fair 0 Denunciar post Postado Outubro 22, 2008 Oi, está difícil manter a ligação. Pc desliga sozinho e resolvi pedir ajuda aí que n sei mais o que fazer. Meu sistema é o XP e uso o Bitdefender mas está acusando virus. valeu qualquer ajuda, por favor. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 22, 2008 Siga o topico e post um log Regra Nº 02 - Utilizando O Hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 22, 2008 Oi Mário, Depois de instalar esse programa só não reiniciei (n sei se faz diferença) receando perder de novo a ligação. Segue o Log pedido, agradecendo a sua ajuda: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:58, on 22-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdjcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\SupportAppPT\ztemon.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe C:\Programas\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programas\Softwin\BitDefender10\bdmcon.exe C:\Programas\Softwin\BitDefender10\bdagent.exe C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Programas\Wireless Console 2\wcourier.exe C:\Programas\ASUS\Splendid\ACMON.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\Programas\ATK Hotkey\Hcontrol.exe C:\Programas\Lexmark 1400 Series\lxdjamon.exe C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\ATK Hotkey\ATKOSD.exe C:\Programas\ATK Hotkey\WDC.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\MODEM MF622\Modem.exe C:\Programas\Softwin\BitDefender10\bdlite.exe C:\Programas\hijackt\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Programas\Lexmark 1400 Series\lxdjmon.exe" O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [gwdwin] C:\Programas\wsmcw\gwdwin.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe -- End of file - 9209 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 22, 2008 Bom Dia! fair <@> Vá a este Link,e baixe: < Malwarebytes > <@> Atualize o programa! <@> Escolha o escaneamento Rápido! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Procure enviar os ítens,detectados,para a quarentena. <@> Para maiores detalhes: < Link > ----------------------- <@> Poste,os relatórios: mbam-log-10-21-2008 (00-00-00).txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 22, 2008 Oi DigRam, Te agradeço as instruções dadas que já efectuei e então passo os Logs pedidos pela ordem feita: Malwarebytes' Anti-Malware 1.29 Versão do banco de dados: 1276 Windows 5.1.2600 Service Pack 3 22-10-2008 14:44:49 mbam-log-2008-10-22 (14-44-49).txt Tipo de Verificação: Rápida Objetos verificados: 47833 Tempo decorrido: 52 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registo infectadas: 0 Valores do Registo infectados: 0 Ítens do Registo infectados: 0 Pastas infectadas: 0 Ficheiros infectados: 0 Processos da Memória infectados: (Nenhum item malicioso foi detectado) Módulos de Memória Infectados: (Nenhum item malicioso foi detectado) Chaves do Registo infectadas: (Nenhum item malicioso foi detectado) Valores do Registo infectados: (Nenhum item malicioso foi detectado) Ítens do Registo infectados: (Nenhum item malicioso foi detectado) Pastas infectadas: (Nenhum item malicioso foi detectado) Ficheiros infectados: (Nenhum item malicioso foi detectado) Não consegui actualizar o HijackThis, mas baixei após indicação aqui, faz apenas horas, segue: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:45:38, on 22-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdjcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\SupportAppPT\ztemon.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programas\Softwin\BitDefender10\bdmcon.exe C:\Programas\Softwin\BitDefender10\bdagent.exe C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Programas\Wireless Console 2\wcourier.exe C:\Programas\ASUS\Splendid\ACMON.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\Programas\ATK Hotkey\Hcontrol.exe C:\Programas\Lexmark 1400 Series\lxdjamon.exe C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Windows Live\Messenger\MsnMsgr.Exe C:\Programas\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programas\Softwin\BitDefender10\vsserv.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\ATK Hotkey\ATKOSD.exe C:\Programas\ATK Hotkey\WDC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programas\hijackt\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Programas\Lexmark 1400 Series\lxdjmon.exe" O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwbytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [gwdwin] C:\Programas\wsmcw\gwdwin.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe -- End of file - 9203 bytes agradecendo uma vez mais :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 23, 2008 Bom Dia! fair <@> Baixe: < > < ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe > <@> Salve-o no Desktop! <@> Execute o arquivo: drweb-cureit.exe <@> Clique em Iniciar e escolha a verificação express scan. <@> Se for encontrado,algum ficheiro infectado,clique no botão yes,para acionar a cura. <@> Quando o scan rápido terminar,clique em Opções --> Alterar Definições. <@> Na aba Verificação,desmarque a Análise Heurística e confirme! <@> De volta à janela principal,marque os drives que você deseja examinar. <@> Selecione todos! Um ponto vermelho,vai indicar os drives selecionados. <@> Clique na seta verde,para iniciar o exame. <@> Caso haja uma solicitação,para curar/mover o arquivo,clique em Sim,para todos. <@> Quando o exame terminar,observe se o ícone "objetos encontrados" < > está habilitado. <@> Se estiver,clique nele! <@> À seguir clique no ícone,logo abaixo,e selecione: Mover incuráveis <@> Caso o programa não possa curá-los,ele irá move-los para a pasta Quarentena,no diretório DoctorWeb. <@> Feito isto, vá no menu superior e clique na opção Ficheiros --> Guardar listas de arquivos. <@> Salve a lista no desktop. ( DrWeb.csv ) <-- Relatório para postagem! <@> Feche o programa! <@> Reinicie o computador,para que o programa termine de deletar/mover,os arquivos que estavam sendo utilizados. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 23, 2008 Bom dia para você também DigRam :thumbsup: Uma vez mais seguindo suas instruções, cá estão os resultados. O programa instalado não deu opção nenhuma de "curar" os ficheiros encontrados e foi movendo-os todos. feita a reiniciação, segue o relatório Dr.Web, guardado no desktop : irc.exe C:\Programas\gwbdrx Modificação de BackDoor.Generic.880 Movido. file.exe\gwdwin.exe C:\Programas\Microsoft Studio Files\file.exe Modificação de BackDoor.Generic.1338 file.exe\irc.exe C:\Programas\Microsoft Studio Files\file.exe Modificação de BackDoor.Generic.880 file.exe C:\Programas\Microsoft Studio Files O arquivo contém objectos infectados Movido. irc.exe C:\Programas\wsmcw Modificação de BackDoor.Generic.880 Movido. img76.exe\irc.exe C:\Programas\wsmcw\install\img76.exe Modificação de BackDoor.Generic.880 img76.exe\mwstwn.exe C:\Programas\wsmcw\install\img76.exe Modificação de BackDoor.Generic.1338 img76.exe C:\Programas\wsmcw\install O arquivo contém objectos infectados Movido. A0018293.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 Modificação de BackDoor.Generic.880 Movido. A0018294.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018294.exe Modificação de BackDoor.Generic.1338 A0018294.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018294.exe Modificação de BackDoor.Generic.880 A0018294.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 O arquivo contém objectos infectados Movido. A0018295.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 Modificação de BackDoor.Generic.880 Movido. A0018296.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018296.exe Modificação de BackDoor.Generic.880 A0018296.exe\mwstwn.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018296.exe Modificação de BackDoor.Generic.1338 A0018296.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 O arquivo contém objectos infectados Movido. A0009026.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82\A0009026.exe Modificação de BackDoor.Generic.1338 A0009026.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82\A0009026.exe Modificação de BackDoor.Generic.880 A0009026.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82 O arquivo contém objectos infectados Movido. A0009028.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82 Modificação de BackDoor.Generic.1338 Movido. A0009313.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91\A0009313.exe Modificação de BackDoor.Generic.1289 A0009313.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91\A0009313.exe Modificação de BackDoor.Generic.880 A0009313.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91 O arquivo contém objectos infectados Movido. DigRam peço desculpa por não ter conseguido passar melhor o relatório, mas não domino o Office 007 entretanto o antivirus ia alertando tantos outros como: trojan spy Banker.AAYX trojan spy Banker .VB.V trojan spy Banker.VBW trojan spy Banker.AAZA trojan spy Banker.B0S trojan bancos. PXD trojan downloader IKNa e trojan Generics sem fim, que fui ao Virus Total analisar pelo menos um, do qual junto o Log: Vírus total: Arquivo lsass.exe recebido em 2008.10.23 08:10:18 (CET) Andamento: terminado Resultado: 5/36 (13.89%) Modo compacto Imprimir resultados Email: Antivírus Versão Última Atualização Resultado AhnLab-V3 2008.10.22.0 2008.10.23 - AntiVir 7.9.0.5 2008.10.22 - Authentium 5.1.0.4 2008.10.23 - Avast 4.8.1248.0 2008.10.22 Win32:Trojan-gen {Other} AVG 8.0.0.161 2008.10.23 - BitDefender 7.2 2008.10.23 - CAT-QuickHeal 9.50 2008.10.23 - ClamAV 0.93.1 2008.10.23 - DrWeb 4.44.0.09170 2008.10.23 - eSafe 7.0.17.0 2008.10.22 - eTrust-Vet 31.6.6164 2008.10.22 - Ewido 4.0 2008.10.22 - F-Prot 4.4.4.56 2008.10.22 - F-Secure 8.0.14332.0 2008.10.23 Trojan-Downloader.Win32.VB.hik Fortinet 3.113.0.0 2008.10.22 - GData 19 2008.10.23 Win32:Trojan-gen {Other} Ikarus T3.1.1.44.0 2008.10.23 Trojan-Spy.Win32.Banker.ARQ K7AntiVirus 7.10.503 2008.10.22 - Kaspersky 7.0.0.125 2008.10.23 Trojan-Downloader.Win32.VB.hik McAfee 5412 2008.10.23 - Microsoft 1.4005 2008.10.23 - NOD32 3547 2008.10.22 - Norman 5.80.02 2008.10.22 - Panda 9.0.0.4 2008.10.22 - PCTools 4.4.2.0 2008.10.22 - Prevx1 V2 2008.10.23 - Rising 20.67.22.00 2008.10.22 - SecureWeb-Gateway 6.7.6 2008.10.22 - Sophos 4.34.0 2008.10.23 - Sunbelt 3.1.1745.1 2008.10.22 - Symantec 10 2008.10.23 - TheHacker 6.3.1.0.124 2008.10.23 - TrendMicro 8.700.0.1004 2008.10.23 - VBA32 3.12.8.8 2008.10.22 - ViRobot 2008.10.23.1433 2008.10.23 - VirusBuster 4.5.11.0 2008.10.22 - Informações adicionais File size: 80896 bytes MD5...: ff19c3673683212acba055279b4396b6 SHA1..: 060a51e4c0dac62cbe6540e45b4e0e5a2f050fe3 SHA256: 29699359d5639fba5eb7b5ecc09012f57031bf01065d615481148d3d132ce268 SHA512: ef7d6aad66ffdfddd169f54f8a5e674e7b8119606941adf146f8c7a2d7e4ba7a 8e5cb9acaef14b2aac84359f37583c2cd1a0532797fb8479628acc31de188f5b PEiD..: - TrID..: File type identification Win32 Executable Microsoft Visual Basic 5 (86.3%) Windows Screen Saver (5.0%) Win32 Executable Generic (3.3%) Win32 Dynamic Link Library (generic) (2.9%) Win16/32 Executable Delphi generic (0.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401b60 timedatestamp.....: 0x48776e00 (Fri Jul 11 14:28:16 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xe884 0xea00 5.57 7b9a9f6b9a634ef8358bd97b8053daac .data 0x10000 0x140c 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .idata 0x12000 0x860 0xa00 4.99 11107fbe378e1a4419716f50f94bacb6 .rsrc 0x13000 0x2b54 0x2c00 4.45 d923bd19078431cf9d21f837ec0fe301 .reloc 0x16000 0x1532 0x1600 6.46 24347da21382fb8a06c974f618d2aa98 ( 1 imports ) > MSVBVM50.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, __vbaPut3, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, -, -, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, -, -, -, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaStrFixstr, -, _CIsin, -, -, -, __vbaChkstk, -, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, -, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaStrToAnsi, -, __vbaFpI2, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, __vbaUI1Var, __vbaFPInt, _CIexp, __vbaFreeStr, __vbaFreeObj ( 0 exports ) :blink: Não sei te agradecer, abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 24, 2008 Boa Noite! fair <@> BAIXE: < Kaspersky Virus Removal Tool > ----------------------------- <@> Faça o download da atualização mais recente! <-- Observe as datas! <@> Salve-o em Arquivos de Programas! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Execute a ferramenta com um duplo-clique,em seu executável. <@> Abrir-se-á,a seguinte janela: <@> Na opção: Manual Cure,marque todas as caixas e clique em Scan. <@> Terminando o scan,copie e poste o relatório. <@> Procure postar,apenas,a parte que indica as remoções efetuadas pela ferramenta. <@> Poste,também,HijackThis atualizado. Ps: Confirme a solicitação de remoção,aos arquivos detectados! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 24, 2008 Boa tarde! DigRam :thumbsup: Cá estou de novo com outros resultados, procurando seguir direitinho suas valiosas instruções e aqui seguem os relatórios, ambos feitos igualmente em modo seguro. Nossa! Veja só quantos malwares esse programinha "curou"! Segue então o resumo "possível", mas veja que não é pouca bagunça não :wacko: Detected -------- Status Object ------ ------ deleted: Trojan program Backdoor.Win32.VB.eqx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/gwdwin.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.wlv File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbz File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/live.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fvo File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/mlst.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fvp File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/mon.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cca File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/rds.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cca File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/replay.exe deleted: Trojan program Backdoor.Win32.VB.eqx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009028.exe deleted: Trojan program Backdoor.Win32.VB.etm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/gwdwin.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.xjy File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cdd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/live.exe deleted: Trojan program Trojan-Downloader.Win32.VB.gbv File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/mlst.exe deleted: Trojan program Trojan-Downloader.Win32.VB.gbu File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/mon.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.csj File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/msgex.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cdd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/rds.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ceo File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/replay.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbj File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/gf.exe deleted: Trojan program Backdoor.Win32.VB.eny File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/gwdwin.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.wcx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbk File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/live.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fso File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/mlst.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fso File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/mon.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbk File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/msgex.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/rds.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/replay.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/santander.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/varios.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/bradesco.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.ydp File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ceq File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/live.exe deleted: Trojan program Trojan-Downloader.Win32.VB.gfd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mlst.exe deleted: Trojan program Trojan-Downloader.Win32.VB.gfd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mon.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.csn File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/msgex.exe deleted: Trojan program Backdoor.Win32.VB.ewc File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mwstwn.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/rds.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/replay.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\file.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\img76.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.ydp File: C:\Programas\gwbdrx\iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ceq File: C:\Programas\gwbdrx\live.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.csn File: C:\Programas\gwbdrx\msgex.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Programas\gwbdrx\rds.exe deleted: Trojan program Trojan-Downloader.Win32.Banload.dzk File: C:\Programas\gwbdrx\vcdg.bat deleted: Trojan program Trojan-Downloader.Win32.VB.hik File: C:\Programas\Microsoft Studio Files\lsass.exe deleted: Trojan program Trojan-Downloader.Win32.Banload.dzk File: C:\Programas\Microsoft Studio Files\vcdg.bat deleted: Trojan program Trojan-Banker.Win32.Bancos.csj File: C:\Programas\wsmcw\msgex.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ceo File: C:\Programas\wsmcw\replay.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.cbq File: C:\Programas\wsmcw\plugins\bbvar.exe/varios.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/replay.exe deleted: Trojan program Trojan-Downloader.Win32.Agent.wtk File: C:\Programas\wsmcw\plugins\ilmmrr.exe/iek.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/live.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fyk File: C:\Programas\wsmcw\plugins\ilmmrr.exe/mlst.exe deleted: Trojan program Trojan-Downloader.Win32.VB.fxh File: C:\Programas\wsmcw\plugins\ilmmrr.exe/mon.exe deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/rds.exe Log do HijackThis completo : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:07, on 24-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programas\hijackt\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKCU\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe -- End of file - 7228 bytes Obrigadão por sua ajuda! :thumbsup: abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 25, 2008 Bom Dia! fair <!> Caso,ainda,tenha problemas de conecção,execute este programa: WinsockFix <!> Ps: Execute-o,somente,em Modo de Segurança e com a conecção comprometida ou instável. ---------------------- <@> Baixe: < WinsockFix > <@> Salve-o no Desktop! <@> Reinicie o computador em Modo de Segurança! <@> Execute o WinsockFix! <@> Duplo clique em WinsockFix.exe <@> Abrir-se-á a janela: VB_Winfix 1.2 <@> Clique em Fix. <@> Surgirá uma mensagem! >> Clique em Sim! <@> Terminando,reinicie normalmente o computador! ---------------------- <!> Baixe: < ATF-Cleaner > ---------------------- <!> Salve-o no Desktop! <!> Reinicie o computador,em Modo de Segurança. <!> Clique em ATF-Cleaner.exe <!> Em "Select Files To Delete",marque Select All. <!> Clique em Empty Selected. <!> Na janela Done Cleaning,dê o OK --> Exit <!> Atenção: Se utiliza o Firefox: * No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected. <!> Atenção: Se utiliza o Opera: * No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected. ----------------------- <@> Baixe: < Runscanner v. 1.7.0.0 > <@> Salve-o no Disco Local-C,e descompacte-o aí mesmo. <@> Abra o programa e,com o botão Expert mode já marcado,clique Ok. <@> Feche todas as janelas/programas,antes de executar este utilitário. <@> Rode-o,clicando em Scan computer. <-- Aguarde! <@> Terminando,clique no menu: Online analysis <@> Abrirá a página: online malware analysis report ------------------------ <@> Poste,na sua resposta,o Link referente à esta análise. <-- Digite o endereço! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 25, 2008 Bom dia! DigRam Como a conecção melhorou bastante e graças a sua ajuda, passei do 1º passo sugerido, para os seguintes :thumbsup: e então passei já a limpeza do ATF-Cleaner e de seguida, o scan com o Runscanner cujo Link para o relatório pedido, segue em baixo: http://www.runscanner.net/report.aspx?repo...78-391ff749d15b Agora o que acontece, é que o anti-virus se queixa e volta e meia "ameaça" suspender, pode? :blink: Só se está se achando com menos trabalho! :clap: rsrsrs Continuação do seu excelente contributo que muito agradeço. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 26, 2008 Boa Noite! fair <!> O relatório foi removido do Link e,devido à isso,executaremos o ComboFix. ----------------------- <@> Baixe: < ComboFix.exe > <@> Salve-o no Desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter. <@> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N". ----------------------- <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 26, 2008 Boa Tarde e Bom domingo para você! DigRam, E uma vez mais obrigada pela ajuda! A conecção melhorou bastante e tudo o mais. Passei o ComboFix em modo normal e segue o Relatório: ComboFix 08-10-25.01 - Vicente 2008-10-26 12:59:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1501 [GMT 0:00] Executando de: C:\Documents and Settings\Vicente\Ambiente de trabalho\ComboFix.exe * Criado um novo ponto de restauro . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))) . 2008-10-26 12:37 . 2008-10-26 12:37 <DIR> d-------- C:\WINDOWS\LastGood 2008-10-25 08:44 . 2008-10-25 09:09 <DIR> d-------- C:\Programas\RSCAN-1-7 2008-10-24 11:40 . 2008-10-24 12:48 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Os meus documentos 2008-10-24 11:40 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Modelos 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Menu Iniciar 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Favoritos 2008-10-24 11:40 . 2008-10-26 13:00 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Definições locais 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Ambiente de trabalho 2008-10-24 11:40 . 2008-10-24 11:40 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE 2008-10-24 10:21 . 2008-07-08 13:54 148,496 --a------ C:\WINDOWS\system32\drivers\31376723.sys 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Os meus documentos 2008-10-24 10:18 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Definições locais 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Ambiente de trabalho 2008-10-24 10:18 . 2008-10-24 10:18 <DIR> d-------- C:\Documents and Settings\Administrador 2008-10-24 10:04 . 2008-10-24 10:21 <DIR> d-------- C:\Programas\KASP-TOOL 2008-10-23 04:51 . 2008-10-23 05:06 <DIR> d-------- C:\Documents and Settings\Vicente\DoctorWeb 2008-10-22 13:56 . 2008-10-23 21:22 <DIR> d-------- C:\Programas\CCLEAN 2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\Vicente\Application Data\Malwarebytes 2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-22 13:19 . 2008-10-16 19:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 13:19 . 2008-10-16 19:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-22 13:10 . 2008-10-22 13:10 <DIR> d-------- C:\Programas\Nova pasta 2008-10-22 13:10 . 2008-10-22 13:19 <DIR> d-------- C:\Programas\Malwbytes 2008-10-21 23:13 . 2008-10-24 13:12 <DIR> d-------- C:\Programas\hijackt 2008-10-20 14:31 . 2008-10-20 14:31 268 --ah----- C:\sqmdata04.sqm 2008-10-20 14:31 . 2008-10-20 14:31 244 --ah----- C:\sqmnoopt04.sqm 2008-10-20 10:58 . 2008-10-20 10:58 268 --ah----- C:\sqmdata03.sqm 2008-10-20 10:58 . 2008-10-20 10:58 244 --ah----- C:\sqmnoopt03.sqm 2008-10-14 21:58 . 2008-08-14 13:23 2,193,024 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,069,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-26 12:57 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-10-25 08:23 --------- d-----w C:\Programas\MODEM MF622 2008-10-24 12:44 --------- d-----w C:\Programas\wsmcw 2008-10-24 12:44 --------- d-----w C:\Programas\Microsoft Studio Files 2008-10-24 12:44 --------- d-----w C:\Programas\gwbdrx 2008-10-23 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-22 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-22 02:02 --------- d-----w C:\Programas\Spybot - Search & Destroy 2008-10-21 10:19 --------- d-----w C:\Programas\Lx_cats 2008-09-17 17:34 45,056 ----a-w C:\WINDOWS\system32\acovcnt.exe 2008-09-15 15:25 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-14 13:23 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-06-26 07:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008062620080627\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Sidebar"="C:\Programas\Windows Sidebar\sidebar.exe" [2007-07-28 1230848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-20 8462336] "BDMCon"="C:\Programas\Softwin\BitDefender10\bdmcon.exe" [2008-06-26 290816] "BDAgent"="C:\Programas\Softwin\BitDefender10\bdagent.exe" [2008-06-26 69632] "SMSERIAL"="C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "Power_Gear"="C:\Programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "Wireless Console 2"="C:\Programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACMON"="C:\Programas\ASUS\Splendid\ACMON.exe" [2007-07-10 851968] "SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "ATKHOTKEY"="C:\Programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280] "lxdjamon"="C:\Programas\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480] "GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400] "nwiz"="nwiz.exe" [2007-06-20 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-08 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] --a------ 2007-07-19 14:41 49520 C:\Programas\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-20 11:21 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 03:28 144784 C:\Programas\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\lxdjcoms.exe"= "C:\\Programas\\Lexmark 1400 Series\\lxdjamon.exe"= "C:\\Programas\\Lexmark 1400 Series\\App4R.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"= "C:\\Programas\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"= R0 iastor75;iastor75;C:\WINDOWS\system32\drivers\iastor75.sys [2008-05-12 304920] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864] S1 is-SQ5V8drv;is-SQ5V8drv;C:\WINDOWS\system32\DRIVERS\31376723.sys [2008-07-08 148496] S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-09-06 24080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff0d31e-435a-11dd-8009-001e8c238379}] \Shell\AutoRun\command - F:\AutoRun.exe *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Programas\Ficheiros comuns\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] "C:\Programas\Windows Sidebar\sidebar.exe" /RegServer . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-gwdwin - C:\Programas\wsmcw\gwdwin.exe . ------- Scan Suplementar ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.pt/ O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-26 13:01:00 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16??????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-10-26 13:01:47 ComboFix-quarantined-files.txt 2008-10-26 13:01:40 Pré-execução: 67.207.483.392 bytes livres Pós execução: 67,200,815,104 bytes livres WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 170 --- E O F --- 2008-10-24 13:53:12 Mais o do HijackThis conforme pedido: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:18, on 26-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdjcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\SupportAppPT\ztemon.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programas\Softwin\BitDefender10\bdagent.exe C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Programas\ASUS\Splendid\ACMON.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\Programas\ATK Hotkey\Hcontrol.exe C:\Programas\Lexmark 1400 Series\lxdjamon.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\ATK Hotkey\ATKOSD.exe C:\Programas\ATK Hotkey\WDC.exe C:\Programas\MODEM MF622\Modem.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Programas\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programas\hijackt\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe -- End of file - 8395 bytes Até mais DigRam e espero ter feito tudo direito de forma a ajudar no seu trabalho. Obgda.! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 26, 2008 Boa Tarde! fair Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... ) <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::C:\WINDOWS\system32\acovcnt.exe F:\AutoRun.exe C:\sqmdata04.sqm C:\sqmnoopt04.sqm C:\sqmdata03.sqm C:\sqmnoopt03.sqm Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff0d31e-435a-11dd-8009-001e8c238379}] Folder:: C:\Programas\wsmcw C:\Programas\Microsoft Studio Files C:\Programas\gwbdrx <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste o relatório: C:\ComboFix.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 27, 2008 Boa tarde! DigRam A única unidade que tem e foi inserida é IPod. Conecção voltou a ficar instavel, lenta e sem abrir algumas páginas, mas deu para voltar aqui. Segue o relatório ComboFix pedido: ComboFix 08-10-25.01 - Vicente 2008-10-27 11:46:16.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1520 [GMT 0:00] Executando de: C:\Documents and Settings\Vicente\Ambiente de trabalho\ComboFix.exe Comandos utilizados :: C:\Documents and Settings\Vicente\Ambiente de trabalho\CFScript.txt * Criado um novo ponto de restauro * Resident AV is active FILE :: C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\WINDOWS\system32\acovcnt.exe F:\AutoRun.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programas\gwbdrx C:\Programas\gwbdrx\banif.bxz C:\Programas\gwbdrx\banif.exe C:\Programas\gwbdrx\barclays.bxz C:\Programas\gwbdrx\barclays.exe C:\Programas\gwbdrx\bbva.bxz C:\Programas\gwbdrx\bbva.exe C:\Programas\gwbdrx\bctf.bat C:\Programas\gwbdrx\bes.bxz C:\Programas\gwbdrx\bes.exe C:\Programas\gwbdrx\block C:\Programas\gwbdrx\bpinet.bxz C:\Programas\gwbdrx\bpinet.exe C:\Programas\gwbdrx\cgd.bxz C:\Programas\gwbdrx\cgd.exe C:\Programas\gwbdrx\dllhosts.exe C:\Programas\gwbdrx\exitd.vxd C:\Programas\gwbdrx\infoseg.bxz C:\Programas\gwbdrx\lg C:\Programas\gwbdrx\liveoff.txt C:\Programas\gwbdrx\locaweb.bxz C:\Programas\gwbdrx\montepio.bxz C:\Programas\gwbdrx\montepio.exe C:\Programas\gwbdrx\ms765581111 C:\Programas\gwbdrx\Mswinsck.ocx C:\Programas\gwbdrx\name.drv C:\Programas\gwbdrx\notfirihfyt65hggj.dll C:\Programas\gwbdrx\Readme.exe C:\Programas\gwbdrx\scrypt.exe C:\Programas\gwbdrx\sec\fx.crp C:\Programas\gwbdrx\upfile.exe C:\Programas\gwbdrx\upinfod.drv C:\Programas\gwbdrx\windvxsweq999922334 C:\Programas\gwbdrx\wininfo1.vxd C:\Programas\gwbdrx\WinRds\1.crp C:\Programas\gwbdrx\WinRds\2.crp C:\Programas\gwbdrx\WinRds\3.crp C:\Programas\gwbdrx\WinRds\install.crp C:\Programas\gwbdrx\WinRds\Reiniciar.crp C:\Programas\gwbdrx\WinRds\termsrv.dll C:\Programas\gwbdrx\winvxhfythg34a.rd C:\Programas\Microsoft Studio Files C:\Programas\Microsoft Studio Files\ftnn987.ko C:\Programas\wsmcw C:\Programas\wsmcw\banif.bxz C:\Programas\wsmcw\banif.exe C:\Programas\wsmcw\barclays.bxz C:\Programas\wsmcw\barclays.exe C:\Programas\wsmcw\bb.bxz C:\Programas\wsmcw\bb.exe C:\Programas\wsmcw\bbva.bxz C:\Programas\wsmcw\bbva.exe C:\Programas\wsmcw\bctf.bat C:\Programas\wsmcw\bes.bxz C:\Programas\wsmcw\bes.exe C:\Programas\wsmcw\block C:\Programas\wsmcw\bpinet.bxz C:\Programas\wsmcw\bpinet.exe C:\Programas\wsmcw\bradesco.bxz C:\Programas\wsmcw\caixa.bxz C:\Programas\wsmcw\caixa.exe C:\Programas\wsmcw\ccfacil.bxz C:\Programas\wsmcw\cgd.bxz C:\Programas\wsmcw\cgd.exe C:\Programas\wsmcw\checkcheck.bxz C:\Programas\wsmcw\dllhosts.exe C:\Programas\wsmcw\exitd.vxd C:\Programas\wsmcw\gf.bxz C:\Programas\wsmcw\infoseg.bxz C:\Programas\wsmcw\kill.exe C:\Programas\wsmcw\lg C:\Programas\wsmcw\live.txt C:\Programas\wsmcw\liveoff.txt C:\Programas\wsmcw\locaweb.bxz C:\Programas\wsmcw\montepio.bxz C:\Programas\wsmcw\montepio.exe C:\Programas\wsmcw\ms765581111 C:\Programas\wsmcw\Mswinsck.ocx C:\Programas\wsmcw\name.drv C:\Programas\wsmcw\notfirihfyt65hggj.dll C:\Programas\wsmcw\plugins\k.exe C:\Programas\wsmcw\Readme.exe C:\Programas\wsmcw\registro.bxz C:\Programas\wsmcw\santander.bxz C:\Programas\wsmcw\scrypt.exe C:\Programas\wsmcw\sec\fx.crp C:\Programas\wsmcw\state C:\Programas\wsmcw\upinfod.drv C:\Programas\wsmcw\upinfov.drv C:\Programas\wsmcw\vcdg.bat C:\Programas\wsmcw\windvxsweq999922334 C:\Programas\wsmcw\wininfo1.vxd C:\Programas\wsmcw\wininfo2.vxd C:\Programas\wsmcw\wininfo3.vxd C:\Programas\wsmcw\WinRds\1.crp C:\Programas\wsmcw\WinRds\2.crp C:\Programas\wsmcw\WinRds\3.crp C:\Programas\wsmcw\WinRds\install.crp C:\Programas\wsmcw\WinRds\Reiniciar.crp C:\Programas\wsmcw\WinRds\termsrv.dll C:\Programas\wsmcw\winvxhfythg34a.rd C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\WINDOWS\system32\acovcnt.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))) . 2008-10-27 11:27 . 2008-10-27 11:27 <DIR> d-------- C:\WINDOWS\LastGood 2008-10-25 08:44 . 2008-10-25 09:09 <DIR> d-------- C:\Programas\RSCAN-1-7 2008-10-24 11:40 . 2008-10-24 12:48 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Os meus documentos 2008-10-24 11:40 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Modelos 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Menu Iniciar 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Favoritos 2008-10-24 11:40 . 2008-10-27 11:50 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Definições locais 2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Ambiente de trabalho 2008-10-24 11:40 . 2008-10-24 11:40 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE 2008-10-24 10:21 . 2008-07-08 13:54 148,496 --a------ C:\WINDOWS\system32\drivers\31376723.sys 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Os meus documentos 2008-10-24 10:18 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Definições locais 2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Ambiente de trabalho 2008-10-24 10:18 . 2008-10-24 10:18 <DIR> d-------- C:\Documents and Settings\Administrador 2008-10-24 10:04 . 2008-10-24 10:21 <DIR> d-------- C:\Programas\KASP-TOOL 2008-10-23 04:51 . 2008-10-23 05:06 <DIR> d-------- C:\Documents and Settings\Vicente\DoctorWeb 2008-10-22 13:56 . 2008-10-23 21:22 <DIR> d-------- C:\Programas\CCLEAN 2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\Vicente\Application Data\Malwarebytes 2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-22 13:19 . 2008-10-16 19:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 13:19 . 2008-10-16 19:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-22 13:10 . 2008-10-22 13:10 <DIR> d-------- C:\Programas\Nova pasta 2008-10-22 13:10 . 2008-10-22 13:19 <DIR> d-------- C:\Programas\Malwbytes 2008-10-21 23:13 . 2008-10-26 13:03 <DIR> d-------- C:\Programas\hijackt 2008-10-14 21:58 . 2008-08-14 13:23 2,193,024 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,069,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-14 21:58 . 2008-08-14 13:23 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-27 11:50 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-10-27 11:25 --------- d-----w C:\Programas\MODEM MF622 2008-10-23 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-22 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-22 02:02 --------- d-----w C:\Programas\Spybot - Search & Destroy 2008-10-21 10:19 --------- d-----w C:\Programas\Lx_cats 2008-09-15 15:25 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-14 13:23 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-06-26 07:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008062620080627\index.dat 2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Sidebar"="C:\Programas\Windows Sidebar\sidebar.exe" [2007-07-28 1230848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-20 8462336] "BDMCon"="C:\Programas\Softwin\BitDefender10\bdmcon.exe" [2008-06-26 290816] "BDAgent"="C:\Programas\Softwin\BitDefender10\bdagent.exe" [2008-06-26 69632] "SMSERIAL"="C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "Power_Gear"="C:\Programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "Wireless Console 2"="C:\Programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACMON"="C:\Programas\ASUS\Splendid\ACMON.exe" [2007-07-10 851968] "SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "ATKHOTKEY"="C:\Programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280] "lxdjamon"="C:\Programas\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480] "GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400] "nwiz"="nwiz.exe" [2007-06-20 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-08 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] --a------ 2007-07-19 14:41 49520 C:\Programas\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-20 11:21 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 03:28 144784 C:\Programas\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\lxdjcoms.exe"= "C:\\Programas\\Lexmark 1400 Series\\lxdjamon.exe"= "C:\\Programas\\Lexmark 1400 Series\\App4R.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"= "C:\\Programas\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"= R0 iastor75;iastor75;C:\WINDOWS\system32\drivers\iastor75.sys [2008-05-12 304920] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864] S1 is-SQ5V8drv;is-SQ5V8drv;C:\WINDOWS\system32\DRIVERS\31376723.sys [2008-07-08 148496] S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-09-06 24080] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Programas\Ficheiros comuns\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] "C:\Programas\Windows Sidebar\sidebar.exe" /RegServer . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-27 11:51:54 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-10-27 11:53:58 ComboFix-quarantined-files.txt 2008-10-27 11:53:51 ComboFix2.txt 2008-10-26 13:01:48 Pré-execução: 67.249.352.704 bytes livres Pós execução: 67,227,951,104 bytes livres 262 --- E O F --- 2008-10-24 13:53:12 P.S. ComboFix desta vez trancou o computador.Só desligando no botão, mas tudo rolando de novo, valeu! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 28, 2008 Bom Dia! fair <!> Voçê conhece este ficheiro? C:\WINDOWS\system32\drivers\31376723.sys <-- Este ficheiro? ------------------------ <@> Faça um scan online em: < Kaspersky > <@> Utilize para isso,o navegador Internet Explorer. <!> Acesse o site,e clique em: < > <@> Na próxima página,clique em: I Accept <@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados. <@> Na próxima página,clique em: My Computer e faça o scan. <@> Tenha paciência! <@> Aguarde a atualização da base de dados,e também do exame,que é demorado. <@> Terminando,salve e poste o relatório. <@> Clique em Save Report As... para salvar o log. <@> Salve o resultado como .txt,segundo a imagem abaixo: <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 28, 2008 Boa tarde! DigRam Não conheço essa chave -- 31376723.sys -- não :mellow:DigRam Que poderá ser? Na verdade, não uso nunca este computador e prestei-me apenas a dar uma mão aqui pois estava rolando mesmo mal e por isso penso que essa chave será desconhecida mesmo pelo usuário. Me preocupa agora os e-mails que abri desta máquina e como estará a minha :blink: O Office word é que está sempre apresentando um erro e fecha a toda a hora :wacko: Lhe agradço a ajuda e de imediato vou passar esse scanner indicado após o qual trarei seu relatório. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 28, 2008 Boa tarde de novo! DigRam Esatranhamente, foi rápido o Kaspersky scanner online e aqui está o relatório salvo: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, October 28, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, October 28, 2008 12:19:04 Records in database: 1353106 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 32412 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 00:32:15 File name / Threat name / Threats count C:\Documents and Settings\Vicente\Definições locais\Temp\Av-test.txt Infected: EICAR-Test-File 1 The selected area was scanned. Segue o do HijackThis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:56:35, on 28-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdjcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\SupportAppPT\ztemon.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programas\Softwin\BitDefender10\bdmcon.exe C:\Programas\Softwin\BitDefender10\bdagent.exe C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Programas\Wireless Console 2\wcourier.exe C:\Programas\ASUS\Splendid\ACMON.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\Programas\ATK Hotkey\Hcontrol.exe C:\Programas\Lexmark 1400 Series\lxdjamon.exe C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Windows Live\Messenger\MsnMsgr.Exe C:\Programas\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Programas\Windows Sidebar\sidebar.exe C:\Programas\ATK Hotkey\ATKOSD.exe C:\Programas\ATK Hotkey\WDC.exe C:\Programas\MODEM MF622\Modem.exe C:\WINDOWS\system32\wscntfy.exe C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Programas\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programas\hijackt\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe -- End of file - 8537 bytes Aguardo e agradeço suas novas instruções, abraço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 29, 2008 Bom Dia! fair Não conheço essa chave -- 31376723.sys -- não DigRam Que poderá ser? <!> Poderá não ser malware,mas... tente uma pesquisa pelo Jotti! ------------------------ <@> Configure o Windows,para mostrar os arquivos/pastas ocultas. <!> Link. <@> Acesse este site: --> < http://virusscan.jotti.org/ > <@> Em File to upload,coloque: C:\WINDOWS\system32\drivers\31376723.sys <@> Em seguida,clique em Submit. <@> Copie e poste,o resultado deste exame. ------------------------ <@> Abra o Malwarebytes! --> Clique em Ferramentas. <@> Clique em Executar ferramenta. <@> Na janela Open e Examinar,busque o arquivo em destaque: C:\Documents and Settings\Vicente\Definições locais\Temp\Av-test.txt <-- Este arquivo! <@> Clique em Abrir. <@> Na mensagem,clique em Sim! --> OK. O Office word é que está sempre apresentando um erro e fecha a toda a hora <!> Se for erro em uma DLL,busque copiá-la de algum cache interno,para o setor requisitante. <!> Não resolvendo,reinstale o Word. ------------------------ <@> Faça o download do TuneUp Utilities 2008. <@> Para baixar,digite o seu E-Mail e clique em Start download. <@> Salve o executável,TU2008TrialEN.exe,em Arquivos de Programas. <@> O programa é Trial! Mas...haverá tempo,para a otimização do computador. <@> Procure desfragmentar o Disco e Registro. <@> Posteriormente,voçê descobrirá que este utilitário realiza muitas funções,que são úteis ao computador. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
fair 0 Denunciar post Postado Outubro 29, 2008 Boa tarde! DigRam, Relatório do Jotti com pastas ocultas abertas: File: 31376723.sys Scan taken on 29 Oct 2008 14:36:54 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Una Nota, DigRam, pois pode vir a ser útil posteriormente. Na busca deste Arquivo, passando o rato nele, abre uma caixina dando as seguintes informações sobre o mesmo que são as seguintes: Descrição: Kif Mini-Filter Empresa: Kaspersky Lab Versão : 7.0.0.312 Data de criação: 24-10-08 - 145 kb Feita a remoção do outro arquivo com o Malwarebytes! e reiniciado o pc para o efeito. Estou baixando de imediato o Programa recomendado TuneUp Utilities 2008. E resta-me agradecer toda a sua ajuda prestada. Valeu a informação para o word tb. :thumbsup: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites