[Arquivado] Análise de Log

Scruub · Janeiro 5, 2009

Estou com um problema em minha maquina q não consigo identificar se puderem me ajudar agradeço desde já

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:08, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\sysmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Proprietário\Dados de aplicativos\gadcom\gadcom.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\csrcs.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

C:\Documents and Settings\Proprietário\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=331...itCheckError=10

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Arquivos de programas\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe

O4 - HKLM\..\Run: [sysmgr] C:\WINDOWS\system32\sysmgr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Proprietário\Dados de aplicativos\gadcom\gadcom.exe" 61A847B5BBF7281034993A466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 9443 bytes

MGuitar · Janeiro 5, 2009

- Faça o download do SDFix e salve no desktop;

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;

● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);

● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;

● Tecle Y para que a ferramenta inicie o processo de remoção;

● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;

● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;

● Uma janela com o relatório do SDFix irá aparecer;

● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.

Scruub · Janeiro 6, 2009

Fiz tudo ai esta o resultado:

:!: SDFix

SDFix: Version 1.240

Run by Propriet rio on ter 06/01/2009 at 15:21

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

Checking Services :

Name :

TDSSserv.sys

Path :

\systemroot\system32\drivers\TDSSmaxt.sys

TDSSserv.sys - Deleted

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\cftn.exe - Deleted

C:\BDXPHO.EXE - Deleted

C:\UVVLC.EXE - Deleted

C:\VGXGU.EXE - Deleted

C:\XLTP.EXE - Deleted

C:\14911808 - Deleted

C:\WINDOWS\system32\crypts.dll - Deleted

C:\WINDOWS\system32\csrcs.exe - Deleted

C:\WINDOWS\system32\msvcrt2.dll - Deleted

C:\WINDOWS\system32\drivers\TDSSmaxt.sys - Deleted

C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted

C:\WINDOWS\SYSTEM32\TDSSTKDV.log - Deleted

Folder C:\Documents and Settings\Propriet rio\Dados de aplicativos\gadcom - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-06 15:31:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000001

"ImagePath"=str(2):"C:\ARQUIV~1\GbPlugin\GbpSv.exe"

"DisplayName"="Gbp Service"

"Group"="GbPlugin Group"

"ObjectName"="LocalSystem"

"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv\Security]

"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000001

"ImagePath"=str(2):"C:\ARQUIV~1\GbPlugin\GbpSv.exe"

"DisplayName"="Gbp Service"

"Group"="GbPlugin Group"

"ObjectName"="LocalSystem"

"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv\Security]

"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

"C:\\WINDOWS\\system32\\svchosst.exe"="C:\\WINDOWS\\system32\\svchosst.exe:*:Enabled:Windows Life Messenger"

"C:\\WINDOWS\\system32\\sysmgr.exe"="C:\\WINDOWS\\system32\\sysmgr.exe:*:Enabled:Windows Life Messenger"

"C:\\WINDOWS\\system32\\system.exe"="C:\\WINDOWS\\system32\\system.exe:*:Enabled:Windows Life Messenger"

"C:\\WINDOWS\\system32\\nvsvc32.exe"="C:\\WINDOWS\\system32\\nvsvc32.exe:*:Enabled:Windows Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 5 Jan 2009 102,866 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05ff7f14e42547ea68190f4069833b46\BIT5.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\13dbf93b2453bda7ea471c0f92a7ab1f\BITF.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22bbc0297cf0212f3e507df5a9f9261d\BIT19.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\270aeaaa6679faef66e6da4371053a9f\BIT16.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3758f3b38688f313105cf72c6f72fea0\BIT10.tmp"

Mon 5 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b886d3565df48402eeadfae8512095f\BIT7.tmp"

Mon 5 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4366a60ed78e633f2c559bb3e0ac3c12\BITF.tmp"

Mon 5 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4f12aeae06bbd25e88c1a58e15d3c95\BIT13.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c47b175098f4144ba98888125fbffd0a\BITD.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd86036fd8fce77c5f9c4121444b86d3\BITB.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\BIT13.tmp"

Mon 5 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d337e1ef3bd797cc758f30fd11b5919c\BIT11.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dfff249bc0d6c71b8609623e07886a3a\BIT18.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e571454da085854e25c530c86b6f58d9\BITE.tmp"

Mon 5 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e61025f4a16c03ae98b6cd3c9021001b\BIT9.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e649b9a6a5b231b24445fdb4f4f07409\BIT11.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f17fac9caba9b9b457bfdd8b1c9b29bd\BIT15.tmp"

Tue 12 Feb 2002 53,248 A..H. --- "C:\Documents and Settings\Propriet rio\Meus documentos\SASSMAQ-MEIALUA-JULHO-2008 - ANTIGO\SASSMAQ - CRIS\~WRL1341.tmp"

Tue 6 Jan 2009 516,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d4baa067165c627acf81b788b44d62e\download\BIT1A.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7744da6ad55e1ad447863104440def74\download\BIT1C.tmp"

Mon 5 Jan 2009 234,021 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a3dd203d422fd4dd350a1bf6a6c424d\download\BIT1C.tmp"

Tue 6 Jan 2009 868,533 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8bfc499865f60096e9c722d09af67a8d\download\BIT17.tmp"

Tue 6 Jan 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bbcf9aada68f63001b6bc49ecb55e62b\download\BIT12.tmp"

Tue 6 Jan 2009 1,054,193 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c67f28fca48200022003dfd7d532fd64\download\BIT9.tmp"

Thu 6 Nov 2008 51,200 A..H. --- "C:\Documents and Settings\Propriet rio\Desktop\marcia\Meus documentos\ISO - SASSMAQ\CONTROLE DE DOCUMENTOS\FORMULµRIOS\~WRL1659.tmp"

Finished!

MGuitar · Janeiro 7, 2009

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Scruub · Janeiro 7, 2009

Então, fiz tudo corretamente baixei o Combofix passei ele e quando reinicia da erro.

Vale mencionar q o pc está bom agora mesmop sem ter passado o Combofix e só o SDFix

segue abaixo o Log do Hijackthis q esqueci de postar antes:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:35, on 07/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Proprietário\Desktop\Nova pasta\HijackThis.exe