Annluciap 0 Denunciar post Postado Fevereiro 16, 2009 Oi alguém poderia dar uma olhada, por favor, no log abaixo. Obrigada. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:51:53, on 16/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe c:\Alwil Software\Avast4\aswUpdSv.exe c:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\lenovo\system update\suservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe c:\Alwil Software\Avast4\ashMaiSv.exe c:\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe C:\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Pidgin\pidgin.exe C:\AL500\SEAR\BIN\SEAR.EXE C:\AL500\alephcom\bin\toolbar.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/br/pt R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 7187 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 17, 2009 Boa Noite! Annluciap <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Fevereiro 18, 2009 Oi, seguem os logs. Obrigada. ****************** ComboFix 09-02-17.02 - aperte enter 2009-02-18 14:15:54.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2046.1549 [GMT -3:00] Executando de: c:\documents and settings\aperte enter\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090217-0] *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro . (((((((((((((((( Arquivos/Ficheiros criados de 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))) . 2009-02-18 14:15 . 2009-02-18 14:17 <DIR> d-------- C:\ComboFix 2009-02-18 14:15 . 2009-02-18 14:17 <DIR> d-------- C:\ComboFix 2009-02-18 09:51 . 2009-02-18 09:51 <DIR> d-------- c:\windows\LastGood 2009-02-17 10:36 . 2009-02-17 10:36 <DIR> d--hs---- C:\RECYCLER 2009-02-17 10:36 . 2009-02-17 10:36 <DIR> d--hs---- C:\RECYCLER 2009-02-16 16:00 . 2009-02-18 14:15 <DIR> d-------- C:\Qoobox 2009-02-16 16:00 . 2009-02-18 14:15 <DIR> d-------- C:\Qoobox . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . d-sh--w 0 2009-02-17 13:36:45 \RECYCLER d-sh--w 0 2009-02-17 13:36:45 \RECYCLER d-sh--w 0 2009-02-13 15:42:50 \Config.Msi d-sh--w 0 2009-02-13 15:42:50 \Config.Msi d---a-w 0 2009-02-18 17:16:54 \WINDOWS d---a-w 0 2009-02-18 17:16:54 \WINDOWS d-----w 0 2009-02-18 17:17:03 \ComboFix d-----w 0 2009-02-18 17:17:03 \ComboFix d-----w 0 2009-02-18 17:15:46 \Qoobox d-----w 0 2009-02-18 17:15:46 \Qoobox d-----w 0 2009-02-18 15:00:57 \SWSHARE d-----w 0 2009-02-18 15:00:57 \SWSHARE d-----w 0 2009-02-17 14:07:51 \temp d-----w 0 2009-02-17 14:07:51 \temp d-----w 0 2009-01-22 16:35:15 \Program Files d-----w 0 2009-01-22 16:35:15 \Program Files d-----w 0 2008-12-23 13:23:44 \AL500 d-----w 0 2008-12-23 13:23:44 \AL500 2009-02-18 17:13 --------- d-----w c:\documents and settings\aperte enter\Dados de aplicativos\.purple 2009-02-16 15:26 5,427 ------w c:\windows\system32\EGATHDRV.SYS 2008-12-23 16:56 --------- d-----w c:\documents and settings\Aperte enter_2\Dados de aplicativos\.purple 2008-12-18 13:11 --------- d-----w c:\documents and settings\aperte enter\Dados de aplicativos\gtk-2.0 2008-12-15 17:51 579,072 ------w c:\windows\system32\dllcache\user32.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys --sha-w 2,145,386,496 2009-02-18 12:49:46 \pagefile.sys --sha-w 2,145,386,496 2009-02-18 12:49:46 \pagefile.sys --sha-w 2,145,308,672 2009-02-18 12:49:47 \hiberfil.sys --sha-w 2,145,308,672 2009-02-18 12:49:47 \hiberfil.sys --sh--r 251,696 2008-07-11 18:07:33 \NTLDR --sh--r 251,696 2008-07-11 18:07:33 \NTLDR --sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM --sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM --sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin --sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin --sh--r 281 2008-12-09 17:28:46 \boot.ini --sh--r 281 2008-12-09 17:28:46 \boot.ini --sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS --sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS --sh--r 0 2006-02-16 08:27:17 \IO.SYS --sh--r 0 2006-02-16 08:27:17 \IO.SYS ---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm ---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm ---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm ---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm ------w 3,894,694 2007-08-24 15:30:27 \install.log ------w 3,894,694 2007-08-24 15:30:27 \install.log . ((((((((((((((((((((((((((((( SnapShot@2009-02-16_16.02.08,85 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-18 12:50:05 16,384 -----tw c:\windows\temp\Perflib_Perfdata_1d4.dat - 2009-02-16 15:26:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_70c.dat + 2009-02-18 12:49:55 16,384 -----tw c:\windows\temp\Perflib_Perfdata_70c.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\windows\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "avast!"="c:\alwils~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Aleph 500.14.2 Version Check.lnk - c:\al500\ALEPHCOM\BIN\VERSION.EXE [2008-12-23 761856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-06-18 14:06 49152 c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-10 20560] R2 PrivateDisk;PrivateDisk;c:\arquivos de programas\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368] R2 smi2;smi2;c:\arquivos de programas\SMI2\smi2.sys [2006-07-14 3968] . Conteúdo da pasta 'Tarefas Agendadas' 2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.ufrgs.br/ufrgs/ uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/br/pt IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ufrgs.br\www11 TCP: {154EE3C1-6D0E-4F5F-9AD4-2F66BD914029} = 143.54.1.52,143.54.1.53 FF - ProfilePath - c:\documents and settings\aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\l2uqh3h3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ufrgs.br FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 14:16:52 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\Ati2evxx.dll c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll . Tempo para conclusão: 2009-02-18 14:17:53 ComboFix-quarantined-files.txt 2009-02-18 17:17:51 ComboFix2.txt 2009-02-16 19:02:48 ComboFix3.txt 2008-12-11 12:19:00 Pré-execução: 29 pasta(s) 129.539.317.760 bytes disponíveis Pós execução: 29 pasta(s) 129,525,215,232 bytes disponíveis 139 --- E O F --- 2009-02-18 17:06:16 ******************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:19:53, on 18/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe c:\Alwil Software\Avast4\aswUpdSv.exe c:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\lenovo\system update\suservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe C:\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\explorer.exe c:\Alwil Software\Avast4\ashMaiSv.exe c:\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/br/pt O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 7141 bytes *********************** Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 18, 2009 Boa Tarde! Annluciap Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... ) <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] REGNULL:: [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•6~*] <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Fevereiro 19, 2009 Oi, seguem os novos logs. Obrigada. ****************** ComboFix 09-02-17.02 - aperte enter 2009-02-19 15:59:27.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2046.1579 [GMT -3:00] Executando de: c:\documents and settings\aperte enter\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\aperte enter\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro . (((((((((((((((( Arquivos/Ficheiros criados de 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))) . 2009-02-19 15:58 . 2009-02-19 16:00 <DIR> d-------- C:\ComboFix 2009-02-19 15:58 . 2009-02-19 16:00 <DIR> d-------- C:\ComboFix 2009-02-19 14:40 . 2009-02-19 14:40 <DIR> d--hs---- C:\RECYCLER 2009-02-19 14:40 . 2009-02-19 14:40 <DIR> d--hs---- C:\RECYCLER 2009-02-19 09:46 . 2009-02-19 09:46 <DIR> d-------- c:\windows\LastGood 2009-02-19 09:45 . 2009-02-19 09:45 <DIR> d-------- C:\493a4eed62c4122cf127 2009-02-19 09:45 . 2009-02-19 09:45 <DIR> d-------- C:\493a4eed62c4122cf127 2009-02-19 09:45 . 2009-02-19 09:45 <DIR> d-------- C:\493a4eed62c4122cf127 2009-02-16 16:00 . 2009-02-19 15:59 <DIR> d-------- C:\Qoobox 2009-02-16 16:00 . 2009-02-19 15:59 <DIR> d-------- C:\Qoobox . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . d-sh--w 0 2009-02-19 17:40:47 \RECYCLER d-sh--w 0 2009-02-19 17:40:47 \RECYCLER d-sh--w 0 2009-02-13 15:42:50 \Config.Msi d-sh--w 0 2009-02-13 15:42:50 \Config.Msi d---a-w 0 2009-02-19 19:00:51 \WINDOWS d---a-w 0 2009-02-19 19:00:51 \WINDOWS 2009-02-19 18:54 --------- d-----w c:\documents and settings\aperte enter\Dados de aplicativos\.purple 2009-02-16 15:26 5,427 ------w c:\windows\system32\EGATHDRV.SYS 2008-12-23 16:56 --------- d-----w c:\documents and settings\Aperte enter_2\Dados de aplicativos\.purple 2008-12-15 17:51 579,072 ------w c:\windows\system32\dllcache\user32.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys --sha-w 2,145,386,496 2009-02-19 12:38:52 \pagefile.sys --sha-w 2,145,386,496 2009-02-19 12:38:52 \pagefile.sys --sha-w 2,145,308,672 2009-02-19 12:38:54 \hiberfil.sys --sha-w 2,145,308,672 2009-02-19 12:38:54 \hiberfil.sys --sh--r 251,696 2008-07-11 18:07:33 \NTLDR --sh--r 251,696 2008-07-11 18:07:33 \NTLDR --sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM --sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM --sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin --sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin --sh--r 281 2008-12-09 17:28:46 \boot.ini --sh--r 281 2008-12-09 17:28:46 \boot.ini --sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS --sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS --sh--r 0 2006-02-16 08:27:17 \IO.SYS --sh--r 0 2006-02-16 08:27:17 \IO.SYS ---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm ---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm ---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm ---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm ------w 3,894,694 2007-08-24 15:30:27 \install.log ------w 3,894,694 2007-08-24 15:30:27 \install.log . ((((((((((((((((((((((((((((( SnapShot@2009-02-16_16.02.08,85 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-19 12:39:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1bc.dat + 2009-02-19 12:39:13 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1dc.dat + 2009-02-19 12:39:02 16,384 ----atw c:\windows\temp\Perflib_Perfdata_718.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\windows\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "avast!"="c:\alwils~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Aleph 500.14.2 Version Check.lnk - c:\al500\ALEPHCOM\BIN\VERSION.EXE [2008-12-23 761856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-06-18 14:06 49152 c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-10 20560] R2 PrivateDisk;PrivateDisk;c:\arquivos de programas\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368] R2 smi2;smi2;c:\arquivos de programas\SMI2\smi2.sys [2006-07-14 3968] . Conteúdo da pasta 'Tarefas Agendadas' 2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.ufrgs.br/ufrgs/ uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/br/pt IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ufrgs.br\www11 TCP: {154EE3C1-6D0E-4F5F-9AD4-2F66BD914029} = 143.54.1.52,143.54.1.53 FF - ProfilePath - c:\documents and settings\aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\l2uqh3h3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ufrgs.br FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-19 16:00:49 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\Ati2evxx.dll c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll . Tempo para conclusão: 2009-02-19 16:01:53 ComboFix-quarantined-files.txt 2009-02-19 19:01:50 ComboFix2.txt 2009-02-18 17:17:54 ComboFix3.txt 2009-02-16 19:02:48 ComboFix4.txt 2008-12-11 12:19:00 Pré-execução: 30 pasta(s) 129.176.399.872 bytes disponíveis Pós execução: 30 pasta(s) 129,162,158,080 bytes disponíveis 131 --- E O F --- 2009-02-19 12:46:02 ****************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:59, on 19/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe c:\Alwil Software\Avast4\aswUpdSv.exe c:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\lenovo\system update\suservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe C:\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\explorer.exe c:\Alwil Software\Avast4\ashMaiSv.exe c:\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/br/pt O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53 O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 7141 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 19, 2009 Boa Tarde! Annluciap <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK. <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <><><><><><><><><> <!> Estabeleça uma vacina,para suas unidades removíveis,com o Flash Disinfector. <><><><><><><><><> <@> Baixe: < Flash Disinfector > <@> Salve-o,diretamente,no Disco Local-C. <@> Conecte,na entrada USB,suas unidades removíveis! <@> Dê um duplo clique em: Flash_Disinfector.exe <@> Espere a conclusão! <><><><><><><><><> <!> O log está limpo! :thumbsup: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Março 4, 2009 Olá, desculpa pela demora da mensagem. Obrigada pela ajuda. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 4, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites