[Resolvido!] socket error #11004 maquina lenta

lynna · Setembro 9, 2009

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2761

Windows 5.1.2600 Service Pack 2

8/9/2009 21:33:58 Juh

mbam-log-2009-09-08 (21-33-58).txt

Tipo de Verificação: Rápida

Objetos verificados: 93396

Tempo decorrido: 15 minute(s), 9 second(s)

Processos da Memória infectados: 2

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 22

Valores do Registro infectados: 3

Ítens do Registro infectados: 0

Pastas infectadas: 7

Arquivos infectados: 17

Processos da Memória infectados:

C:\Arquivos de programas\Gbp\ModOrk.exe (Malware.Packer) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\modork (Malware.Packer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\modork (Malware.Packer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Arquivos de programas\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ADSTechnology (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Arquivos de programas\Gbp\ModOrk.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\tem10.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\temC.tmp.exe (Adware.Mirar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\temD.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\temF.tmp.exe (Adware.Mirar) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ADSTechnology\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\gos16.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-09-08 - 20:55

-------------------------------------------------------

Lista de Definição: 2009-07-24-2 | CORE: 2009-07-24-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\system32\simdataconf.dll

Arquivo infectado removido com sucesso!

----- Fim -------------------------

Me ajude a concluir se necessario. Desde ja grata!

Silas Martins · Setembro 9, 2009

Olá Lynna,

Veja que não leu a regra02'>http://forum.imasters.com.br/index.php?showtopic=165906"]regra02 por favor leia e poste conforme é pedido na regra.

Atenciosamente

Silas Martins

Equipe Moderação

lynna · Setembro 10, 2009

grata, se segue este log abaixo

------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:11:Juh, on 9/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [grim atom] C:\DOCUME~1\ADMINI~1\DADOSD~1\SECOND~1\Hopetypedraw.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3CD60846-44C9-4FC2-BF3C-17BF170C48DC}: NameServer = 10.1.22.3

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: service (svService) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)

--

End of file - 8464 bytes

Silas Martins · Setembro 10, 2009

Olá Lynna,

Peço que não execute nenhuma ferramenta sem minha indicação, caso isto ocorra me guardo no direito de arquivar o caso.

Siga as instruções abaixo

Abra o bloco de notas, copie e cole tudo que esta nessa caixa abaixo para o bloco:

@echo offsc stop "Service"sc delete "Service"

Salve como nome Fixservice.bat altere o tipo de arquivo para todos os arquivos;

Feito isso execute o arquivo salvo, aguarde alguns instantes...e em seguida reinicie o computador.

2º Passo

Faça o download do '>http://swandog46.geekstogo.com/avenger2/download.php"] Avenger2 by Swandog46 para o seu Desktop.

Clique direito do mouse em Avenger.zip e escolha "Extrair tudo...", para que a pasta da ferramenta avenger seja extraida para o seu desktop

Copie (control + c) agora todo o texto que está dentro do "Quote":

Begin copying here:

Files to delete:

C:\DOCUME~1\ADMINI~1\DADOSD~1\SECOND~1\Hopetypedraw.exe

Nota:O script acima foi elaborado especifícamente para esta infeção ecomputador. Utilizá-lo em outro computador, poderá originar gravesproblemas.

Rode agora o Avenger, clicando no ícone que está no desktop.

Clique direito do mouse na janela debaixo de Input script here:, e escolha colar ou (control + v).
Clique em Execute
Escolha "Yes" duas vezes, quando questionado.

O Avenger, automaticamente irá fazer o seguinte:
- Reiníciará o seu computador. (Nos casos em que existam "Drivers to delete", reiniciará duas vezes.)
- Durante o reinício, rapidamente abre uma janela preta (command window) no desktop, isso é normal.
- Após o reinicio, será gerado um log que abrirá com os resultados das ações efectuadas pelo Avenger. Este log pode ser encontrado em: C:\avenger.txt
- O Avenger também gera um backup (segurança) de todos os arquivos, etc., que eliminámos e zipa esse backup e o move para C:\avenger\backup.zip.

# Inicie o computador em modo de segurança

# Execute a ferramenta HiJackThis;

# Selecione o(s) item(s) abaixo indicado(s):

O4 - HKCU\..\Run: [grim atom] C:\DOCUME~1\ADMINI~1\DADOSD~1\SECOND~1\Hopetypedraw.exe

# Clique no botão "Fix checked";

3º Passo

Faça download do '>http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/"]Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

Instale o programa normalmente, seguindo todas as instruções.
Uma pasta chamada Virus Removal Tool será criada no desktop.
Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
Seja paciente, o scan pode demorar
Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
Após completar tudo, clique no botão Reports... e clique em Save to file.
Dê um nome para o arquivo e salve numa pasta de sua preferência.
Feche o resultado clicando no X da janela.
Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Na próxima resposta poste os logs gerados. junto com um novo log do Hijatckthis

Aguardo retorno

lynna · Setembro 10, 2009

ola, Silas desculpe mais onde se enconta o seguinte botão "Fix checked";

pois nao o vi no HiJackThis

grata!

Silas Martins · Setembro 10, 2009

Veja a imagem de exemplo abaixo:

lynna · Setembro 10, 2009

ok obrigada

se segue o log do Hijatckthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:11:Juh, on 10/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe