Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

isabellajuriate

[Arquivado] pc lento

Recommended Posts

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, December 8, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, December 08, 2008 20:30:54

Records in database: 1444449

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - Critical Areas:

C:\Arquivos de programas

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

C:\Documents and Settings\cliente\Menu Iniciar\Programas\Inicializar

C:\Program Files

C:\WINDOWS

 

Scan statistics:

Files scanned: 65892

Threat name: 9

Infected objects: 49

Suspicious objects: 0

Duration of the scan: 00:53:36

 

 

File name / Threat name / Threats count

C:\WINDOWS\system32\oobe\msobcommw.dll/C:\WINDOWS\system32\oobe\msobcommw.dll Infected: Trojan-Banker.Win32.Banbra.eke 37

C:\WINDOWS\system32\wscntfx.exe//PKLite32/C:\WINDOWS\system32\wscntfx.exe//PKLite32 Infected: Trojan-Banker.Win32.Banker.abac 1

C:\WINDOWS\system32\jumps.exe//PE_Patch.PECompact//PecBundle//PECompact/C:\WINDOWS\system32\jumps.exe//PE_Patch.PECompact//PecBundle//PECompact Infected: Trojan-Banker.Win32.Banker.aays 1

C:\WINDOWS\system32\ashservec.exe Infected: Trojan-Banker.Win32.Banker.aarp 1

C:\WINDOWS\system32\ashservec.pif Infected: Trojan-Banker.Win32.Banker.aarp 1

C:\WINDOWS\system32\idmaq32.exe Infected: Trojan-Downloader.Win32.Banload.bej 1

C:\WINDOWS\system32\inglog.exe Infected: Trojan-Spy.Win32.Delf.dzt 1

C:\WINDOWS\system32\jumps.exe Infected: Trojan-Banker.Win32.Banker.aays 1

C:\WINDOWS\system32\msshell.exe Infected: Trojan-Banker.Win32.Banbra.fbt 1

C:\WINDOWS\system32\oobe\msobcommw.dll Infected: Trojan-Banker.Win32.Banbra.eke 1

C:\WINDOWS\system32\oobe\msobe.dll Infected: Trojan-Spy.Win32.Delf.eqs 1

C:\WINDOWS\system32\twumk.exe Infected: Backdoor.Win32.Agent.uur 1

C:\WINDOWS\system32\wscntfx.exe Infected: Trojan-Banker.Win32.Banker.abac 1

 

The selected area was scanned.

 

o antivirus não consegue excluir os arquivos, e as vezes não consigo nem abrir o antivirus.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:36:58, on 8/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\twumk.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\msmsgs.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: Banco do Brasil S.A. - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - C:\WINDOWS\system32\oobe\msobe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\iexplorer.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DrvStart] C:\WINDOWS\Media\HPMedia.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [msn_livers] C:\windows\temp\msnmsgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [msshell.exe] C:\WINDOWS\system32\msshell.exe

O4 - HKLM\..\Run: [wscntfx] C:\WINDOWS\system32\wscntfx.exe

O4 - HKLM\..\Run: [MSMSGS] C:\WINDOWS\msmsgs.exe /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [iexplorerskut] C:\WINDOWS\system32\dllhostc.exe

O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\system32\jumps.exe

O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202964265921

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - https://secure.gopetslive.com/dev/gopets.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - http://update.hpphoto.com/download/HPSWUpdate.ocx

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B512BD0-F74E-4E8E-A6F1-2F59ECB377BC}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

--

End of file - 13131 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, logo depois que o ComboFix reinicia meu pc, ele abre a janela dele, normal..mas ai aparece que não foi possivel abrir algo. E fica assim, tentei fazer o mesmo processo algumas vezes, com o mesmo resultado.

O que eu faço?! hahaha

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-12-29.02 - cliente 2008-12-30 2:45:07.8 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.803 [GMT -2:00]

Executando de: c:\documents and settings\cliente\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Autorun.inf

C:\SETUP.BAT

c:\windows\ponto.DLL

c:\windows\system32\autentic.dll

c:\windows\system32\configex.dll

c:\windows\system32\dllhostc.pif

c:\windows\system32\drvsrvc.dll

c:\windows\system32\MEGATRON.ini

c:\windows\system32\msghot.dll

c:\windows\TRANSFORMERS.DLL

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Gbpsv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-28 to 2008-12-30 ))))))))))))))))))))))))))))

.

 

2008-12-29 16:07 . 2008-12-29 16:07 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-12-29 16:06 . 2008-03-03 09:39 31,896,064 --a------ C:\kav.br.msi

2008-12-29 16:06 . 2007-09-05 13:56 2,684,884 --a------ C:\kav7.0pb.pdf

2008-12-29 16:06 . 2008-07-03 12:07 646 --a------ C:\setup.reg

2008-12-27 17:10 . 2008-12-27 17:10 <DIR> d-------- c:\documents and settings\Isabella\Tracing

2008-12-26 12:10 . 2008-12-26 12:17 <DIR> d-------- c:\arquivos de programas\Wise Disk Cleaner

2008-12-26 05:27 . 2008-12-26 05:27 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-12-26 03:47 . 2008-12-26 03:47 <DIR> d-------- c:\arquivos de programas\iPod

2008-12-26 03:46 . 2008-12-26 03:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-25 02:24 . 2008-12-25 02:24 <DIR> d-------- c:\documents and settings\Helena\Tracing

2008-12-24 17:12 . 2008-12-24 17:12 <DIR> d-------- c:\arquivos de programas\TaskSwitchXP

2008-12-24 17:06 . 2008-12-26 23:35 <DIR> d-------- c:\documents and settings\Isabella\Dados de aplicativos\HPAppData

2008-12-24 17:04 . 2008-12-26 23:28 <DIR> d-------- c:\documents and settings\Isabella\Dados de aplicativos\Spyware Terminator

2008-12-24 16:56 . 2008-12-24 16:56 <DIR> d-------- c:\documents and settings\Helena\Dados de aplicativos\HPAppData

2008-12-24 16:54 . 2008-12-25 02:11 <DIR> d-------- c:\documents and settings\Helena\Dados de aplicativos\Spyware Terminator

2008-12-24 16:54 . 2008-12-24 16:54 <DIR> d-------- c:\documents and settings\Helena\Dados de aplicativos\ATI

2008-12-24 16:51 . 2008-12-24 16:51 <DIR> d--h----- c:\documents and settings\Helena\Modelos

2008-12-24 16:51 . 2008-12-24 16:54 <DIR> dr------- c:\documents and settings\Helena\Meus documentos

2008-12-24 16:51 . 2008-12-24 16:51 <DIR> dr------- c:\documents and settings\Helena\Menu Iniciar

2008-12-24 16:51 . 2008-12-24 16:54 <DIR> dr------- c:\documents and settings\Helena\Favoritos

2008-12-24 16:51 . 2008-12-24 16:56 <DIR> dr-h----- c:\documents and settings\Helena\Dados de aplicativos

2008-12-24 16:51 . 2008-12-30 02:47 <DIR> d--h----- c:\documents and settings\Helena\Configurações locais

2008-12-24 16:51 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Helena\Ambiente de rede

2008-12-24 16:51 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Helena\Ambiente de impressão

2008-12-24 16:51 . 2008-12-25 02:24 <DIR> d-------- c:\documents and settings\Helena

2008-12-24 16:44 . 2008-12-24 16:44 <DIR> d-------- c:\documents and settings\Babi\Dados de aplicativos\HPAppData

2008-12-24 16:41 . 2008-12-29 11:00 <DIR> d-------- c:\documents and settings\Babi\Dados de aplicativos\Spyware Terminator

2008-12-24 16:41 . 2008-12-24 16:41 <DIR> d-------- c:\documents and settings\Babi\Dados de aplicativos\ATI

2008-12-24 16:36 . 2008-12-24 16:36 <DIR> d--h----- c:\documents and settings\Babi\Modelos

2008-12-24 16:36 . 2008-12-24 16:40 <DIR> dr------- c:\documents and settings\Babi\Meus documentos

2008-12-24 16:36 . 2008-12-24 16:36 <DIR> dr------- c:\documents and settings\Babi\Menu Iniciar

2008-12-24 16:36 . 2008-12-24 16:40 <DIR> dr------- c:\documents and settings\Babi\Favoritos

2008-12-24 16:36 . 2008-12-24 16:45 <DIR> dr-h----- c:\documents and settings\Babi\Dados de aplicativos

2008-12-24 16:36 . 2008-12-30 02:47 <DIR> d--h----- c:\documents and settings\Babi\Configurações locais

2008-12-24 16:36 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Babi\Ambiente de rede

2008-12-24 16:36 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Babi\Ambiente de impressão

2008-12-24 16:36 . 2008-12-24 16:40 <DIR> d-------- c:\documents and settings\Babi

2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- c:\documents and settings\Isabella\Dados de aplicativos\ATI

2008-12-24 16:09 . 2008-01-11 20:58 <DIR> d--h----- c:\documents and settings\Isabella\Modelos

2008-12-24 16:09 . 2008-12-24 17:18 <DIR> dr------- c:\documents and settings\Isabella\Meus documentos

2008-12-24 16:09 . 2007-11-21 20:02 <DIR> dr------- c:\documents and settings\Isabella\Menu Iniciar

2008-12-24 16:09 . 2008-12-24 17:04 <DIR> dr------- c:\documents and settings\Isabella\Favoritos

2008-12-24 16:09 . 2008-12-24 17:04 <DIR> dr-h----- c:\documents and settings\Isabella\Dados de aplicativos

2008-12-24 16:09 . 2008-12-30 02:47 <DIR> d--h----- c:\documents and settings\Isabella\Configurações locais

2008-12-24 16:09 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Isabella\Ambiente de rede

2008-12-24 16:09 . 2007-11-21 20:02 <DIR> d--h----- c:\documents and settings\Isabella\Ambiente de impressão

2008-12-24 16:09 . 2008-12-27 18:03 <DIR> d-------- c:\documents and settings\Isabella

2008-12-24 14:23 . 2004-08-04 01:45 219,648 --a------ c:\windows\system32\uxtheme.backup

2008-12-24 14:22 . 2008-12-24 17:12 <DIR> d--h----- c:\windows\NiwradSoft Shell Pack

2008-12-23 21:06 . 2008-12-23 21:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-22 13:48 . 2008-12-30 02:12 <DIR> d-------- c:\documents and settings\cliente\Tracing

2008-12-22 13:37 . 2008-12-22 13:37 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2008-12-22 13:37 . 2008-12-22 13:40 <DIR> d-------- c:\arquivos de programas\Microsoft

2008-12-22 13:26 . 2008-12-22 13:26 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

2008-12-22 11:43 . 2008-12-22 11:43 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite

2008-12-22 11:10 . 2008-12-22 11:10 <DIR> d-------- c:\arquivos de programas\Elaborate Bytes

2008-12-22 11:00 . 2008-12-22 11:00 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\DAEMON Tools Pro

2008-12-22 11:00 . 2008-12-22 11:00 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2008-12-22 10:59 . 2008-12-22 11:00 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\DAEMON Tools Lite

2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe

2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

2008-12-08 22:57 . 2008-12-08 22:57 401,720 --a------ C:\HiJackThis.exe

2008-12-08 19:20 . 2003-05-22 16:31 55,808 --a------ c:\windows\system32\lfpsd13n.dll

2008-12-07 12:04 . 2008-12-07 12:04 402 --a------ c:\windows\http.dat

2008-12-07 12:04 . 2008-12-07 12:04 2 --a------ c:\windows\tcefni.dat

2008-12-05 09:47 . 2008-12-05 09:47 <DIR> d-------- c:\documents and settings\cliente\DoctorWeb

2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll

2008-12-01 11:35 . 2008-12-01 11:35 0 --a------ c:\windows\system32\uid=3480010689861638116

2008-12-01 11:35 . 2008-12-01 11:35 0 --a------ c:\windows\system32\uid=14889419864339781108

2008-12-01 11:35 . 2008-12-01 11:35 0 --a------ c:\windows\system32\uid=13615049965973851356

2008-12-01 11:35 . 2008-12-01 11:35 0 --a------ c:\windows\system32\uid=12979582895222175415

2008-12-01 11:34 . 2008-12-01 11:34 0 --a------ c:\windows\system32\uid=7954671721861521055

2008-12-01 11:34 . 2008-12-01 11:34 0 --a------ c:\windows\system32\uid=2402891294331132839

2008-12-01 11:34 . 2008-12-01 11:34 0 --a------ c:\windows\system32\uid=18442998929960997029

2008-12-01 11:34 . 2008-12-01 11:34 0 --a------ c:\windows\system32\uid=1734057191032980193

2008-12-01 11:34 . 2008-12-01 11:34 0 --a------ c:\windows\system32\uid=10536391066324714135

2008-12-01 11:33 . 2008-12-01 11:33 0 --a------ c:\windows\system32\uid=6940512999545685200

2008-12-01 11:33 . 2008-12-01 11:33 0 --a------ c:\windows\system32\uid=5931712635052259912

2008-12-01 11:33 . 2008-12-01 11:33 0 --a------ c:\windows\system32\uid=16106345733555475539

2008-12-01 11:33 . 2008-12-01 11:33 0 --a------ c:\windows\system32\uid=1443295176900659529

2008-12-01 11:33 . 2008-12-01 11:33 0 --a------ c:\windows\system32\uid=1037072446592591902

2008-12-01 11:32 . 2008-12-01 11:32 0 --a------ c:\windows\system32\uid=9182722198931885572

2008-12-01 11:32 . 2008-12-01 11:32 0 --a------ c:\windows\system32\uid=4810590024976570334

2008-12-01 11:32 . 2008-12-01 11:32 0 --a------ c:\windows\system32\uid=3486614102032106736

2008-12-01 11:32 . 2008-12-01 11:32 0 --a------ c:\windows\system32\uid=2483969163057286216

2008-12-01 11:32 . 2008-12-01 11:32 0 --a------ c:\windows\system32\uid=16572965867911935214

2008-12-01 11:31 . 2008-12-01 11:31 0 --a------ c:\windows\system32\uid=8936057483676983513

2008-12-01 11:31 . 2008-12-01 11:31 0 --a------ c:\windows\system32\uid=7644040882627184264

2008-12-01 11:31 . 2008-12-01 11:31 0 --a------ c:\windows\system32\uid=4343790371090127784

2008-12-01 11:31 . 2008-12-01 11:31 0 --a------ c:\windows\system32\uid=2152788099707830041

2008-12-01 11:31 . 2008-12-01 11:31 0 --a------ c:\windows\system32\uid=11311372662192544522

2008-12-01 11:30 . 2008-12-01 11:30 0 --a------ c:\windows\system32\uid=9715655538989596518

2008-12-01 11:30 . 2008-12-01 11:30 0 --a------ c:\windows\system32\uid=8920416257674730868

2008-12-01 11:30 . 2008-12-01 11:30 0 --a------ c:\windows\system32\uid=7585958336905486678

2008-12-01 11:30 . 2008-12-01 11:30 0 --a------ c:\windows\system32\uid=1747176259294765405

2008-12-01 11:30 . 2008-12-01 11:30 0 --a------ c:\windows\system32\uid=16288895462589295135

2008-12-01 11:29 . 2008-12-01 11:29 0 --a------ c:\windows\system32\uid=7923391920519733944

2008-12-01 11:29 . 2008-12-01 11:29 0 --a------ c:\windows\system32\uid=14516649119377473652

2008-12-01 11:29 . 2008-12-01 11:29 0 --a------ c:\windows\system32\uid=1292420773812121079

2008-12-01 11:29 . 2008-12-01 11:29 0 --a------ c:\windows\system32\uid=12147327467597048923

2008-12-01 11:29 . 2008-12-01 11:29 0 --a------ c:\windows\system32\uid=11031349475801245154

2008-12-01 11:28 . 2008-12-01 11:28 0 --a------ c:\windows\system32\uid=7561856234262914533

2008-12-01 11:28 . 2008-12-01 11:28 0 --a------ c:\windows\system32\uid=2012687076834341833

2008-12-01 11:28 . 2008-12-01 11:28 0 --a------ c:\windows\system32\uid=18069250058896128629

2008-12-01 11:28 . 2008-12-01 11:28 0 --a------ c:\windows\system32\uid=1221593595672566552

2008-12-01 11:27 . 2008-12-05 10:39 34 --a------ c:\windows\system32\hair_society@hotmail.com

2008-12-01 10:48 . 2008-12-01 10:48 0 --a------ c:\windows\system32\uid=9725598651819748297

2008-12-01 10:48 . 2008-12-01 10:48 0 --a------ c:\windows\system32\uid=8140054821177821996

2008-12-01 10:48 . 2008-12-01 10:48 0 --a------ c:\windows\system32\uid=2071505481847037383

2008-12-01 10:48 . 2008-12-01 10:48 0 --a------ c:\windows\system32\uid=18154248158937075270

2008-12-01 10:48 . 2008-12-01 10:48 0 --a------ c:\windows\system32\uid=10665691667122314251

2008-12-01 10:47 . 2008-12-01 10:47 0 --a------ c:\windows\system32\uid=7853777855825494317

2008-12-01 10:47 . 2008-12-01 10:47 0 --a------ c:\windows\system32\uid=5504564286707290971

2008-12-01 10:47 . 2008-12-01 10:47 0 --a------ c:\windows\system32\uid=4946368720391585227

2008-12-01 10:47 . 2008-12-01 10:47 0 --a------ c:\windows\system32\uid=13730843404926760665

2008-12-01 10:47 . 2008-12-01 10:47 0 --a------ c:\windows\system32\uid=11426387483369780151

2008-12-01 10:46 . 2008-12-01 10:46 0 --a------ c:\windows\system32\uid=5895319427020869824

2008-12-01 10:46 . 2008-12-01 10:46 0 --a------ c:\windows\system32\uid=5225900068969225762

2008-12-01 10:46 . 2008-12-01 10:46 0 --a------ c:\windows\system32\uid=2434809816891747595

2008-12-01 10:46 . 2008-12-01 10:46 0 --a------ c:\windows\system32\uid=1171180478233781348

2008-12-01 10:46 . 2008-12-01 10:46 0 --a------ c:\windows\system32\uid=10367576353441846705

2008-12-01 10:45 . 2008-12-01 10:45 0 --a------ c:\windows\system32\uid=825455932771326247

2008-12-01 10:45 . 2008-12-01 10:45 0 --a------ c:\windows\system32\uid=7349585911805757373

2008-12-01 10:45 . 2008-12-01 10:45 0 --a------ c:\windows\system32\uid=1221176577932574883

2008-12-01 10:45 . 2008-12-01 10:45 0 --a------ c:\windows\system32\uid=11037622191949924269

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-30 04:34 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8

2008-12-27 16:07 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\BitTorrent

2008-12-27 15:43 --------- d-----w c:\arquivos de programas\QuickTime

2008-12-26 05:50 --------- d-----w c:\arquivos de programas\iTunes

2008-12-26 05:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2008-12-26 05:25 --------- d-----w c:\arquivos de programas\Safari

2008-12-24 19:09 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-12-24 17:59 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-12-24 17:55 35,712 ----a-w c:\documents and settings\cliente\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-12-23 23:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-23 23:01 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-12-23 13:11 --------- d-----w c:\arquivos de programas\Soulseek-Test

2008-12-22 19:05 --------- d-----w c:\arquivos de programas\EA GAMES

2008-12-22 18:39 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-12-22 15:39 --------- d-----w c:\arquivos de programas\Windows Live

2008-12-22 13:00 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\DAEMON Tools

2008-12-19 16:04 --------- d-----w c:\arquivos de programas\BitTorrent

2008-12-05 12:17 --------- d--h--w c:\arquivos de programas\Scpad

2008-12-01 19:49 535 ----a-w c:\arquivos de programas\codletra.txt

2008-09-29 15:43 84,936 ----a-w c:\windows\system32\ElbyVCD.dll

2008-07-30 17:27 0 ----a-w c:\documents and settings\cliente\Emails.dat

2007-11-29 18:00 9,386,664 ----a-w c:\arquivos de programas\ar505ptb.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 40448]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 219008]

"TrayHabil"="c:\arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe" [2008-08-05 1327104]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

"TaskSwitchXP"="c:\arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"ViOrb"="c:\windows\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe" [2008-07-09 167936]

"ViStart"="c:\windows\NiwradSoft Shell Pack\Software\ViStart\ViStart.exe" [2008-07-09 651264]

"CoolSMS"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-16 180269]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-02-24 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-08-25 51048]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 40448]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\mpegacm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^cliente^Menu Iniciar^Programas^Inicializar^RollerCoaster Tycoon 3 Registration.lnk]

path=c:\documents and settings\cliente\Menu Iniciar\Programas\Inicializar\RollerCoaster Tycoon 3 Registration.lnk

backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^cliente^Menu Iniciar^Programas^Inicializar^RollerCoaster Tycoon 3_ Wild Registration.lnk]

path=c:\documents and settings\cliente\Menu Iniciar\Programas\Inicializar\RollerCoaster Tycoon 3_ Wild Registration.lnk

backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Soulseek-Test\\slsk.exe"=

"c:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\atl02_xp.sys [2007-11-21 28416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

IE: Crawler Search - tbr:iemenu

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\audiere.dll - c:\windows\Downloaded Program Files\gopets.ocx

O16 -: {E85362EF-40D4-4E5D-BE07-D6B036CCA277}

hxxps://secure.gopetslive.com/dev/gopets.cab

c:\windows\Downloaded Program Files\gopets.inf

 

c:\windows\Downloaded Program Files\HPSWUpdate.ocx - O16 -: {EBF85371-A38F-485B-B28F-0B4C82D25937}

hxxp://update.hpphoto.com/download/HPSWUpdate.ocx

 

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}

hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

c:\windows\Downloaded Program Files\GoPetsWeb.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-30 02:47:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(248)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(304)

c:\windows\system32\setupapi.dll

.

Tempo para conclusão: 2008-12-30 2:48:59

ComboFix-quarantined-files.txt 2008-12-30 04:47:52

 

Pré-execução: 13 pasta(s) 136,270,352,384 bytes disponíveis

Pós execução: 13 pasta(s) 136,257,687,552 bytes disponíveis

 

289 --- E O F --- 2008-03-03 16:17:58

 

 

Desculpa a demora.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em Scan.

Apos isso poste o log do Hijackthis, junto com o log do Normam

Compartilhar este post


Link para o post
Compartilhar em outros sites

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/01/06 22:12:23

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2009/01/06 22:12:23, Variants: 2447702

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: IT-E4A4CC8CB73D\cliente

 

Failed to set registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scan started: 07/01/2009 20:31:51

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 4575

Number of processes/threads scanned: 4575

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 36s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\bankerfix.exe (Infected with Malware.VUK)

Deleted file

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP247\A0156977.exe (Infected with W32/Banker.DQIP)

Deleted file

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP315\A0177571.exe (Error opening file: Access denied)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP315\A0177572.dll (Error opening file: Access denied)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP315\A0177573.exe (Error opening file: Access denied)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP315\A0177574.exe (Infected with W32/Atraps.UJ)

Deleted file

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP318\A0177712.exe (Infected with W32/Smalltroj.GGYI)

File marked for defered cleaning (reboot required)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP333\A0190668.exe (Infected with W32/Smalltroj.JSKH)

File marked for defered cleaning (reboot required)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP333\A0190686.exe (Error opening file: Access denied)

 

C:\System Volume Information\_restore{9CE0F551-26BF-4696-8070-9687508E3732}\RP349\A0203843.exe (Infected with Malware.VUK)

Deleted file

 

Scanning: A:\*.*

 

Scanning: D:\*.*

 

Scanning: E:\*.*

 

Scanning: F:\*.*

 

Scanning: c:\System Volume Information\*.*

 

 

Running post-scan cleanup routine:

Failed to set registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

 

Number of files found: 192269

Number of archives unpacked: 478

Number of files scanned: 192157

Number of files not scanned: 112

Number of files skipped due to exclude list: 0

Number of infected files found: 6

Number of infected files repaired/deleted: 4

Number of infections removed: 4

Total scanning time: 1h 27m 39s

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:12, on 2009-01-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\WINDOWS\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Documents and Settings\cliente\Desktop\Norman_Malware_Cleaner.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [ViOrb] "C:\WINDOWS\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe"

O4 - HKCU\..\Run: [ViStart] "C:\WINDOWS\NiwradSoft Shell Pack\Software\ViStart\ViStart.exe"

O4 - HKUS\S-1-5-21-1275210071-1647877149-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Babi')

O4 - HKUS\S-1-5-21-1275210071-1647877149-682003330-1007\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe (User 'Babi')

O4 - HKUS\S-1-5-21-1275210071-1647877149-682003330-1007\..\Run: [ViOrb] "C:\WINDOWS\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe" (User 'Babi')

O4 - HKUS\S-1-5-21-1275210071-1647877149-682003330-1007\..\Run: [ViStart] "C:\WINDOWS\NiwradSoft Shell Pack\Software\ViStart\ViStart.exe" (User 'Babi')

O4 - HKUS\S-1-5-21-1275210071-1647877149-682003330-1007\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Babi')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202964265921

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - https://secure.gopetslive.com/dev/gopets.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - http://update.hpphoto.com/download/HPSWUpdate.ocx

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B512BD0-F74E-4E8E-A6F1-2F59ECB377BC}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

--

End of file - 13454 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sigas as instruções abaixo:

 

Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.