[Arquivado] Tenho um Vírus que ñ consigo tirar

[Rúbia Botelho 0]

Passei o avg mais ñ resolveu o problema, tenho vírus no computador ele fica travando toda hora e abrindo paginas da internet sem q eu mecha nele. Aguardo resposta.

Att. Rúbia Botelho!!!

 

Esqueci do log. Ai vai.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:46:41, on 12/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\csrcs.exe

C:\WINDOWS\msb.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\TEMP\5164C5FD.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\sopidkc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\fabiana\Configurações locais\Temporary Internet Files\Content.IE5\OXEVWHIB\HiJackThis[1].exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: XML module - {500bca15-57a7-4eaf-8143-8c619470b13d} - C:\WINDOWS\system32\msxml71.dll (file missing)

O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)

O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [eerbb] C:\WINDOWS\TEMP\5164C5FD.exe

O4 - HKLM\..\Run: [18285464] C:\Documents and Settings\All Users\Dados de aplicativos\18285464\18285464.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [NordBull] C:\WINDOWS\msb.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: e&xportar para o microsoft excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O11 - Options group: [java_sun] Java (Sun)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{622F0F92-DE1E-4F03-B015-93357729350F}: NameServer = 200.204.0.10

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: sopidkc Service (sopidkc) - Sigma Designs Inc - C:\WINDOWS\system32\sopidkc.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 6330 bytes

[DigRam 144]

Boa Tarde! Rúbia Botelho

 

<@> Baixe: < > Malwarebytes

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt

<><><><><><><><><><>

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Rúbia Botelho 0]

Bom ai estão os logs

 

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2612

Windows 5.1.2600 Service Pack 3

 

12/8/2009 17:32:54

mbam-log-2009-08-12 (17-32-54).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|G:\|H:\|)

Objetos verificados: 109398

Tempo decorrido: 24 minute(s), 55 second(s)

 

Processos da Memória infectados: 3

Módulos de Memória Infectados: 1

Chaves do Registro infectadas: 19

Valores do Registro infectados: 15

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 73

 

Processos da Memória infectados:

C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ntalme (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nordbull (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18285464 (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\fabiana\Configurações locais\Temp\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022656.old (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP52\A0023869.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP52\A0023888.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024935.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024901.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024909.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024932.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024936.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024954.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024956.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030273.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030378.exe (Trojan-Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030379.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030380.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_837923340521.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_85204708748.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_85329171175.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_887773225135.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_890205257791.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_92322293759.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_98488682118.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_2433266927.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_558729680452.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_83658332449.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_24351734361.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_270234823574.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_317560897487.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_327261624464.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_381589446923.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_407671676890.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_409635794330.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_43316586075.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_456638628594.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_477532275973.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_507649758298.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_544773115116.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_12764346384.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_133033729577.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_143193454163.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_1957622006.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_199969763715.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_22682862485.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_231316152851.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_243243487374.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_597077625224.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_608306444192.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_635004477115.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_66074754106.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_668861745316.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_670120206701.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_698062846076.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_730769411434.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_74463983579.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\txpxr_832993878924.b1k (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\fabiana\Dados de aplicativos\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\fabiana\Dados de aplicativos\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090528.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090529.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090530.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090531.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090601.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\KBPK090602.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

Scan

----

Scanned: 311452

Detected: 10

Untreated: 10

Start time: 12/8/2009 19:13:16

Duration: 03:44:11

Finish time: 12/8/2009 22:57:27

 

 

Detected

--------

Status Object

------ ------

detected: Trojan program Backdoor.Win32.NewRest.z File: c:\windows\system32\drivers\a2275abd.sys

detected: Trojan program Packed.Win32.Klone.bj File: C:\Documents and Settings\All Users\Documentos\mxvfhq.exe//PE_Patch.UPX//UPX

detected: Trojan program Trojan.Win32.VB.thk File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022657.old

detected: Trojan program Trojan.Win32.VB.thk File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022661.old

detected: Trojan program Trojan.Win32.VB.thk File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022664.old

detected: Trojan program Packed.Win32.Klone.bj File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP50\A0022785.exe

detected: Trojan program Packed.Win32.Klone.bj File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024911.exe//PE_Patch.UPX//UPX

detected: Trojan program Backdoor.Win32.NewRest.an File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030377.exe/install.exe

detected: Trojan program Backdoor.Win32.NewRest.z File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031406.sys

detected: Trojan program Packed.Win32.Klone.bj File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031407.exe//PE_Patch.UPX//UPX

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

12/8/2009 19:16:10 File: c:\windows\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 19:16:10 File: c:\windows\system32\drivers\a2275abd.sys not disinfected postponed

12/8/2009 19:38:46 File: c:\windows\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 19:38:46 File: c:\windows\system32\drivers\a2275abd.sys not disinfected postponed

12/8/2009 20:03:39 File: C:\Documents and Settings\All Users\Documentos\mxvfhq.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 20:03:39 File: C:\Documents and Settings\All Users\Documentos\mxvfhq.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022657.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022657.old not disinfected postponed

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022661.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022661.old not disinfected postponed

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022664.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 20:31:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022664.old not disinfected postponed

12/8/2009 20:32:12 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP50\A0022785.exe detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 20:32:12 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP50\A0022785.exe not disinfected postponed

12/8/2009 20:32:22 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024911.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 20:32:22 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024911.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 20:37:59 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030377.exe/install.exe detected Trojan program 'Backdoor.Win32.NewRest.an'

12/8/2009 20:37:59 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030377.exe/install.exe not disinfected postponed

12/8/2009 20:38:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031406.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 20:38:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031406.sys not disinfected postponed

12/8/2009 20:38:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031407.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 20:38:00 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031407.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 21:12:52 File: C:\WINDOWS\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 21:12:52 File: C:\WINDOWS\system32\drivers\a2275abd.sys not disinfected postponed

12/8/2009 21:39:06 File: C:\Documents and Settings\All Users\Documentos\mxvfhq.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 21:39:06 File: C:\Documents and Settings\All Users\Documentos\mxvfhq.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022657.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022657.old not disinfected postponed

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022661.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022661.old not disinfected postponed

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022664.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:06:32 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP48\A0022664.old not disinfected postponed

12/8/2009 22:07:40 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP50\A0022785.exe detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:07:40 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP50\A0022785.exe not disinfected postponed

12/8/2009 22:07:50 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024911.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:07:50 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP53\A0024911.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 22:13:26 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030377.exe/install.exe detected Trojan program 'Backdoor.Win32.NewRest.an'

12/8/2009 22:13:26 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0030377.exe/install.exe not disinfected postponed

12/8/2009 22:13:27 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031406.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 22:13:27 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031406.sys not disinfected postponed

12/8/2009 22:13:27 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031407.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:13:27 File: C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP58\A0031407.exe//PE_Patch.UPX//UPX not disinfected postponed

12/8/2009 22:49:04 File: C:\WINDOWS\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 22:49:04 File: C:\WINDOWS\system32\drivers\a2275abd.sys not disinfected postponed

12/8/2009 22:50:49 File: c:\windows\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 22:57:09 File: c:\windows\system32\drivers\a2275abd.sys not disinfected cannot be disinfected

12/8/2009 22:57:20 File: c:\windows\system32\drivers\a2275abd.sys not disinfected skipped by user

12/8/2009 22:57:20 File: c:\documents and settings\all users\documentos\mxvfhq.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:57:20 File: c:\documents and settings\all users\documentos\mxvfhq.exe//PE_Patch.UPX//UPX not disinfected skipped by user

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022657.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022657.old not disinfected skipped by user

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022661.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022661.old not disinfected skipped by user

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022664.old detected Trojan program 'Trojan.Win32.VB.thk'

12/8/2009 22:57:22 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022664.old not disinfected skipped by user

12/8/2009 22:57:23 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp50\a0022785.exe detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:57:23 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp50\a0022785.exe not disinfected skipped by user

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp53\a0024911.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp53\a0024911.exe//PE_Patch.UPX//UPX not disinfected skipped by user

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0030377.exe/install.exe detected Trojan program 'Backdoor.Win32.NewRest.an'

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0030377.exe/install.exe not disinfected skipped by user

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031406.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

12/8/2009 22:57:26 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031406.sys not disinfected skipped by user

12/8/2009 22:57:27 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031407.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

12/8/2009 22:57:27 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031407.exe//PE_Patch.UPX//UPX not disinfected skipped by user

13/8/2009 03:02:07 File: c:\windows\system32\drivers\a2275abd.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

13/8/2009 03:06:51 File: c:\windows\system32\drivers\a2275abd.sys not disinfected cannot be disinfected

13/8/2009 03:07:06 File: c:\windows\system32\drivers\a2275abd.sys not disinfected skipped by user

13/8/2009 03:07:06 File: c:\documents and settings\all users\documentos\mxvfhq.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

13/8/2009 03:07:06 File: c:\documents and settings\all users\documentos\mxvfhq.exe//PE_Patch.UPX//UPX not disinfected cannot be disinfected

13/8/2009 03:07:06 File: c:\documents and settings\all users\documentos\mxvfhq.exe//PE_Patch.UPX//UPX not disinfected skipped by user

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022657.old detected Trojan program 'Trojan.Win32.VB.thk'

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022657.old not disinfected skipped by user

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022661.old detected Trojan program 'Trojan.Win32.VB.thk'

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022661.old not disinfected skipped by user

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022664.old detected Trojan program 'Trojan.Win32.VB.thk'

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp48\a0022664.old not disinfected skipped by user

13/8/2009 03:07:06 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp50\a0022785.exe detected Trojan program 'Packed.Win32.Klone.bj'

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp50\a0022785.exe not disinfected cannot be disinfected

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp50\a0022785.exe not disinfected skipped by user

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp53\a0024911.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp53\a0024911.exe//PE_Patch.UPX//UPX not disinfected cannot be disinfected

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp53\a0024911.exe//PE_Patch.UPX//UPX not disinfected skipped by user

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0030377.exe/install.exe detected Trojan program 'Backdoor.Win32.NewRest.an'

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0030377.exe/install.exe not disinfected skipped by user

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031406.sys detected Trojan program 'Backdoor.Win32.NewRest.z'

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031406.sys not disinfected cannot be disinfected

13/8/2009 03:07:07 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031406.sys not disinfected skipped by user

13/8/2009 03:07:08 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031407.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

13/8/2009 03:07:08 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031407.exe//PE_Patch.UPX//UPX not disinfected cannot be disinfected

13/8/2009 03:07:08 File: c:\system volume information\_restore{8a611e20-47ea-4720-8e8c-f5f45080199d}\rp58\a0031407.exe//PE_Patch.UPX//UPX not disinfected skipped by user

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 311452 10 10 0 0 11466 3364 0 2

System memory 745 0 0 0 0 1 0 0 0

Startup objects 656 1 1 0 0 1 107 0 0

Disk boot sectors 2 0 0 0 0 0 0 0 0

Meus documentos 19386 0 0 0 0 3222 348 0 0

Mail databases 2 0 0 0 0 1 0 0 0

Meu computador 146032 9 9 0 0 4122 1508 0 1

Disco local (C:) 144629 0 0 0 0 4119 1401 0 1

Disco removível (D:) 0 0 0 0 0 0 0 0 0

Disco removível (E:) 0 0 0 0 0 0 0 0 0

Disco removível (F:) 0 0 0 0 0 0 0 0 0

Disco removível (G:) 0 0 0 0 0 0 0 0 0

Unidade de CD (H:) 0 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:05:27, on 13/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\TEMP\5164C5FD.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\fabiana\Desktop\Virus Removal Tool\is-Q0706\is-Q0706.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\fabiana\Configurações locais\Temporary Internet Files\Content.IE5\OXEVWHIB\HiJackThis[1].exeC:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.live.com/sphome.aspx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)

O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search

Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live -

{9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [eerbb] C:\WINDOWS\TEMP\5164C5FD.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-Q0706.lnk = C:\Documents and Settings\fabiana\Desktop\Virus Removal Tool\is-Q0706\startup.exe

O8 - Extra context menu item: e&xportar para o microsoft excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780b25-18cc-41c8-b9be-3c9c571a8263} -

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O11 - Options group: [java_sun] Java (Sun)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} (UnoCtrl Class) -

http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Servic\Tcpi\\{622F0F92DE1E4F03B015-93357729350F}:NameServer = 200.204.0.10

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 5911 bytes

 

Obrigada!!!

[DigRam 144]

Boa Tarde! Rúbia Botelho

 

<@> Estabeleça um ponto limpo,na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><><>

<@> Baixe: < DrWebCureIt >

<@> Caso tenha dificuldades para o download,utilize outro computador ou proxy.

<@> Vá em: < Proxify >

<@> Digite,na caixa,a URL ao DrWebCureIt.

<@> Clique em Proxify.

<@> Salve a ferramenta no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta-o em Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[Rúbia Botelho 0]

Boa Noite!!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:37:48, on 13/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\fabiana\Desktop\Virus Removal Tool\is-Q0706\is-Q0706.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\fabiana\Configurações locais\Temporary Internet Files\Content.IE5\JR1Z3TOW\HiJackThis[1].exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)

O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-Q0706.lnk = C:\Documents and Settings\fabiana\Desktop\Virus Removal Tool\is-Q0706\startup.exe

O8 - Extra context menu item: e&xportar para o microsoft excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O11 - Options group: [java_sun] Java (Sun)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{622F0F92-DE1E-4F03-B015-93357729350F}: NameServer = 200.204.0.10

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 5865 bytes

 

DrWeb

 

a2275abd.sys c:\windows\system32\drivers Trojan.Spambot.4489

5164c5fd.exe c:\windows\temp Trojan.Click.origin Incurável.Movido.

mxvfhq.exe C:\Documents and Settings\All Users\Documentos Win32.HLLW.Autohit.3438 Incurável.Movido.

CACX6T4F.htm\JavaScript.0 C:\Documents and Settings\fabiana\Configurações locais\Temporary Internet Files\Content.IE5\Q57OD8NA\CACX6T4F.htm Modificação de VBS.LoveLetter

CACX6T4F.htm C:\Documents and Settings\fabiana\Configurações locais\Temporary Internet Files\Content.IE5\Q57OD8NA A pasta contem objectos infectados Movido.

A0031459.exe C:\System Volume Information\_restore{8A611E20-47EA-4720-8E8C-F5F45080199D}\RP59 Win32.HLLW.Autohit.3438 Incurável.Movido.

a2275abd.sys C:\WINDOWS\system32\drivers Trojan.Spambot.4489

[DigRam 144]

Boa Noite! Rúbia Botelho

 

<!> O Worm file-infector,corrompeu BITS e WUAUSERV. Terão que ser reparados ou removidos.

<><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\Desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

 

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Dê o Ok e anote essas detecções!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Rúbia Botelho 0]

Boa Noite. DigRam

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:08:36, on 13/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\fabiana\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)

O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: e&xportar para o microsoft excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O11 - Options group: [java_sun] Java (Sun)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{622F0F92-DE1E-4F03-B015-93357729350F}: NameServer = 200.204.0.10

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5658 bytes

 

 

 

 

ComboFix 09-08-10.06 - fabiana 13/08/2009 22:53.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.503.220 [GMT -3:00]

Executando de: c:\documents and settings\fabiana\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\-1740601610

c:\windows\dhcp

c:\windows\Install.txt

c:\windows\system32\AutoRun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_6to4

-------\Legacy_dhcpsrv

-------\Legacy_fci

-------\Legacy_ntalme

-------\Legacy_sopidkc

-------\Service_6to4

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-14 to 2009-08-14 ))))))))))))))))))))))))))))

.

 

2009-08-13 20:09 . 2009-08-13 20:11 -------- d-----w- c:\documents and settings\fabiana\DoctorWeb

2009-08-12 20:55 . 2009-08-14 02:00 7630880 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-12 20:54 . 2008-07-08 17:54 148496 ----a-w- c:\windows\system32\drivers\27092474.sys

2009-08-12 18:37 . 2009-08-12 18:37 -------- d-----w- c:\documents and settings\fabiana\Dados de aplicativos\Malwarebytes

2009-08-12 18:37 . 2009-08-12 18:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-11 23:53 . 2009-08-14 00:27 -------- d--h--w- C:\$AVG8.VAULT$

2009-08-11 23:48 . 2009-08-11 23:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-11 23:48 . 2009-08-11 23:48 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-11 23:48 . 2009-08-11 23:48 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-11 23:48 . 2009-08-11 23:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-11 23:48 . 2009-08-13 16:53 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-11 22:26 . 2009-08-11 22:26 -------- d-----w- c:\windows\system32\LogFiles

2009-08-03 01:02 . 2009-08-10 22:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\18285464

2009-07-23 01:01 . 2009-07-30 01:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\16474844

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-14 01:58 . 2009-08-12 20:55 88388 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-14 01:48 . 2009-08-13 22:57 -------- d-----w- c:\arquivos de programas\SenLab01

2009-08-14 01:47 . 2009-05-30 04:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-08-13 23:42 . 2009-05-30 03:32 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-08-13 23:42 . 2009-06-03 03:19 -------- d-----w- c:\arquivos de programas\Windows Live

2009-08-11 01:56 . 2009-06-01 03:07 -------- d-----w- c:\documents and settings\fabiana\Dados de aplicativos\Skype

2009-08-11 01:49 . 2009-06-10 03:19 -------- d-----w- c:\arquivos de programas\Google

2009-08-03 01:06 . 2009-06-04 22:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-30 01:54 . 2009-06-05 00:05 -------- d-----w- c:\documents and settings\fabiana\Dados de aplicativos\LimeWire

2009-06-09 23:45 . 2009-05-25 21:10 81920 ----a-w- c:\windows\DUMP4601.tmp

2009-06-04 23:55 . 2009-06-04 23:56 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-04 23:55 . 2009-06-04 23:55 152576 ----a-w- c:\documents and settings\fabiana\Dados de aplicativos\Sun\Java\jre1.6.0_11\lzma.dll

2009-06-04 01:33 . 2008-04-14 12:00 68538 ----a-w- c:\windows\system32\perfc016.dat

2009-06-04 01:33 . 2008-04-14 12:00 428318 ----a-w- c:\windows\system32\perfh016.dat

2009-05-30 03:14 . 2009-05-30 03:14 15256 ----a-w- c:\documents and settings\fabiana\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2009-05-28 22:24 . 2008-04-14 12:00 14336 ----a-w- c:\windows\system32\svchost.exe

2009-05-28 01:19 . 2009-05-26 00:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-05-26 00:23 . 2009-05-26 00:23 21844 -c--a-w- c:\windows\system32\emptyregdb.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-04 136600]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-08-11 2000152]

"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-11-30 16858624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-11 23:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/8/2009 20:48 335240]

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/8/2009 20:48 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [11/8/2009 20:47 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/6/2009 00:22 55152]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08 533360]

S3 uti0mju1;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti0mju1.sys --> c:\windows\system32\Drivers\uti0mju1.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - FSSSVC

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: e&xportar para o microsoft excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {622F0F92-DE1E-4F03-B015-93357729350F} = 200.204.0.10

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-13 22:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(916)

c:\arquiv~1\MICROS~2\OFFICE11\MCPS.DLL

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\AVG\AVG8\avgtray.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE

c:\arquivos de programas\Windows Live\Toolbar\wltuser.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-14 23:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-14 02:03

 

Pré-execução: 5 pasta(s) 73.142.661.120 bytes disponíveis

Pós execução: 5 pasta(s) 73.668.194.304 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

142

[DigRam 144]

Boa Noite! Rúbia Botelho

 

<@> Feche todas as janelas abertas, e salve o que achar necessário.

<@> Entre na pasta Kaspersky AVP Tool. ( Ps: Estará na mesma pasta,onde está o arquivo de

instalação )

<@> Duplo-clique sobre o arquivo unins000.exe

<@> Clique em OK duas vezes.

<@> Seu computador será reiniciado.

<><><><><><><><><><>

<@> Baixe: < XPSP2_NetSvcs > ( ...by sUBs )

<@> Descompacte-o para o desktop!

<@> Execute o ( .reg ),com um duplo-clique.

<@> Confirme a inserção ao registro --> Reinicie!

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Files::

c:\windows\system32\Drivers\uti0mju1.sys

Driver::

"uti0mju1"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.