[Resolvido!] Micro infectado com Win32:Rottkit-gen(Rtk)

[Annluciap 0]

Olá,

 

segue log do Hijack, agradeço desde já pela ajuda.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:57:51, on 6/1/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINNT\system32\explorer.exe

C:\WINNT\system32\csrs.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mozilla.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\system32\explorer.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230736796784

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230737648629

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F87C3BA-776D-4EBE-83DF-7827FC401D0A}: NameServer = 200.169.117.22 200.169.119.22

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

 

--

End of file - 4520 bytes

[MGuitar 11]

- Faça o download do KillBox crie uma pasta própria para a ferramenta em C: e salve-o dentro da pasta criada;

 

● Execute o KillBox e marque a opção Delete on Reboot;

● Selecione todo o texto aqui abaixo e copie-o (Ctrl + C):

 

C:\WINNT\system32\explorer.exe

C:\WINNT\system32\csrs.exe

● Volte ao KillBox, clique no menu File > Paste from Clipboard;

● Clique no botão All Files;

● Clique no botão e ao ser perguntado Reboot Now? Confirme e reinicie seu computador em Modo de Segurança (segurando a tecla F8 na inicialização do sistema e escolhendo Modo Seguro);

 

● Já em Modo Seguro, execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo e clique no botão .

 

O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\system32\explorer.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe

Em sua próxima resposta, cole um novo log do HijackThis.

[Annluciap 0]

Olá,

 

segui as instruções, só não consegui excluir a entrada do "explore.exe".

 

Abaixo está log do hijack.

 

Obrigada de novo.

 

 

***********************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:25:52, on 8/1/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Boot mode: Safe mode

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\userinit.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mozilla.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230736796784

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230737648629

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

 

--

End of file - 3535 bytes

[MGuitar 11]

Boot mode: Safe mode

Seu log do HijackThis foi feito em Modo de Segurança. O correto é fazer em Modo Normal.

 

Peço que por favor, faça um novo log do HijackThis em Modo Normal na máquina e cole-o aqui novamente.

[Annluciap 0]

Oi, segue o log em modo normal.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:47, on 9/1/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mozilla.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230736796784

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230737648629

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F87C3BA-776D-4EBE-83DF-7827FC401D0A}: NameServer = 200.169.117.22 200.169.119.22

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

 

--

End of file - 4510 bytes

[MGuitar 11]

Oi de novo e desculpa pelo post repetido. Podes deixar um só e dar uma olhada, por favor? Agora fiz o log em modo normal.

Não se preocupe, é problema no fórum. Logo um Moderador ou Administrador deixará apenas um post.

 

Delete a pasta C:\!KillBox e delete o programa também.

 

Bem o log não mostra mais entradas maliciosas. Porém, vamos fazer uma verificação mais à fundo.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt em seu PC (como mostra no final do tutorial) e poste-o em sua próxima resposta.

 

Como está o computador?

[Annluciap 0]

Seguem logs do Kaspery e Hijack.

 

Quanto ao funcionamento do micro, está normal agora.

 

Obrigada.

 

 

********************************

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, January 10, 2009

Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, January 10, 2009 20:15:08

Records in database: 1599362

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 20610

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 01:02:14

 

No malware has been detected. The scan area is clean.

 

The selected area was scanned.

 

*******************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:21, on 10/1/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINNT\system32\regsvc.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\WINNT\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mozilla.org/

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230736796784

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230737648629

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F87C3BA-776D-4EBE-83DF-7827FC401D0A}: NameServer = 200.169.117.22 200.169.119.22

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

 

--

End of file - 4827 bytes

 

****************************

[MGuitar 11]

Delete a ferramenta KillBox.

 

Os logs estão limpos.

 

Algum problema ainda?

[Annluciap 0]

Oi,

 

nenhum problema com o micro.

 

Obrigada pela ajuda.

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.