TrendMicro 8.700.0.1004 2008.10.10 -

VBA32 3.12.8.6 2008.10.09 -

ViRobot 2008.10.10.1416 2008.10.10 -

VirusBuster 4.5.11.0 2008.10.10 -

Informações adicionais

File size: 246 bytes

MD5...: ad6be8de4dc5aa480b6092080a1275e5

SHA1..: 1e9137e649cc36a43fa9d42c09e0ea164e71a667

SHA256: e7cc124c66425e23f4b9172f73b54dce6edd5fc0d87ec47be5d03319c1f19b8b

SHA512: 65f9b153def4d17883f2a6c74fc36f0b99348958c1224a4d283fc4a58c98ac0e

4fe27efcac23b308efe21aa2c7f0748a20f05b9d2887d8a4b135782771f31779

PEiD..: -

TrID..: File type identification

Unknown!

PEInfo: -

VBA32 3.12.8.6 2008.10.09 -

ViRobot 2008.10.10.1416 2008.10.10 -

VirusBuster 4.5.11.0 2008.10.10 -

Informações adicionais

File size: 6693 bytes

MD5...: 3740c3bcfd9ed80cbb05a090532810ed

SHA1..: 308abcc8957423e9c5bc73cb90147a29ed3d8ead

SHA256: 5d79ad79b1d1055cfbd25fed82cce4894b1865425334fdb4331b237b46848c6d

SHA512: afbe08690b697163da8b710cacb20d141196bd7d59e0788b66be372e56d1a9ee

390745f8de8522df03defa2e9e1bb2f0b32ac57afe581d33225b01c27be40b95

PEiD..: -

TrID..: File type identification

Unknown!

PEInfo: -

E:\WINDOWS\kj01d.sys esse aqrquivo <

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.10.1 2008.10.10 -

AntiVir 7.8.1.34 2008.10.10 -

Authentium 5.1.0.4 2008.10.10 -

Avast 4.8.1248.0 2008.10.10 -

AVG 8.0.0.161 2008.10.10 -

BitDefender 7.2 2008.10.10 -

CAT-QuickHeal 9.50 2008.10.10 -

ClamAV 0.93.1 2008.10.10 -

DrWeb 4.44.0.09170 2008.10.10 -

eSafe 7.0.17.0 2008.10.08 -

eTrust-Vet 31.6.6139 2008.10.09 -

Ewido 4.0 2008.10.10 -

F-Prot 4.4.4.56 2008.10.10 -

F-Secure 8.0.14332.0 2008.10.10 -

Fortinet 3.113.0.0 2008.10.10 -

GData 19 2008.10.10 -

Ikarus T3.1.1.34.0 2008.10.10 -

K7AntiVirus 7.10.490 2008.10.10 -

Kaspersky 7.0.0.125 2008.10.10 -

McAfee 5402 2008.10.09 -

Microsoft 1.4005 2008.10.10 -

NOD32 3512 2008.10.10 -

Norman 5.80.02 2008.10.10 -

Panda 9.0.0.4 2008.10.10 -

PCTools 4.4.2.0 2008.10.10 -

Prevx1 V2 2008.10.10 -

Rising 20.65.42.00 2008.10.10 -

SecureWeb-Gateway 6.7.6 2008.10.10 -

Sophos 4.34.0 2008.10.10 -

Sunbelt 3.1.1708.1 2008.10.10 -

Symantec 10 2008.10.10 -

TheHacker 6.3.1.0.105 2008.10.10 -

TrendMicro 8.700.0.1004 2008.10.10 -

VBA32 3.12.8.6 2008.10.09 -

ViRobot 2008.10.10.1416 2008.10.10 -

VirusBuster 4.5.11.0 2008.10.10 -

Informações adicionais

File size: 3982 bytes

MD5...: 8ab4840c0108db872f2022f3d4c5d8e3

SHA1..: 7e823693e283eed038fd9a77e6e7436b81ca555e

SHA256: 49c3197d537d663b4b90af8516a901f30bf0daf912c3fd1a34ff1188d4650d17

SHA512: 90e9ef1c1e33d2bfacab78a6c55623f798ca12c21d127955b1901ca4c45f0f76

1bf682e9b04b9b1ba6329576a38a6bb62c144cc817427480081d88b52fd02cc5

PEiD..: -

TrID..: File type identification

Unknown!

PEInfo: -

E:\WINDOWS\hpoins11.dat < esse arquivo!

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.10.1 2008.10.10 -

AntiVir 7.8.1.34 2008.10.10 -

Authentium 5.1.0.4 2008.10.10 -

Avast 4.8.1248.0 2008.10.10 -

AVG 8.0.0.161 2008.10.10 -

BitDefender 7.2 2008.10.10 -

CAT-QuickHeal 9.50 2008.10.10 -

ClamAV 0.93.1 2008.10.10 -

DrWeb 4.44.0.09170 2008.10.10 -

eSafe 7.0.17.0 2008.10.08 -

eTrust-Vet 31.6.6137 2008.10.09 -

Ewido 4.0 2008.10.10 -

F-Prot 4.4.4.56 2008.10.10 -

Fortinet 3.113.0.0 2008.10.10 -

GData 19 2008.10.10 -

Ikarus T3.1.1.34.0 2008.10.10 -

K7AntiVirus 7.10.490 2008.10.10 -

Kaspersky 7.0.0.125 2008.10.10 -

McAfee 5402 2008.10.09 -

Microsoft 1.4005 2008.10.10 -

NOD32 3512 2008.10.10 -

Norman 5.80.02 2008.10.10 -

Panda 9.0.0.4 2008.10.10 -

PCTools 4.4.2.0 2008.10.10 -

Prevx1 V2 2008.10.10 -

Rising 20.65.42.00 2008.10.10 -

SecureWeb-Gateway 6.7.6 2008.10.10 -

Sophos 4.34.0 2008.10.10 -

Sunbelt 3.1.1708.1 2008.10.10 -

Symantec 10 2008.10.10 -

TheHacker 6.3.1.0.105 2008.10.10 -

TrendMicro 8.700.0.1004 2008.10.10 -

VBA32 3.12.8.6 2008.10.09 -

ViRobot 2008.10.10.1416 2008.10.10 -

VirusBuster 4.5.11.0 2008.10.10 -

Informações adicionais

File size: 119558 bytes

MD5...: ff84a962c91824c6cb2c058025275a86

SHA1..: 9f6d2005c88ac0390fbde3fb8c1ec310dcffb9bf

SHA256: bade855de00452ac354ca2cdc3b8c7eccbfd75d9d5d7591561e9dab1d4dfc012

SHA512: 98a76ac05d05ceaaa3599ab926c36890eba2cddfacf3ec5295d6ddaea30a9e81

33abeaa0f2a08502085c595f3dcde5e048ec1985e322d35bf6048897c55168e9

PEiD..: -

TrID..: File type identification

Autorun.inf file (91.6%)

Generic INI configuration (8.3%)

PEInfo: -

ta aew ... mais pelo oq eu intendi tem nada esses arquivos certo!? =// me ajude!

PedroN · Outubro 10, 2008

1)

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7331b4a-76d9-11dd-b972-001a4da1c570}]

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

2)

◘ Faça um scan online em: < Kaspersky >

◘ Utilize para isso, o navegador Internet Explorer.

• Acesse o site,e clique em: < >

◘ Na próxima página,clique em: I Accept

◘ Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

◘ Na próxima página,clique em: My Computer e faça o scan.

◘ Tenha paciência!

◘ Aguarde a atualização da base de dados,e também do exame,que é demorado.

◘ Terminando, salve e poste o relatório.

◘ Clique em Save Report As... Para salvar o log.

◘ Salve o resultado como .txt,segundo a imagem abaixo:

◘ Poste, também, HijackThis atualizado.

hanabi · Outubro 10, 2008

então antes de postar tudo kra.. tenho q falar um negocio

quando faço o scan no combo fix... aparece as etapas lá.... ai... aparece q ta gerando o relatoria ai aparece um barato assim "O Sistema nòo pode indentificar o caminho especificado" ai u pc num reinicia e so aparece u log...

tem alguma coisa errada!? e tipo num mecho e em nada.. fceho todos os anti-virus pah.. menos o do windowss como você flo... e é isso!...

jáj´ja eu posto os log!

hanabi · Outubro 10, 2008

aew desculpa.. mais num da pra fazer u scan do kaspersky da erro no ultimo minuto!.....=/// ta aew combofix!

ComboFix 08-10-10.01 - Avelino Silva 2008-10-10 19:09:02.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.593 [GMT -3:00]

Executando de: E:\Documents and Settings\Avelino Silva\Desktop\ComboFix.exe

Comandos utilizados :: E:\Documents and Settings\Avelino Silva\Desktop\CFScript.txt

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))))

.

2008-10-10 13:56 . 2008-10-10 13:56 <DIR> d-------- E:\ERDNT

2008-10-09 17:14 . 2008-10-09 17:14 <DIR> d-------- E:\WINDOWS\system32\NtmsData

2008-10-09 16:52 . 2008-10-10 14:11 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-09 16:52 . 2008-10-09 16:59 <DIR> d-------- E:\Arquivos de programas\Spybot - Search & Destroy

2008-10-09 16:46 . 2008-10-09 16:46 <DIR> d-------- E:\Arquivos de programas\Windows Defender

2008-10-09 14:27 . 2008-10-09 14:27 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Dados de aplicativos\IObit

2008-10-09 13:32 . 2008-10-09 13:32 <DIR> d-------- E:\Arquivos de programas\Microsoft

2008-10-08 22:24 . 2008-10-08 22:24 236 --a------ E:\sqmdata05.sqm

2008-10-08 22:24 . 2008-10-08 22:24 200 --a------ E:\sqmnoopt05.sqm

2008-10-08 21:27 . 2008-10-09 13:32 <DIR> d-------- E:\Arquivos de programas\Windows Live Safety Center

2008-10-08 21:24 . 2008-10-10 16:20 <DIR> d-------- E:\Documents and Settings\Avelino Silva\Tracing