[Resolvido!] PC Reiniciando, Mensagem memoria virtual baixa e Vit

[Essinho 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:41:13, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9

O17 - HKLM\System\CS1\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9

O20 - Winlogon Notify: acpiz - acpiz.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

--

End of file - 5048 bytes

[PedroN 1]

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

[Essinho 0]

opa.. ^^

demorei pq tava com problemas na internet aki

XP

mais passei o scanner e deu isso aki

 

espero q tenha feito certo :unsure:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, January 6, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, January 06, 2009 16:35:19

Records in database: 1571912

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 70304

Threat name: 23

Infected objects: 36

Suspicious objects: 0

Duration of the scan: 01:51:52

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Administrador\Configurações locais\Temp\MediaBar.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aa 1

C:\Documents and Settings\Administrador\Configurações locais\Temp\Temporary Internet Files\Content.IE5\LWXHWCDN\help[1].rar Infected: Trojan.Win32.RaMag.a 1

C:\Documents and Settings\Administrador\Configurações locais\Temp\msg2AC.tmp Infected: Trojan-Downloader.Win32.VB.bou 1

C:\Documents and Settings\Administrador\Configurações locais\Temp\IH13B.tmp Infected: Trojan.Win32.VB.cyz 1

C:\Documents and Settings\Administrador\Configurações locais\Temp\IH13C.tmp Infected: Trojan.Win32.VB.cyz 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-step maspyke.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3545425-dj bia trixx.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3515163-dj bia trixx - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-dj bia trixx (hot remix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3870556-bia trixx CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP173\A0474581.dll Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0503383.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0507459.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0509513.exe Infected: Trojan-Downloader.Win32.Agent.avxv 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0511534.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530792.sys Infected: Trojan-Spy.Win32.Goldun.bdq 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0525446.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530810.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530811.cmd Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530812.cmd Infected: Trojan-GameThief.Win32.Magania.ajmv 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530813.com Infected: Worm.Win32.AutoRun.sbo 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530814.com Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530815.exe Infected: Trojan-GameThief.Win32.Magania.akfj 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530816.com Infected: Trojan-GameThief.Win32.Magania.akok 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530817.cmd Infected: Trojan-GameThief.Win32.Magania.akow 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530818.bat Infected: Trojan.Win32.Inject.knt 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530819.bat Infected: Trojan-GameThief.Win32.Magania.altw 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530820.bat Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530821.com Infected: Trojan-GameThief.Win32.Magania.amdm 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530822.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530823.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530824.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530825.BAT Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530826.com Infected: Trojan-GameThief.Win32.Magania.aiau 1

C:\FOUND.058\FILE0129.CHK Infected: Worm.Win32.Agent.mf 1

C:\FOUND.062\FILE0008.CHK Infected: Worm.Win32.Agent.mf 1

 

The selected area was scanned.

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[Essinho 0]

passei.. ai ficou assim

 

ComboFix................................................................

 

ComboFix 09-01-07.02 - Administrador 2009-01-08 14:06:55.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.366.188 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\k86.bin

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))

.

 

2009-01-07 15:37 . 2009-01-07 15:37 <DIR> d--hs---- C:\FOUND.069

2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\SC888g

2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\Common Files

2009-01-07 15:22 . 2008-04-28 15:44 1,314,905 --a------ c:\windows\system32\BemaFI32.dll

2009-01-07 15:22 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe

2009-01-07 15:22 . 2002-10-25 14:42 249,955 --a------ c:\windows\system32\MP2032.dll

2009-01-07 15:22 . 2002-08-21 17:29 240,274 --a------ c:\windows\system32\MP2032.HLP

2009-01-07 15:22 . 2002-08-21 17:29 50,688 --a------ c:\windows\system32\Mp2032.FTS

2009-01-07 15:22 . 2003-07-28 23:07 12,910 --a------ c:\windows\system32\Mp2032.GID

2009-01-07 15:22 . 2003-10-30 10:30 11,369 --a------ c:\windows\system32\BemaFI32.ini

2009-01-07 15:22 . 2000-11-28 18:47 4,256 --a------ c:\windows\system32\UserPort.sys

2009-01-07 15:22 . 2002-08-21 17:27 1,476 --a------ c:\windows\system32\MP2032.cnt

2009-01-07 15:22 . 2001-10-24 13:01 183 --a------ c:\windows\system32\UserPort.reg

2009-01-07 15:21 . 2009-01-07 15:21 438 --a------ c:\windows\system32\44e1e.ini

2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d--hs---- C:\FOUND.068

2009-01-05 13:38 . 2009-01-05 13:38 <DIR> d-------- C:\HiJackThis

2009-01-05 12:14 . 2006-03-21 12:14 45,711 --a------ c:\windows\system32\drivers\Capt9160.sys

2009-01-05 12:14 . 2006-04-03 16:37 24,138 --a------ c:\windows\system32\drivers\Camd9160.sys

2009-01-03 12:42 . 2009-01-03 12:42 <DIR> d--hs---- C:\FOUND.067

2009-01-03 10:57 . 2009-01-03 10:57 0 --a------ c:\windows\nsreg.dat

2009-01-01 23:07 . 2009-01-01 23:07 <DIR> d--hs---- C:\FOUND.066

2009-01-01 17:00 . 2009-01-01 17:00 <DIR> d--hs---- C:\FOUND.065

2008-12-30 20:46 . 2008-12-30 20:46 <DIR> d--hs---- C:\FOUND.064

2008-12-29 20:00 . 2008-12-29 20:00 <DIR> d--hs---- C:\FOUND.063

2008-12-28 17:45 . 2008-12-28 17:45 <DIR> d--hs---- C:\FOUND.062

2008-12-28 17:31 . 2008-12-28 17:31 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-12-28 17:31 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2008-12-27 18:51 . 2008-12-27 18:51 <DIR> d--hs---- C:\FOUND.061

2008-12-27 10:43 . 2008-12-27 10:43 <DIR> d--hs---- C:\FOUND.060

2008-12-26 11:57 . 2005-08-31 05:11 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2008-12-26 11:55 . 2008-12-26 11:55 <DIR> d--hs---- C:\FOUND.059

2008-12-23 20:57 . 2008-12-23 20:57 <DIR> d--hs---- C:\FOUND.058

2008-12-15 09:31 . 2008-12-15 09:31 268 --ah----- C:\sqmdata02.sqm

2008-12-15 09:31 . 2008-12-15 09:31 244 --ah----- C:\sqmnoopt02.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 06:38 3,593,216 ----a-w c:\windows\system32\DllCache\mshtml.dll

2008-11-09 13:35 12,406 ----a-w c:\windows\system32\rfs.bin

2008-10-24 11:10 453,632 ------w c:\windows\system32\DllCache\mrxsmb.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:15 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe

2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\DllCache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\DllCache\ieakui.dll

2008-09-16 00:40 4,894,156 ----a-w c:\arquivos de programas\aTube_Catcher_Installer.exe

2008-09-12 21:06 3,921,909 ----a-w c:\arquivos de programas\Tubedownloader10.exe

2008-09-10 20:10 4,860,240 ----a-w c:\arquivos de programas\MsgPlusLive-470.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"Ulead AutoDetector"="c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-28 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-28 20560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec898ee-04bc-11dc-a8da-00142ac94f7a}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609862d4-d683-11dd-adf7-00142ac94f7a}]

\Shell\AutoRun\command - F:\mnl6on3.com

\Shell\explore\Command - F:\mnl6on3.com

\Shell\open\Command - F:\mnl6on3.com

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-08 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-acpiz - acpiz.dll

SafeBoot-acup.sys

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {1DB338C4-1149-4387-BF7C-0721E534D6D9} = 200.152.50.4 200.152.58.9

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\zspu48rw.default\

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 14:08:18

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-08 14:09:31

ComboFix-quarantined-files.txt 2009-01-08 16:09:30

 

Pré-execução: 80 pasta(s) 17.284.005.888 bytes disponíveis

Pós execução: 80 pasta(s) 22,185,738,240 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\ = "Sistema operacional nÆo identificado na unidade C."

 

159 --- E O F --- 2008-12-18 23:25:09

 

 

 

 

HiJackThis......................................................................

......

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:54, on 8/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9

O17 - HKLM\System\CS1\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

--

End of file - 4333 bytes

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\FOUND.069

C:\FOUND.068

C:\FOUND.067

C:\FOUND.066

C:\FOUND.065

C:\FOUND.064

C:\FOUND.063

C:\FOUND.062

C:\FOUND.061

C:\FOUND.060

C:\FOUND.059

C:\FOUND.058

File::

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

E:\i.bat

F:\mnl6on3.com

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec898ee-04bc-11dc-a8da-00142ac94f7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609862d4-d683-11dd-adf7-00142ac94f7a}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Essinho 0]

ComboFix 09-01-07.02 - Administrador 2009-01-08 16:57:33.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.366.188 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

E:\i.bat

F:\mnl6on3.com

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\Configuraþ§es locais\Temporary Internet Files\

c:\documents and settings\LocalService\Configuraþ§es locais\Temporary Internet Files\

c:\documents and settings\NetworkService\Configuraþ§es locais\Temporary Internet Files\

C:\FOUND.058

c:\found.058\FILE0000.CHK

c:\found.058\FILE0001.CHK

c:\found.058\FILE0002.CHK

c:\found.058\FILE0003.CHK

c:\found.058\FILE0004.CHK

c:\found.058\FILE0005.CHK

c:\found.058\FILE0006.CHK

c:\found.058\FILE0007.CHK

c:\found.058\FILE0008.CHK

c:\found.058\FILE0009.CHK

c:\found.058\FILE0010.CHK

c:\found.058\FILE0011.CHK

c:\found.058\FILE0012.CHK

c:\found.058\FILE0013.CHK

c:\found.058\FILE0014.CHK

c:\found.058\FILE0015.CHK

c:\found.058\FILE0016.CHK

c:\found.058\FILE0017.CHK

c:\found.058\FILE0018.CHK

c:\found.058\FILE0019.CHK

c:\found.058\FILE0020.CHK

c:\found.058\FILE0021.CHK

c:\found.058\FILE0022.CHK

c:\found.058\FILE0023.CHK

c:\found.058\FILE0024.CHK

c:\found.058\FILE0025.CHK

c:\found.058\FILE0026.CHK

c:\found.058\FILE0027.CHK

c:\found.058\FILE0028.CHK

c:\found.058\FILE0029.CHK

c:\found.058\FILE0030.CHK

c:\found.058\FILE0031.CHK

c:\found.058\FILE0032.CHK

c:\found.058\FILE0033.CHK

c:\found.058\FILE0034.CHK

c:\found.058\FILE0035.CHK

c:\found.058\FILE0036.CHK

c:\found.058\FILE0037.CHK

c:\found.058\FILE0038.CHK

c:\found.058\FILE0039.CHK

c:\found.058\FILE0040.CHK

c:\found.058\FILE0041.CHK

c:\found.058\FILE0042.CHK

c:\found.058\FILE0043.CHK

c:\found.058\FILE0044.CHK

c:\found.058\FILE0045.CHK

c:\found.058\FILE0046.CHK

c:\found.058\FILE0047.CHK

c:\found.058\FILE0048.CHK

c:\found.058\FILE0049.CHK

c:\found.058\FILE0050.CHK

c:\found.058\FILE0051.CHK

c:\found.058\FILE0052.CHK

c:\found.058\FILE0053.CHK

c:\found.058\FILE0054.CHK

c:\found.058\FILE0055.CHK

c:\found.058\FILE0056.CHK

c:\found.058\FILE0057.CHK

c:\found.058\FILE0058.CHK

c:\found.058\FILE0059.CHK

c:\found.058\FILE0060.CHK

c:\found.058\FILE0061.CHK

c:\found.058\FILE0062.CHK

c:\found.058\FILE0063.CHK

c:\found.058\FILE0064.CHK

c:\found.058\FILE0065.CHK

c:\found.058\FILE0066.CHK

c:\found.058\FILE0067.CHK

c:\found.058\FILE0068.CHK

c:\found.058\FILE0069.CHK

c:\found.058\FILE0070.CHK

c:\found.058\FILE0071.CHK

c:\found.058\FILE0072.CHK

c:\found.058\FILE0073.CHK

c:\found.058\FILE0074.CHK

c:\found.058\FILE0075.CHK

c:\found.058\FILE0076.CHK

c:\found.058\FILE0077.CHK

c:\found.058\FILE0078.CHK

c:\found.058\FILE0079.CHK

c:\found.058\FILE0080.CHK

c:\found.058\FILE0081.CHK

c:\found.058\FILE0082.CHK

c:\found.058\FILE0083.CHK

c:\found.058\FILE0084.CHK

c:\found.058\FILE0085.CHK

c:\found.058\FILE0086.CHK

c:\found.058\FILE0087.CHK

c:\found.058\FILE0088.CHK

c:\found.058\FILE0089.CHK

c:\found.058\FILE0090.CHK

c:\found.058\FILE0091.CHK

c:\found.058\FILE0092.CHK

c:\found.058\FILE0093.CHK

c:\found.058\FILE0094.CHK

c:\found.058\FILE0095.CHK

c:\found.058\FILE0096.CHK

c:\found.058\FILE0097.CHK

c:\found.058\FILE0098.CHK

c:\found.058\FILE0099.CHK

c:\found.058\FILE0100.CHK

c:\found.058\FILE0101.CHK

c:\found.058\FILE0102.CHK

c:\found.058\FILE0103.CHK

c:\found.058\FILE0104.CHK

c:\found.058\FILE0105.CHK

c:\found.058\FILE0106.CHK

c:\found.058\FILE0107.CHK

c:\found.058\FILE0108.CHK

c:\found.058\FILE0109.CHK

c:\found.058\FILE0110.CHK

c:\found.058\FILE0111.CHK

c:\found.058\FILE0112.CHK

c:\found.058\FILE0113.CHK

c:\found.058\FILE0114.CHK

c:\found.058\FILE0115.CHK

c:\found.058\FILE0116.CHK

c:\found.058\FILE0117.CHK

c:\found.058\FILE0118.CHK

c:\found.058\FILE0119.CHK

c:\found.058\FILE0120.CHK

c:\found.058\FILE0121.CHK

c:\found.058\FILE0122.CHK

c:\found.058\FILE0123.CHK

c:\found.058\FILE0124.CHK

c:\found.058\FILE0125.CHK

c:\found.058\FILE0126.CHK

c:\found.058\FILE0127.CHK

c:\found.058\FILE0128.CHK

c:\found.058\FILE0129.CHK

c:\found.058\FILE0130.CHK

c:\found.058\FILE0131.CHK

c:\found.058\FILE0132.CHK

c:\found.058\FILE0133.CHK

c:\found.058\FILE0134.CHK

c:\found.058\FILE0135.CHK

c:\found.058\FILE0136.CHK

c:\found.058\FILE0137.CHK

c:\found.058\FILE0138.CHK

c:\found.058\FILE0139.CHK

c:\found.058\FILE0140.CHK

c:\found.058\FILE0141.CHK

c:\found.058\FILE0142.CHK

c:\found.058\FILE0143.CHK

c:\found.058\FILE0144.CHK

c:\found.058\FILE0145.CHK

c:\found.058\FILE0146.CHK

c:\found.058\FILE0147.CHK

c:\found.058\FILE0148.CHK

c:\found.058\FILE0149.CHK

c:\found.058\FILE0150.CHK

c:\found.058\FILE0151.CHK

c:\found.058\FILE0152.CHK

c:\found.058\FILE0153.CHK

c:\found.058\FILE0154.CHK

c:\found.058\FILE0155.CHK

c:\found.058\FILE0156.CHK

c:\found.058\FILE0157.CHK

c:\found.058\FILE0158.CHK

c:\found.058\FILE0159.CHK

c:\found.058\FILE0160.CHK

c:\found.058\FILE0161.CHK

c:\found.058\FILE0162.CHK

c:\found.058\FILE0163.CHK

c:\found.058\FILE0164.CHK

c:\found.058\FILE0165.CHK

c:\found.058\FILE0166.CHK

c:\found.058\FILE0167.CHK

c:\found.058\FILE0168.CHK

c:\found.058\FILE0169.CHK

c:\found.058\FILE0170.CHK

c:\found.058\FILE0171.CHK

c:\found.058\FILE0172.CHK

c:\found.058\FILE0173.CHK

c:\found.058\FILE0174.CHK

c:\found.058\FILE0175.CHK

c:\found.058\FILE0176.CHK

c:\found.058\FILE0177.CHK

c:\found.058\FILE0178.CHK

c:\found.058\FILE0179.CHK

c:\found.058\FILE0180.CHK

c:\found.058\FILE0181.CHK

c:\found.058\FILE0182.CHK

C:\FOUND.059

c:\found.059\FILE0000.CHK

c:\found.059\FILE0001.CHK

c:\found.059\FILE0002.CHK

C:\FOUND.060

c:\found.060\FILE0000.CHK

C:\FOUND.061

c:\found.061\FILE0000.CHK

c:\found.061\FILE0001.CHK

c:\found.061\FILE0002.CHK

c:\found.061\FILE0003.CHK

c:\found.061\FILE0004.CHK

c:\found.061\FILE0005.CHK

c:\found.061\FILE0006.CHK

c:\found.061\FILE0007.CHK

c:\found.061\FILE0008.CHK

c:\found.061\FILE0009.CHK

c:\found.061\FILE0010.CHK

c:\found.061\FILE0011.CHK

c:\found.061\FILE0012.CHK

c:\found.061\FILE0013.CHK

c:\found.061\FILE0014.CHK

c:\found.061\FILE0015.CHK

c:\found.061\FILE0016.CHK

c:\found.061\FILE0017.CHK

c:\found.061\FILE0018.CHK

c:\found.061\FILE0019.CHK

c:\found.061\FILE0020.CHK

c:\found.061\FILE0021.CHK

c:\found.061\FILE0022.CHK

c:\found.061\FILE0023.CHK

c:\found.061\FILE0024.CHK

c:\found.061\FILE0025.CHK

c:\found.061\FILE0026.CHK

c:\found.061\FILE0027.CHK

C:\FOUND.062

c:\found.062\FILE0000.CHK

c:\found.062\FILE0001.CHK

c:\found.062\FILE0002.CHK

c:\found.062\FILE0003.CHK

c:\found.062\FILE0004.CHK

c:\found.062\FILE0005.CHK

c:\found.062\FILE0008.CHK

c:\found.062\FILE0009.CHK

c:\found.062\FILE0010.CHK

C:\FOUND.063

c:\found.063\FILE0000.CHK

C:\FOUND.064

c:\found.064\FILE0000.CHK

c:\found.064\FILE0001.CHK

c:\found.064\FILE0002.CHK

c:\found.064\FILE0003.CHK

c:\found.064\FILE0004.CHK

c:\found.064\FILE0005.CHK

c:\found.064\FILE0006.CHK

C:\FOUND.065

c:\found.065\FILE0000.CHK

c:\found.065\FILE0001.CHK

C:\FOUND.066

c:\found.066\FILE0000.CHK

c:\found.066\FILE0001.CHK

c:\found.066\FILE0002.CHK

c:\found.066\FILE0003.CHK

c:\found.066\FILE0004.CHK

c:\found.066\FILE0005.CHK

c:\found.066\FILE0006.CHK

c:\found.066\FILE0007.CHK

c:\found.066\FILE0008.CHK

c:\found.066\FILE0009.CHK

c:\found.066\FILE0010.CHK

c:\found.066\FILE0011.CHK

c:\found.066\FILE0012.CHK

c:\found.066\FILE0013.CHK

c:\found.066\FILE0014.CHK

c:\found.066\FILE0015.CHK

c:\found.066\FILE0016.CHK

c:\found.066\FILE0017.CHK

c:\found.066\FILE0018.CHK

c:\found.066\FILE0019.CHK

c:\found.066\FILE0020.CHK

c:\found.066\FILE0021.CHK

c:\found.066\FILE0022.CHK

c:\found.066\FILE0023.CHK

c:\found.066\FILE0024.CHK

c:\found.066\FILE0025.CHK

c:\found.066\FILE0026.CHK

c:\found.066\FILE0027.CHK

c:\found.066\FILE0028.CHK

c:\found.066\FILE0029.CHK

c:\found.066\FILE0030.CHK

c:\found.066\FILE0031.CHK

c:\found.066\FILE0032.CHK

c:\found.066\FILE0033.CHK

c:\found.066\FILE0034.CHK

c:\found.066\FILE0035.CHK

c:\found.066\FILE0036.CHK

c:\found.066\FILE0037.CHK

C:\FOUND.067

c:\found.067\FILE0000.CHK

c:\found.067\FILE0001.CHK

C:\FOUND.068

c:\found.068\FILE0000.CHK

c:\found.068\FILE0001.CHK

c:\found.068\FILE0002.CHK

c:\found.068\FILE0003.CHK

c:\found.068\FILE0004.CHK

c:\found.068\FILE0005.CHK

c:\found.068\FILE0006.CHK

C:\FOUND.069

c:\found.069\FILE0000.CHK

c:\found.069\FILE0001.CHK

c:\found.069\FILE0002.CHK

c:\found.069\FILE0003.CHK

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))

.

 

2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\windows\system32\xircom

2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\windows\system32\oobe

2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d--hs---- C:\FOUND.070

2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\SC888g

2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\Common Files

2009-01-07 15:22 . 2008-04-28 15:44 1,314,905 --a------ c:\windows\system32\BemaFI32.dll

2009-01-07 15:22 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe

2009-01-07 15:22 . 2002-10-25 14:42 249,955 --a------ c:\windows\system32\MP2032.dll

2009-01-07 15:22 . 2002-08-21 17:29 240,274 --a------ c:\windows\system32\MP2032.HLP

2009-01-07 15:22 . 2002-08-21 17:29 50,688 --a------ c:\windows\system32\Mp2032.FTS

2009-01-07 15:22 . 2003-07-28 23:07 12,910 --a------ c:\windows\system32\Mp2032.GID

2009-01-07 15:22 . 2003-10-30 10:30 11,369 --a------ c:\windows\system32\BemaFI32.ini

2009-01-07 15:22 . 2000-11-28 18:47 4,256 --a------ c:\windows\system32\UserPort.sys

2009-01-07 15:22 . 2002-08-21 17:27 1,476 --a------ c:\windows\system32\MP2032.cnt

2009-01-07 15:22 . 2001-10-24 13:01 183 --a------ c:\windows\system32\UserPort.reg

2009-01-07 15:21 . 2009-01-07 15:21 438 --a------ c:\windows\system32\44e1e.ini

2009-01-05 13:38 . 2009-01-05 13:38 <DIR> d-------- C:\HiJackThis

2009-01-05 12:14 . 2006-03-21 12:14 45,711 --a------ c:\windows\system32\drivers\Capt9160.sys

2009-01-05 12:14 . 2006-04-03 16:37 24,138 --a------ c:\windows\system32\drivers\Camd9160.sys

2009-01-03 10:57 . 2009-01-03 10:57 0 --a------ c:\windows\nsreg.dat

2008-12-28 17:31 . 2008-12-28 17:31 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-12-28 17:31 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2008-12-26 11:57 . 2005-08-31 05:11 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 06:38 3,593,216 ----a-w c:\windows\system32\DllCache\mshtml.dll

2008-11-09 13:35 12,406 ----a-w c:\windows\system32\rfs.bin

2008-10-24 11:10 453,632 ------w c:\windows\system32\DllCache\mrxsmb.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:15 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe

2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\DllCache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\DllCache\ieakui.dll

2008-09-16 00:40 4,894,156 ----a-w c:\arquivos de programas\aTube_Catcher_Installer.exe

2008-09-12 21:06 3,921,909 ----a-w c:\arquivos de programas\Tubedownloader10.exe

2008-09-10 20:10 4,860,240 ----a-w c:\arquivos de programas\MsgPlusLive-470.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-08_14.08.35,53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-08 17:18:32 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_4f8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"Ulead AutoDetector"="c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-28 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-28 20560]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\zspu48rw.default\

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 17:00:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-08 17:01:22

ComboFix-quarantined-files.txt 2009-01-08 19:01:20

ComboFix3.txt 2009-01-08 16:09:34

ComboFix2.txt 2009-01-08 16:37:44

 

PrÚ-execuþÒo: 81 pasta(s) 22.104.473.600 bytes dispon¡veis

P¾s execuþÒo: 69 pasta(s) 22,095,298,560 bytes dispon¡veis

 

438 --- E O F --- 2008-12-18 23:25:09

 

 

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:02:50, on 8/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CS2\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

--

End of file - 4083 bytes

[PedroN 1]

O log estar limpo algum problema?

[Essinho 0]

apesar de estar bem mais rapido

 

o pc continua reiniciando =|

e com as mensagens de falsificação d software

e fica dando umas mensagens d memoria virtual baixa

 

:upset:

[PedroN 1]

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

[Essinho 0]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, January 17, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, January 17, 2009 19:16:22

Records in database: 1637846

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 68962

Threat name: 19

Infected objects: 31

Suspicious objects: 0

Duration of the scan: 02:07:08

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-step maspyke.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3545425-dj bia trixx.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3515163-dj bia trixx - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-dj bia trixx (hot remix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3870556-bia trixx CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP173\A0474581.dll Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0503383.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0507459.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0509513.exe Infected: Trojan-Downloader.Win32.Agent.avxv 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0511534.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530792.sys Infected: Trojan-Spy.Win32.Goldun.bdq 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0525446.INF Infected: Worm.Win32.Agent.mf 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530810.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530811.cmd Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530812.cmd Infected: Trojan-GameThief.Win32.Magania.ajmv 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530813.com Infected: Worm.Win32.AutoRun.sbo 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530814.com Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530815.exe Infected: Trojan-GameThief.Win32.Magania.akfj 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530816.com Infected: Trojan-GameThief.Win32.Magania.akok 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530817.cmd Infected: Trojan-GameThief.Win32.Magania.akow 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530818.bat Infected: Trojan.Win32.Inject.knt 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530819.bat Infected: Trojan-GameThief.Win32.Magania.altw 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530820.bat Infected: Packed.Win32.Krap.b 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530821.com Infected: Trojan-GameThief.Win32.Magania.amdm 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530822.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530823.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530824.bat Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530825.BAT Infected: Worm.Win32.AutoRun.thn 1

C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530826.com Infected: Trojan-GameThief.Win32.Magania.aiau 1

C:\Qoobox\Quarantine\C\FOUND.058\FILE0129.CHK.vir Infected: Worm.Win32.Agent.mf 1

C:\Qoobox\Quarantine\C\FOUND.062\FILE0008.CHK.vir Infected: Worm.Win32.Agent.mf 1

 

The selected area was scanned.

[PedroN 1]

O log estar limpo, algum problema?

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.