nandopais 0 Denunciar post Postado Julho 10, 2009 bom dia pessoal sera que vcs poderiam me ajudar a decifrar esse log??? o computador esta muito estranho nao abre propriedades de nada Obrigado ComboFix 09-07-07.A9 - Administrador 08/07/2009 12:37.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.795 [GMT -3:00] Executando de: c:\documents and settings\Administrador.VERONICA.002\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\11b2c3.msp c:\windows\Installer\122a7a7.msp c:\windows\Installer\1514937.msp c:\windows\Installer\1514991.msp c:\windows\Installer\dceca.msp c:\windows\Installer\fc8f4.msp . (((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))) . 2009-07-08 15:21 . 2009-07-08 15:21 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\IECompatCache 2009-07-08 15:21 . 2009-07-08 15:21 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\PrivacIE 2009-07-08 14:32 . 2009-07-08 14:32 -------- d-----w- c:\windows\system32\bits 2009-07-08 14:29 . 2009-07-08 14:29 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Ambiente de impressão 2009-07-08 14:29 . 2009-07-08 14:29 -------- d-----r- c:\documents and settings\Administrador.VERONICA.002\Menu Iniciar 2009-07-08 14:09 . 2009-07-08 15:21 -------- d-----w- c:\documents and settings\Administrador.VERONICA.002\Favoritos 2009-07-08 13:54 . 2009-07-08 13:54 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\IETldCache 2009-07-08 13:46 . 2009-07-08 13:46 -------- d-sh--w- c:\documents and settings\Veronica\IETldCache 2009-07-08 13:42 . 2009-07-08 13:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-08 13:33 . 2008-04-13 22:20 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll 2009-07-08 13:33 . 2008-04-13 22:20 1306624 ------w- c:\windows\system32\msxml6.dll 2009-07-08 13:33 . 2008-04-13 21:58 86016 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2009-07-08 13:33 . 2008-04-13 21:58 86016 ------w- c:\windows\system32\msxml6r.dll 2009-07-08 13:33 . 2007-06-26 02:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip 2009-07-08 13:33 . 2007-06-26 01:56 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip 2009-07-08 13:33 . 2008-04-13 22:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll 2009-07-08 13:33 . 2008-04-13 14:45 46592 ------w- c:\windows\system32\drivers\irbus.sys 2009-07-08 13:30 . 2009-07-08 13:30 -------- d-----w- c:\windows\ServicePackFiles 2009-07-08 13:30 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2009-07-08 12:59 . 2009-07-08 14:28 -------- dc-h--w- c:\windows\ie8 2009-07-08 12:41 . 2009-07-08 12:41 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security 2009-07-08 12:35 . 2009-07-08 12:35 -------- d-----w- c:\arquivos de programas\VS Revo Group 2009-07-08 12:23 . 2009-07-08 14:33 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Configurações locais 2009-07-08 12:23 . 2009-07-08 14:29 -------- d--h--r- c:\documents and settings\Administrador.VERONICA.002\Dados de aplicativos 2009-07-08 12:23 . 2009-07-08 14:29 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Modelos 2009-07-08 12:23 . 2009-07-08 15:21 -------- d-----w- c:\documents and settings\Administrador.VERONICA.002 2009-07-08 12:06 . 2009-07-08 12:06 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-08 12:05 . 2009-07-08 14:29 -------- d-s---w- c:\documents and settings\Administrador.VERONICA.001 2009-07-08 12:05 . 2009-07-08 14:29 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Configurações locais 2009-07-08 12:05 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Modelos 2009-07-08 12:05 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Dados de aplicativos 2009-07-06 11:41 . 2009-07-04 13:24 2052376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-07-06 11:41 . 2009-07-04 13:24 906520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgemc.exe 2009-07-06 11:41 . 2009-06-12 12:20 327688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys 2009-07-06 11:41 . 2009-06-12 12:20 3402008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe 2009-07-06 11:41 . 2009-06-12 12:20 1204504 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgabout.dll 2009-07-06 11:40 . 2009-06-12 12:16 1085208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe 2009-07-04 13:31 . 2009-07-04 13:31 -------- d-----w- C:\logs 2009-07-04 13:30 . 2008-05-24 00:17 40960 ----a-w- c:\windows\system32\lxduvs.dll 2009-07-04 13:30 . 2008-04-24 04:34 360448 ----a-w- c:\windows\system32\lxducoin.dll 2009-07-04 13:30 . 2001-09-06 02:50 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-07-04 13:30 . 2001-09-06 02:50 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2009-07-04 13:30 . 2008-05-10 01:42 81920 ----a-w- c:\windows\system32\lxducaps.dll 2009-07-04 13:30 . 2008-05-10 01:42 1036288 ----a-w- c:\windows\system32\lxdudrs.dll 2009-07-04 13:30 . 2008-05-10 01:29 69632 ----a-w- c:\windows\system32\lxducnv4.dll 2009-07-04 13:30 . 2009-07-04 13:30 -------- d-----w- c:\arquivos de programas\Lexmark Printable Web 2009-07-04 13:29 . 2008-05-24 00:58 17064 ----a-w- c:\windows\system32\LXDUwupd.exe 2009-07-04 13:29 . 2008-04-15 23:08 352256 ----a-w- c:\windows\system32\LXDUwupd.dll 2009-07-04 13:24 . 2009-07-04 13:24 3298072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe 2009-07-04 13:24 . 2009-07-04 13:24 829208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcfgx.dll 2009-07-04 13:24 . 2009-06-12 12:20 1261344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgwd.dll 2009-07-04 13:22 . 2009-07-04 13:22 1454360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll 2009-07-04 13:17 . 2009-07-08 14:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP 2009-07-02 12:47 . 2009-07-02 12:47 -------- d-----w- c:\arquivos de programas\Bradesco 2009-07-02 12:47 . 2009-07-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Borland Shared 2009-07-02 12:47 . 2009-07-04 13:16 -------- d-----w- C:\SistecPro 2009-06-30 12:54 . 2009-06-30 12:54 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\Lexmark Productivity Studio 2009-06-30 12:34 . 2009-07-04 13:18 -------- d-----w- C:\RECYCLER(2) 2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Configurações locais 2009-06-30 12:00 . 2009-07-04 13:18 -------- d-s---w- c:\documents and settings\Administrador 2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Modelos 2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos 2009-06-29 21:37 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\5600-6600 Series 2009-06-29 21:36 . 2009-07-07 21:04 -------- d-----w- c:\documents and settings\All Users\Lx_cats 2009-06-29 21:28 . 2009-06-29 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\5600-6600 Series 2009-06-29 21:27 . 2009-07-04 13:18 -------- d-----w- c:\arquivos de programas\Abbyy FineReader 6.0 Sprint 2009-06-29 21:25 . 2009-07-04 13:30 -------- d-----w- c:\arquivos de programas\Lexmark 5600-6600 Series . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 15:25 . 2001-10-28 12:07 68190 ----a-w- c:\windows\system32\perfc016.dat 2009-07-08 15:25 . 2001-10-28 12:07 427986 ----a-w- c:\windows\system32\perfh016.dat 2009-07-08 14:29 . 2009-07-04 13:16 -------- d-----w- c:\arquivos de programas\Telefonica 2009-07-08 14:28 . 2008-05-14 20:43 -------- d-----w- c:\arquivos de programas\EPSON 2009-07-08 14:28 . 2008-09-01 13:25 -------- d-----w- c:\arquivos de programas\HP 2009-07-07 21:01 . 2008-05-19 14:23 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\AdobeUM 2009-07-06 11:41 . 2008-05-15 12:18 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-04 13:24 . 2008-05-15 12:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-12 11:44 . 2008-07-02 12:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-12 11:44 . 2008-05-15 12:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll 2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2008-05-15 13:37 . 2008-05-14 20:56 56 -csh--r- c:\windows\system32\7AEA4ACACF.sys 2009-03-18 20:57 . 2008-05-14 20:56 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-01-26 12:48 . 2009-01-26 13:16 2528 -csh--r- c:\windows\system32\DirectX\Dinput\desktop.inf.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-12 11:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgtray.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\lxducoms.exe"= R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/5/2008 09:19 108552] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/5/2008 09:18 335752] S2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2/7/2008 09:42 907032] S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/7/2008 09:42 298776] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/7/2009 10:30 98984] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Conteúdo da pasta 'Tarefas Agendadas' 2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{28833635-16E8-43C1-9DEC-2D32CFDEAA3D}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 07:31] 2009-07-07 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ TCP: {9CEF9A05-56D6-428A-9C72-4ECBEA861739} = 200.204.0.10,200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: PrivateWire - hxxp://cmt.caixa.gov.br/jpw.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-08 12:44 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-2000478354-362288127-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a9,3d,5f,e0,79,85,43,b3,c1,cb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a9,3d,5f,e0,79,85,43,b3,c1,cb,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Tempo para conclusão: 2009-07-08 12:47 ComboFix-quarantined-files.txt 2009-07-08 15:45 ComboFix2.txt 2009-06-30 12:25 Pré-execução: 18 pasta(s) 44.694.740.992 bytes disponíveis Pós execução: 18 pasta(s) 45.229.281.280 bytes disponíveis 179 --- E O F --- 2009-07-08 13:48 Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 10, 2009 :thumbsup: Olá Nandopais! Alguns problemas foram removidos pelo Combofix. Poste, por gentileza, um log do Hijackthis seguindo as dicas deste tópico abaixo para que ele seja analizado: http://forum.imasters.com.br/index.php?showtopic=165906 Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
nandopais 0 Denunciar post Postado Julho 10, 2009 ola,, aqui esta lo log obrigado Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:39, on 10/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\lxducoms.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Outlook Express\msimn.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\hi\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Arquivos de programas\Lexmark Printable Web\bho.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210598237328 O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEF9A05-56D6-428A-9C72-4ECBEA861739}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 6505 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 10, 2009 :seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ___________________________________________________________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: - Faça o download do Malwarebytes Anti-Malware. * Faça a instalação dando um duplo clique em "mbam-setup.exe"; *Selecione a linguagem Português (Brasil) *Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware" *Se alguma atualização existir, o download será automático *Não faça ainda scan!!! *Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). * Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal *Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa" *Clique no botão: "Verificar" * Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação” *Ao término do scan, clique em "OK" > "Mostrar Resultados" *Selecione todas as entradas e clique em "Remover Selecionados" *Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM" *Um log será apresentado com o resultado das ações *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. *Ao término do processo, reinicie o PC em Modo Normal. * Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo. *Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 10, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
