Maryrj 0 Denunciar post Postado Novembro 25, 2009 Ola, Preciso de ajuda, toda vez que ligo ou reinicio o meu pc ele da um erro de socket 11004, não sei como resolver, ja desinstalei programas, e desabilitei outros do meu iniciar e continua o erro estou enviando a leitura do hijackthis e aguardo resposta. agradeço deste já. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:57:27, on 25/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\avg.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\000003A686483632.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TPPOLL10] C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [mdktask] C:\WINDOWS\system32\mdktask.com O4 - HKLM\..\Run: [avg] C:\WINDOWS\system32\avg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [susClientId] C:\WINDOWS\system32\beholder.exe O4 - HKLM\..\Run: [contacts] C:\WINDOWS\system32\contacts.exe O4 - HKLM\..\Run: [msngrxp] C:\WINDOWS\system32\msngrxp.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [EPSON Stylus C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S461.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus C79 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S464.tmp" /EF "HKCU" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Search - ?p=ZJxdm438YYBR O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB741E-2ACC-454A-8787-F5374357FF7B}: NameServer = 192.169.68.1 200.175.5.139 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 9879 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 25, 2009 Bom dia Maryrj... Seja bem vinda ao fórum. *Baixe o Bankerfix e salve-o no desktop *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. *Duplo clique em bankerfix.exe. *Clique [OK] > [sIM] (se pedir alguma atualização) > [OK] *Tecle [ENTER] e aguarde. *Ao término tecle [ENTER] *Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 25, 2009 Bom dia Maryrj... Seja bem vinda ao fórum. *Baixe o Bankerfix'>http://www.linhadefensiva.org/dl/bankerfix"]Bankerfix e salve-o no desktop *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. *Duplo clique em bankerfix.exe. *Clique [OK] > [sIM] (se pedir alguma atualização) > [OK] *Tecle [ENTER] e aguarde. *Ao término tecle [ENTER] *Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt e novo log do hijack Ola Wings fiz o que me pediu e ta ai o resultado. Execucao concluida com exito!! Nenhum problema foi encontrado no seu computador. Isso nao significa que o seu computador esta realmente livre de Bankers, pois novos arquivos maliciosos surgem toda semana. Caso ainda tenha problemas ou duvidas, visite o Forum Linha Defensiva: http://forum.linhadefensiva.org Pressione qualquer tecla para continuar. . . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:19, on 25/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\000003A686483632.exe C:\Arquivos de programas\AVG\AVG9\avgui.exe C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TPPOLL10] C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [contacts] C:\WINDOWS\system32\contacts.exe O4 - HKLM\..\Run: [msngrxp] C:\WINDOWS\system32\msngrxp.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [EPSON Stylus C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S461.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus C79 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S464.tmp" /EF "HKCU" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Search - ?p=ZJxdm438YYBR O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB741E-2ACC-454A-8787-F5374357FF7B}: NameServer = 192.169.68.1 200.175.5.139 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 9529 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 25, 2009 Haviam entradas no registro de trojans bankers, mas foram removidas agora. Continuando... 1. *Delete o Bankerfix e a pasta C:\LinhaDefensiva 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop: *Instale o programa *Ao finalizar, se alguma atualização existir,o download será automático. Aguarde... *Terminada a atualização, o programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente. *Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt *Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 25, 2009 eu fiz esta segunda etapa, e sgue o resultado. Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 3228 Windows 5.1.2600 Service Pack 3 25/11/2009 12:20:47 mbam-log-2009-11-25 (12-20-47).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 165220 Tempo decorrido: 58 minute(s), 40 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 1 Pastas infectadas: 0 Arquivos infectados: 28 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\Arquivos de programas\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Documents and Settings\Mary\Dados de aplicativos\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011414.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011416.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011419.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011424.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011426.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011430.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011431.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011433.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011434.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011435.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011436.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011437.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011439.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011440.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011442.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011443.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011444.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011445.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011447.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011456.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011458.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011423.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B7E2EA71-82A7-4CE8-B02C-AF3CFD61D764}\RP52\A0011441.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:34, on 25/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TPPOLL10] C:\Arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [contacts] C:\WINDOWS\system32\contacts.exe O4 - HKLM\..\Run: [msngrxp] C:\WINDOWS\system32\msngrxp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [EPSON Stylus C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S461.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus C79 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S464.tmp" /EF "HKCU" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Search - ?p=ZJxdm438YYBR O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB741E-2ACC-454A-8787-F5374357FF7B}: NameServer = 192.169.68.1 200.175.5.139 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 9771 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 25, 2009 OK... 1. *Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo] *Clique na aba [Logs], selecione o relatório e clique em [Remover] 2. *Desative seus antivírus. Recomendaria que deixasse apenas um instalado. Avast Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. AVG Iniciar > Programas > AVG > AVG Control Center > Proteção Residente do AVG > Desative a opção Ativar a Proteção Residente do AVG > OK 3. *Baixe o ComboFix e salve-o no desktop *Feche o Internet Explorer e o Windows Explorer *Duplo-clique no arquivo Combofix.exe *Aceite o contrato *Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 25, 2009 Oi, ja rodei o combofix, o resultado segue abaixo, mas uma obs: eu so tenho o AVG instalado, ja tinha desinstalado o avast a uma semana e ficou uma pasta que não consigo deletar. não sei como diz que ele esta instalado. segue relatorio: ComboFix 09-11-25.01 - Mary 25/11/2009 16:40.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1534.1074 [GMT -2:00] Executando de: c:\documents and settings\Mary\Meus documentos\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mary\Dados de aplicativos\Desktopicon c:\documents and settings\Mary\Dados de aplicativos\Desktopicon\mc.ico c:\windows\system32\_000111_.tmp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))) . 2009-11-25 18:01 . 2009-11-25 18:01 -------- d-----w- c:\documents and settings\Silas\Dados de aplicativos\Malwarebytes 2009-11-25 18:00 . 2009-11-25 18:00 -------- d-----w- c:\documents and settings\Eliseu\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-25 12:31 . 2009-11-25 12:33 -------- d-----w- C:\LinhaDefensiva 2009-11-25 00:05 . 2009-11-25 00:05 -------- d-----w- c:\arquivos de programas\Ashampoo 2009-11-24 20:52 . 2009-11-24 20:52 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\IObit 2009-11-24 16:11 . 2009-11-24 16:11 63 ----a-w- c:\documents and settings\Silas\jagex_runescape_preferences2.dat 2009-11-24 16:07 . 2009-11-24 16:11 38 ----a-w- c:\documents and settings\Silas\jagex_runescape_preferences.dat 2009-11-24 16:06 . 2009-11-24 16:06 -------- d-----w- c:\windows\.jagex_cache_32 2009-11-24 16:06 . 2009-11-24 16:06 -------- d-----w- c:\windows\Sun 2009-11-24 12:42 . 2009-11-24 12:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Age of Empires 3 2009-11-23 23:48 . 2009-11-23 23:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit 2009-11-23 13:20 . 2009-11-23 13:20 -------- d-----w- c:\arquivos de programas\Trend Micro 2009-11-22 18:28 . 2009-11-22 18:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-22 18:28 . 2009-11-22 18:28 -------- d-----w- c:\arquivos de programas\Java 2009-11-22 18:27 . 2009-11-22 18:27 152576 ----a-w- c:\documents and settings\Mary\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-20 22:56 . 2009-11-25 11:18 1307648 ----a-w- c:\windows\system32\000003A686483632.exe 2009-11-20 14:33 . 2009-11-20 14:33 7424 ----a-w- c:\windows\system32\afuria.sys 2009-11-20 14:33 . 2009-11-20 14:33 3712 ----a-w- c:\windows\system32\vermelho.sys 2009-11-20 14:32 . 2009-11-20 14:32 193024 ----a-w- c:\windows\system32\avthekiller.exe 2009-11-20 14:31 . 2009-11-20 14:33 22016 ----a-w- c:\windows\system32\borlndmm.dll 2009-11-20 11:28 . 2009-11-16 16:00 3963648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll 2009-11-20 11:28 . 2009-11-16 16:00 497944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgchjwx.dll 2009-11-18 22:05 . 2000-07-15 02:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-11-18 22:05 . 2009-11-18 22:06 -------- d-----w- c:\arquivos de programas\MSN content crazy show 2009-11-16 23:28 . 2009-11-16 23:28 -------- d-sh--w- c:\documents and settings\Eliseu\PrivacIE 2009-11-16 16:01 . 2009-11-16 12:46 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys 2009-11-16 15:55 . 2009-11-16 15:55 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe 2009-11-16 15:55 . 2009-11-16 15:55 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll 2009-11-16 15:55 . 2009-11-16 12:44 610072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe 2009-11-16 12:46 . 2009-11-16 15:51 -------- d-----w- C:\$AVG 2009-11-16 12:44 . 2009-11-16 12:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9 2009-11-16 12:41 . 2009-11-16 15:51 -------- d-----w- c:\windows\SxsCaPendDel 2009-11-14 20:51 . 2009-11-14 20:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2009-11-13 13:38 . 2005-05-26 17:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-11-13 13:27 . 2009-11-13 13:27 -------- d-----w- c:\arquivos de programas\Microsoft Games 2009-11-13 13:02 . 2003-12-20 22:03 5504 ----a-w- c:\windows\system32\drivers\xmasscsi.sys 2009-11-13 13:02 . 2003-12-21 19:24 140800 ----a-w- c:\windows\system32\drivers\xmasbus.sys 2009-11-13 13:01 . 2009-11-13 13:01 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2009-11-13 11:45 . 2009-11-13 11:45 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Ashampoo 2009-11-13 09:11 . 2009-11-13 09:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-12 15:02 . 2009-11-12 15:02 -------- d-sh--w- c:\documents and settings\Silas\PrivacIE 2009-11-12 13:21 . 2009-11-12 13:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ashampoo 2009-11-12 13:20 . 2009-11-12 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\page 2009-11-12 11:23 . 2009-11-12 11:23 -------- d-----w- c:\arquivos de programas\CCleaner 2009-11-11 23:56 . 2009-11-25 18:01 -------- d-----w- c:\documents and settings\Silas\Tracing 2009-11-11 23:46 . 2009-11-07 20:00 -------- d--h--w- c:\documents and settings\Eliseu\Modelos 2009-11-11 23:46 . 2009-11-07 17:50 -------- d--h--w- c:\documents and settings\Eliseu\Ambiente de rede 2009-11-11 23:46 . 2009-11-07 17:50 -------- d--h--w- c:\documents and settings\Eliseu\Ambiente de impressão 2009-11-11 23:46 . 2009-11-07 17:50 -------- d-----r- c:\documents and settings\Eliseu\Menu Iniciar 2009-11-11 10:51 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-11-11 10:51 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-11-11 10:51 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-11-11 10:51 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-11-11 10:51 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-11-10 11:20 . 2009-11-10 11:20 -------- d-----w- c:\windows\l2schemas 2009-11-10 11:20 . 2009-11-10 11:20 -------- d-----w- c:\windows\system32\bits 2009-11-10 01:11 . 2009-11-10 01:11 -------- d-sh--w- c:\documents and settings\Mary\IECompatCache 2009-11-10 00:56 . 2009-11-10 00:56 -------- d-sh--w- c:\documents and settings\Mary\PrivacIE 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\arquivos de programas\MSBuild 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-11-10 00:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-10 00:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-10 00:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-10 00:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-10 00:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-10 00:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-10 00:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-10 00:53 . 2009-11-10 00:53 -------- d-----w- C:\0ac048d281d4c4203653b1 2009-11-10 00:47 . 2009-11-10 00:47 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-11-10 00:41 . 2009-11-10 00:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-10 00:38 . 2009-11-10 00:38 -------- d-sh--w- c:\documents and settings\Mary\IETldCache 2009-11-10 00:29 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-11-10 00:29 . 2009-11-12 00:27 -------- d-----w- c:\windows\ie8updates 2009-11-10 00:29 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-11-10 00:29 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-10 00:29 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-10 00:29 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-10 00:29 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-10 00:29 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-10 00:27 . 2009-11-10 11:20 -------- d-----w- c:\windows\system32\pt-BR 2009-11-10 00:27 . 2009-11-10 00:28 -------- dc-h--w- c:\windows\ie8 2009-11-10 00:07 . 2009-11-10 11:13 -------- d-----w- c:\windows\ServicePackFiles 2009-11-09 22:52 . 2006-04-18 06:00 102400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE 2009-11-09 22:51 . 2009-11-09 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EPSON 2009-11-09 22:51 . 2006-08-10 04:02 75264 ----a-w- c:\windows\system32\E_FLBBGL.DLL 2009-11-09 22:51 . 2006-04-19 04:00 62976 ----a-w- c:\windows\system32\E_FD4BBGL.DLL 2009-11-09 22:35 . 2009-11-09 22:35 -------- d-----w- C:\CI_C79 2009-11-09 22:08 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-09 22:08 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-09 22:08 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-09 22:07 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-09 22:07 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-09 22:07 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-09 22:07 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-09 22:07 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-09 22:05 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2009-11-09 22:05 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2009-11-09 22:05 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2009-11-09 21:32 . 2009-11-17 18:04 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Ahead 2009-11-09 21:28 . 2009-11-09 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-11-09 21:28 . 2009-11-09 21:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead 2009-11-09 21:28 . 2009-11-09 21:28 -------- d-----w- c:\arquivos de programas\Nero 2009-11-09 14:28 . 2009-11-24 12:45 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-09 14:11 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-11-09 13:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-11-09 13:53 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-11-09 13:53 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-11-09 13:53 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-11-09 13:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-11-09 13:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-11-09 13:53 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-11-09 13:53 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-11-09 13:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-11-09 13:53 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-11-09 13:53 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-11-09 13:53 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-11-09 13:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-11-09 13:37 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-11-09 13:37 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-24 20:52 . 2009-11-07 20:40 -------- d-----w- c:\arquivos de programas\IObit 2009-11-16 16:00 . 2009-11-07 20:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-16 12:46 . 2009-11-07 20:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-16 12:46 . 2009-11-07 20:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-16 12:45 . 2009-11-07 20:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-16 12:44 . 2009-11-07 20:25 -------- d-----w- c:\arquivos de programas\AVG 2009-11-10 16:54 . 1782-01-19 00:14 79370 ----a-w- c:\windows\system32\perfc016.dat 2009-11-10 16:54 . 1782-01-19 00:14 468440 ----a-w- c:\windows\system32\perfh016.dat 2009-11-09 22:06 . 2009-11-09 22:06 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-09 20:38 . 2009-11-07 20:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-08 11:27 . 2009-11-08 11:27 -------- d-----w- c:\arquivos de programas\Realtek AC97 2009-11-07 20:44 . 2009-11-07 20:42 -------- d-----w- c:\arquivos de programas\K-LiteNitro 2009-11-07 20:40 . 2009-11-07 20:39 -------- d-----w- c:\arquivos de programas\DreaMule 2009-11-07 20:38 . 2009-11-07 20:38 -------- d-----w- c:\arquivos de programas\DsNET Corp 2009-11-07 20:36 . 2009-11-07 20:36 0 ----a-w- c:\windows\nsreg.dat 2009-11-07 20:06 . 2009-11-07 20:06 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2009-11-07 20:03 . 2009-11-07 20:03 -------- d-----w- c:\arquivos de programas\Serviços on-line 2009-11-07 20:02 . 2009-11-07 20:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2009-11-07 20:01 . 2009-11-07 20:01 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-09-25 05:50 . 2009-09-25 05:50 81920 ------w- c:\windows\system32\ieencode.dll 2009-09-15 09:59 . 2009-11-09 22:06 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-11 14:19 . 2004-08-04 00:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2004-08-04 00:45 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:57 . 2004-08-04 00:45 916480 ----a-w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\arquiv~1\DAP\SBSearch.dll" [2009-11-08 38384] [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-11-08 2803200] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPPOLL10"="c:\arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE" [2006-09-17 24576] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328] "AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-11-16 2020120] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-22 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-11-11 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-16 12:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"= "c:\\Arquivos de programas\\MSN content crazy show\\CrazyMsnWinks.exe"= R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [13/11/2009 11:02 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [13/11/2009 11:02 5504] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/11/2009 20:07 114768] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/11/2009 18:25 333192] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/11/2009 18:25 360584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/11/2009 20:07 20560] R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [16/11/2009 10:44 285392] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [8/11/2009 13:14 54752] R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [23/11/2009 21:48 312592] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 DCamUSBTP10;TP6810 USB Video Camera;c:\windows\system32\drivers\TP6810.SYS [8/11/2009 09:54 241908] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-25 c:\windows\Tasks\User_Feed_Synchronization-{E0EF4419-AFAF-425B-9AC9-C611767CC27E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 06:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Search - ?p=ZJxdm438YYBR IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll TCP: {75FB741E-2ACC-454A-8787-F5374357FF7B} = 192.169.68.1 200.175.5.139 FF - ProfilePath - c:\documents and settings\Mary\Dados de aplicativos\Mozilla\Firefox\Profiles\j1cusu13.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/ FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-contacts - c:\windows\system32\contacts.exe HKLM-Run-msngrxp - c:\windows\system32\msngrxp.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-25 16:54 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89542160]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28 \Driver\ACPI -> ACPI.sys @ 0xf758bcb8 \Driver\atapi -> 0x89542160 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0 PacketIndicateHandler -> NDIS.sys @ 0xf788ca21 SendHandler -> NDIS.sys @ 0xf786a87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(648) c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\arquivos de programas\SpeedBit Video Accelerator\CommPipe.dll c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll - - - - - - - > 'explorer.exe'(3520) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\AVG\AVG9\avgchsvx.exe c:\arquivos de programas\AVG\AVG9\avgrsx.exe c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\AVG\AVG9\avgnsx.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Tempo para conclusão: 2009-11-25 17:00 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-25 19:00 Pré-execução: 10 pasta(s) 108.764.147.712 bytes disponíveis Pós execução: 13 pasta(s) 108.795.031.552 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 520E7CA492594EEAF7F6FD2FEE38EDE7 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 25, 2009 1. *Baixe e execute o programa do link para desinstalar o Avast: http://files.avast.com/files/eng/aswclear.exe 2. *Envie os arquivos abaixo para análise em http://virscan.org c:\windows\system32\000003A686483632.exec:\windows\system32\afuria.sys c:\windows\system32\vermelho.sys Cole os links contendo o resultado de cada um. Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 25, 2009 Olha, não consegui enviar somente os arquivos, enviei todo relatorio do combofix, creio que fiz errado, mais o resultado é este: Nome do Arquivo : ComboFix.txt Tamanho do Arquivo : 26158 byte Tipo do Arquivo : ISO-8859 text, with CRLF line terminators MD5 : 58ac83b23f27859b31935bb7054c2726 SHA1 : 9ac30eca3eaf4426382f944088534ef063d8f499 e o que me enviou sobre avast não consegui instalar para removelo, esta dando esta mensagem: the avast self protection module is enabled. For this reason, the operation cannot be completed. To complete the operation, either run this program from windows safe mode, or disable the avast! Self protection (via settings – troubleshooting page). Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 25, 2009 Não... você procedeu errado. Acesse o link para o scan. Clique em [Enviar arquivo] Localize o arquivo seguindo o caminho. Exemplo: Para o arquivo c:\windows\system32\000003A686483632.exe C:\, depois Windows, depois system32, clique no arquivo 000003A686483632.exe, depois clique em [Abrir] você retornará automaticamente para a página do scan e então, clique em [upload]. Basta aguardar e surgirá o resultado. Basta copiar e colar o link. O link é o endereço da página. Exemplo: o link do seu tópico é: http://forum.imasters.com.br/index.php?app=forums&module=post§ion=post&do=reply_post&f=77&t=372582 Esse procedimento será repetido para os demais arquivos: c:\windows\system32\afuria.sys e c:\windows\system32\vermelho.sys Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 26, 2009 Bom dia Wings, Desculpa ontem não ter continuado, tive um imprevisto, aqui começou a chover muito com trovoada e tive que desligar o pc para evitar problema, se pudermos prosseguir agora agradeço. Segue abaixo o que solicitou que eu fizesse: VirSCAN.org Scanned Report : Scanned time : 2009/11/26 04:27:10 (ACT) Scanner results: 32% Software(12/37) encontrou código malicioso! File Name : 000003A686483632.exe File Size : 1307648 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : db5780a405f4b90234b5cb560ab4469b SHA1 : 5704bce1671ef19501d6d903e1a2d2a015820c5b Online report : http://virscan.org/report/09d404c8da1bd3968fe3792e94426575.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091126033123 2009-11-26 4.10 Trojan-Spy.Win32.Banker.to!IK AhnLab V3 2009.11.26.01 2009.11.26 2009-11-26 0.93 - AntiVir 8.2.1.78 7.10.1.107 2009-11-26 0.48 TR/Spy.Banker.Gen Antiy 2.0.18 20091126.3315741 2009-11-26 0.12 - Arcavir 2009 200911251930 2009-11-25 0.07 - Authentium 5.1.1 200911260038 2009-11-26 1.21 W32/SysVenFak.A.gen!Eldorado (Possible) AVAST! 4.7.4 091126-0 2009-11-26 2.48 - AVG 8.5.288 270.14.83/2526 2009-11-26 2.93 - BitDefender 7.81008.4604331 7.29148 2009-11-26 4.45 Gen:Trojan.Heur.pP0brzKMfciGh CA (VET) 35.1.0 7142 2009-11-25 6.92 - ClamAV 0.95.2 10078 2009-11-26 0.17 PUA.Packed.ASPack212 Comodo 3.12 3041 2009-11-26 0.73 - CP Secure 1.3.0.5 2009.11.26 2009-11-26 0.44 - Dr.Web 4.44.0.9170 2009.11.26 2009-11-26 11.81 DLOADER.Trojan F-Prot 4.4.4.56 20091125 2009-11-25 1.20 W32/SysVenFak.A.gen!Eldorado (generic, not disinfectable) F-Secure 7.02.73807 2009.11.26.04 2009-11-26 9.80 - Fortinet 11.95- 11.95 2009-11-25 0.14 - GData 19.9009/19.586 20091126 2009-11-26 7.18 - ViRobot 20091125 2009.11.25 2009-11-25 0.46 - Ikarus T3.1.01.74 2009.11.26.74596 2009-11-26 4.14 Trojan-Spy.Win32.Banker.to JiangMin 11.0.800 2009.11.25 2009-11-25 4.28 - Kaspersky 5.5.10 2009.11.26 2009-11-26 0.90 - KingSoft 2009.2.5.15 2009.11.26.16 2009-11-26 0.57 Heur.Win32.Generic_01.l McAfee 5.3.00 5813 2009-11-25 4.65 - Microsoft 1.5302 2009.11.26 2009-11-26 7.56 TrojanSpy:Win32/Bancos.gen!A Norman 6.01.09 6.01.00 2009-11-25 6.01 - Panda 9.05.01 2009.11.25 2009-11-25 2.33 Trj/Banbra.GLQ Trend Micro 9.000-1003 6.654.01 2009-11-26 0.19 - Quick Heal 10.00 2009.11.26 2009-11-26 1.51 - Rising 20.0 22.23.03.05 2009-11-26 1.83 - Sophos 3.01.0 4.47 2009-11-26 4.74 Mal/DelpBanc-A Sunbelt 5518 5518 2009-11-18 11.29 - Symantec 1.3.0.24 20091125.004 2009-11-25 8.57 - nProtect 20091125.01 6330100 2009-11-25 6.99 - The Hacker 6.5.0.2 v00078 2009-11-25 0.89 - VBA32 3.12.12.0 20091125.2123 2009-11-25 47.33 - VirusBuster 4.5.11.10 10.113.29/2005008 2009-11-25 9.42 - VirSCAN.org Scanned Report : Scanned time : 2009/11/26 04:35:11 (ACT) Scanner results: 5% Software(2/37) encontrou código malicioso! File Name : afuria.sys File Size : 7424 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 16500dfde5043c370c959a505dea3dd7 SHA1 : 12c8416def0a59aa951e1a41e3a7894e7019ce2c Online report : http://virscan.org/report/31bf1cb0ff30bbb12cd002043b68bf16.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091126033123 2009-11-26 4.59 - AhnLab V3 2009.11.26.01 2009.11.26 2009-11-26 1.14 - AntiVir 8.2.1.78 7.10.1.107 2009-11-26 0.16 - Antiy 2.0.18 20091126.3315741 2009-11-26 0.12 - Arcavir 2009 200911251930 2009-11-25 0.03 - Authentium 5.1.1 200911260038 2009-11-26 1.29 - AVAST! 4.7.4 091126-0 2009-11-26 0.00 - AVG 8.5.288 270.14.83/2526 2009-11-26 0.33 - BitDefender 7.81008.4604331 7.29148 2009-11-26 3.96 - CA (VET) 35.1.0 7142 2009-11-25 7.50 - ClamAV 0.95.2 10078 2009-11-26 0.01 - Comodo 3.12 3041 2009-11-26 0.71 UnclassifiedMalware CP Secure 1.3.0.5 2009.11.26 2009-11-26 0.03 - Dr.Web 4.44.0.9170 2009.11.26 2009-11-26 7.15 - F-Prot 4.4.4.56 20091125 2009-11-25 1.26 - F-Secure 7.02.73807 2009.11.26.04 2009-11-26 0.11 - Fortinet 11.95- 11.95 2009-11-25 0.15 - GData 19.9009/19.586 20091126 2009-11-26 8.65 - ViRobot 20091125 2009.11.25 2009-11-25 0.71 - Ikarus T3.1.01.74 2009.11.26.74597 2009-11-26 4.14 - JiangMin 11.0.800 2009.11.25 2009-11-25 5.33 - Kaspersky 5.5.10 2009.11.26 2009-11-26 0.07 - KingSoft 2009.2.5.15 2009.11.26.16 2009-11-26 0.57 - McAfee 5.3.00 5813 2009-11-25 3.46 - Microsoft 1.5302 2009.11.26 2009-11-26 6.38 - Norman 6.01.09 6.01.00 2009-11-25 4.01 - Panda 9.05.01 2009.11.25 2009-11-25 8.85 Rootkit/Banbra.GLQ Trend Micro 9.000-1003 6.654.01 2009-11-26 0.03 - Quick Heal 10.00 2009.11.26 2009-11-26 2.80 - Rising 20.0 22.23.03.05 2009-11-26 1.80 - Sophos 3.01.0 4.47 2009-11-26 3.05 - Sunbelt 5518 5518 2009-11-18 2.29 - Symantec 1.3.0.24 20091125.004 2009-11-25 0.25 - nProtect 20091125.01 6330100 2009-11-25 5.62 - The Hacker 6.5.0.2 v00078 2009-11-25 1.62 - VBA32 3.12.12.0 20091125.2123 2009-11-25 2.22 - VirusBuster 4.5.11.10 10.113.29/2005008 2009-11-25 2.42 - VirSCAN.org Scanned Report : Scanned time : 2009/11/26 04:41:51 (ACT) Scanner results: 3% Software(1/37) encontrou código malicioso! File Name : vermelho.sys File Size : 3712 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 20ffdb0584d676b5018fef13c37a3074 SHA1 : 07b44b8faad988465ee48b0e09b0198490d4bbf7 Online report : http://virscan.org/report/add6913b3ec0d25b604ef5780dd93bdc.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091126033123 2009-11-26 4.00 - AhnLab V3 2009.11.26.01 2009.11.26 2009-11-26 1.03 - AntiVir 8.2.1.78 7.10.1.107 2009-11-26 0.47 - Antiy 2.0.18 20091126.3315741 2009-11-26 0.12 - Arcavir 2009 200911251930 2009-11-25 0.02 - Authentium 5.1.1 200911260930 2009-11-26 1.21 - AVAST! 4.7.4 091126-0 2009-11-26 0.00 - AVG 8.5.288 270.14.83/2526 2009-11-26 0.31 - BitDefender 7.81008.4604331 7.29148 2009-11-26 3.95 - CA (VET) 35.1.0 7142 2009-11-25 9.49 - ClamAV 0.95.2 10078 2009-11-26 0.01 - Comodo 3.12 3041 2009-11-26 0.73 - CP Secure 1.3.0.5 2009.11.26 2009-11-26 0.03 - Dr.Web 4.44.0.9170 2009.11.26 2009-11-26 7.17 - F-Prot 4.4.4.56 20091125 2009-11-25 1.22 - F-Secure 7.02.73807 2009.11.26.04 2009-11-26 0.09 - Fortinet 11.96- 11.96 2009-11-26 0.14 - GData 19.9009/19.586 20091126 2009-11-26 5.93 - ViRobot 20091125 2009.11.25 2009-11-25 0.41 - Ikarus T3.1.01.74 2009.11.26.74597 2009-11-26 4.10 - JiangMin 11.0.800 2009.11.25 2009-11-25 5.98 - Kaspersky 5.5.10 2009.11.26 2009-11-26 0.07 - KingSoft 2009.2.5.15 2009.11.26.16 2009-11-26 0.52 - McAfee 5.3.00 5813 2009-11-25 3.44 - Microsoft 1.5302 2009.11.26 2009-11-26 6.24 - Norman 6.01.09 6.01.00 2009-11-25 4.01 - Panda 9.05.01 2009.11.25 2009-11-25 1.95 Rootkit/Banbra.GLQ Trend Micro 9.000-1003 6.654.01 2009-11-26 0.03 - Quick Heal 10.00 2009.11.26 2009-11-26 1.23 - Rising 20.0 22.23.03.05 2009-11-26 0.96 - Sophos 3.01.0 4.47 2009-11-26 3.03 - Sunbelt 5518 5518 2009-11-18 1.89 - Symantec 1.3.0.24 20091125.004 2009-11-25 0.18 - nProtect 20091125.01 6330100 2009-11-25 3.59 - The Hacker 6.5.0.2 v00078 2009-11-25 0.78 - VBA32 3.12.12.0 20091125.2123 2009-11-25 2.61 - VirusBuster 4.5.11.10 10.113.29/2005008 2009-11-25 2.37 - Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 26, 2009 1. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\windows\system32\000003A686483632.exe c:\windows\system32\avthekiller.exe *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N. *Cole o relatório criado em C:\combofix.txt 2. *Baixe o MBR.exe e salve-o em C:\ *Clique em Iniciar > Executar > digite: c:\mbr.exe -f *Clique OK. Caso seja perguntado, permita o programa ser executado. *Cole o relatório criado em C:\MBR.Log Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 26, 2009 Ola, que bom que respondeu, achei que hoje eu não teria uma resposta sua, e hoje vou dedicar todo meu tempo a resolver tudo do meu PC, e aproveito para lhe dizer que a mensagem erro 11004 ja não aparece para mim, mais estou gostando de fazer toda esta verificação no computador. OBRIGADA. Estou com duvida: devo copiar o arquivo para o bloco de notas de sua resposta, ou localiza-lo na pasta system 32??? pergunto isso pois ja tentei copiar direto da pasta system32 e não consigo, como devo fazer? pois estou com ela aberta. 1. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\windows\system32\000003A686483632.exe c:\windows\system32\avthekiller.exe *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N. *Cole o relatório criado em C:\combofix.txt 2. *Baixe o MBR.exe'>http://www2.gmer.net/mbr/mbr.exe"]MBR.exe e salve-o em C:\ *Clique em Iniciar > Executar > digite: c:\mbr.exe -f *Clique OK. Caso seja perguntado, permita o programa ser executado. *Cole o relatório criado em C:\MBR.Log Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 26, 2009 Boa tarde Maryrj Leia com atenção... 1) Abra o bloco de notas 2) Selecione, copie (Ctrl+c) e cole (Ctrl+v) o conteúdo abaixo no bloco de notas File::c:\windows\system32\000003A686483632.exe c:\windows\system32\avthekiller.exe 3) Salve o arquivo no desktop como CFScript.txt 4) Arraste o arquivo para o Combofix conforme ilustração abaixo: Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N. 5) Aguarde o término do procedimento e cole o relatório criado em C:\combofix.txt 6) Depois execute o segundo programa (MBR.exe) conforme as orientações. Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 26, 2009 Ja consegui o relatorio dos arquivos, mas não consigo abrir o mbr, clico em executar, dou OK abre rapidamente uma janela preta e fecha. O que estou fazendo de errado???? Ola, que bom que respondeu, achei que hoje eu não teria uma resposta sua, e hoje vou dedicar todo meu tempo a resolver tudo do meu PC, e aproveito para lhe dizer que a mensagem erro 11004 ja não aparece para mim, mais estou gostando de fazer toda esta verificação no computador. OBRIGADA. Estou com duvida: devo copiar o arquivo para o bloco de notas de sua resposta, ou localiza-lo na pasta system 32??? pergunto isso pois ja tentei copiar direto da pasta system32 e não consigo, como devo fazer? pois estou com ela aberta. 1. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\windows\system32\000003A686483632.exe c:\windows\system32\avthekiller.exe *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N. *Cole o relatório criado em C:\combofix.txt 2. *Baixe o MBR.exe'>http://www2.gmer.net/mbr/mbr.exe"]MBR.exe e salve-o em C:\ *Clique em Iniciar > Executar > digite: c:\mbr.exe -f *Clique OK. Caso seja perguntado, permita o programa ser executado. *Cole o relatório criado em C:\MBR.Log Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 26, 2009 Cole os relatórios aqui no fórum que eu solicitei. Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 26, 2009 Não consegui relatorio do MBR, o relatorio a seguir é do combofix. ComboFix 09-11-25.01 - Mary 26/11/2009 16:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1534.1073 [GMT -2:00] Executando de: c:\documents and settings\Mary\Meus documentos\Downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\All Users\Desktop\CFScript.txt.txt AV: avast! antivirus 4.8.1356 [VPS 091120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\000003A686483632.exe" "c:\windows\system32\avthekiller.exe" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\000003A686483632.exe c:\windows\system32\avthekiller.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))) . 2009-11-26 18:03 . 2009-11-26 18:02 77312 ----a-w- C:\mbr.exe 2009-11-25 18:01 . 2009-11-25 18:01 -------- d-----w- c:\documents and settings\Silas\Dados de aplicativos\Malwarebytes 2009-11-25 18:00 . 2009-11-25 18:00 -------- d-----w- c:\documents and settings\Eliseu\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-25 13:11 . 2009-11-25 13:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-25 13:11 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-25 12:31 . 2009-11-25 12:33 -------- d-----w- C:\LinhaDefensiva 2009-11-25 00:05 . 2009-11-25 00:05 -------- d-----w- c:\arquivos de programas\Ashampoo 2009-11-24 20:52 . 2009-11-24 20:52 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\IObit 2009-11-24 16:11 . 2009-11-24 16:11 63 ----a-w- c:\documents and settings\Silas\jagex_runescape_preferences2.dat 2009-11-24 16:07 . 2009-11-24 16:11 38 ----a-w- c:\documents and settings\Silas\jagex_runescape_preferences.dat 2009-11-24 16:06 . 2009-11-24 16:06 -------- d-----w- c:\windows\.jagex_cache_32 2009-11-24 16:06 . 2009-11-24 16:06 -------- d-----w- c:\windows\Sun 2009-11-24 12:42 . 2009-11-24 12:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Age of Empires 3 2009-11-23 23:48 . 2009-11-23 23:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit 2009-11-23 13:20 . 2009-11-23 13:20 -------- d-----w- c:\arquivos de programas\Trend Micro 2009-11-22 18:28 . 2009-11-22 18:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-22 18:28 . 2009-11-22 18:28 -------- d-----w- c:\arquivos de programas\Java 2009-11-22 18:27 . 2009-11-22 18:27 152576 ----a-w- c:\documents and settings\Mary\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-20 14:33 . 2009-11-20 14:33 7424 ----a-w- c:\windows\system32\afuria.sys 2009-11-20 14:33 . 2009-11-20 14:33 3712 ----a-w- c:\windows\system32\vermelho.sys 2009-11-20 14:31 . 2009-11-20 14:33 22016 ----a-w- c:\windows\system32\borlndmm.dll 2009-11-20 11:28 . 2009-11-16 16:00 3963648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll 2009-11-20 11:28 . 2009-11-16 16:00 497944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgchjwx.dll 2009-11-18 22:05 . 2000-07-15 02:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-11-18 22:05 . 2009-11-18 22:06 -------- d-----w- c:\arquivos de programas\MSN content crazy show 2009-11-16 23:28 . 2009-11-16 23:28 -------- d-sh--w- c:\documents and settings\Eliseu\PrivacIE 2009-11-16 16:01 . 2009-11-16 12:46 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys 2009-11-16 15:55 . 2009-11-16 15:55 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe 2009-11-16 15:55 . 2009-11-16 15:55 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll 2009-11-16 15:55 . 2009-11-16 12:44 610072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe 2009-11-16 12:46 . 2009-11-16 15:51 -------- d-----w- C:\$AVG 2009-11-16 12:44 . 2009-11-16 12:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9 2009-11-16 12:41 . 2009-11-16 15:51 -------- d-----w- c:\windows\SxsCaPendDel 2009-11-14 20:51 . 2009-11-14 20:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2009-11-13 13:38 . 2005-05-26 17:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-11-13 13:27 . 2009-11-13 13:27 -------- d-----w- c:\arquivos de programas\Microsoft Games 2009-11-13 13:02 . 2003-12-20 22:03 5504 ----a-w- c:\windows\system32\drivers\xmasscsi.sys 2009-11-13 13:02 . 2003-12-21 19:24 140800 ----a-w- c:\windows\system32\drivers\xmasbus.sys 2009-11-13 13:01 . 2009-11-13 13:01 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2009-11-13 11:45 . 2009-11-13 11:45 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Ashampoo 2009-11-13 09:11 . 2009-11-13 09:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-12 15:02 . 2009-11-12 15:02 -------- d-sh--w- c:\documents and settings\Silas\PrivacIE 2009-11-12 13:21 . 2009-11-12 13:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ashampoo 2009-11-12 13:20 . 2009-11-12 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\page 2009-11-12 11:23 . 2009-11-12 11:23 -------- d-----w- c:\arquivos de programas\CCleaner 2009-11-11 23:56 . 2009-11-26 08:33 -------- d-----w- c:\documents and settings\Silas\Tracing 2009-11-11 23:46 . 2009-11-07 20:00 -------- d--h--w- c:\documents and settings\Eliseu\Modelos 2009-11-11 23:46 . 2009-11-07 17:50 -------- d--h--w- c:\documents and settings\Eliseu\Ambiente de rede 2009-11-11 23:46 . 2009-11-07 17:50 -------- d--h--w- c:\documents and settings\Eliseu\Ambiente de impressão 2009-11-11 23:46 . 2009-11-07 17:50 -------- d-----r- c:\documents and settings\Eliseu\Menu Iniciar 2009-11-11 10:51 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-11-11 10:51 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-11-11 10:51 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-11-11 10:51 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-11-11 10:51 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-11-10 11:20 . 2009-11-10 11:20 -------- d-----w- c:\windows\l2schemas 2009-11-10 11:20 . 2009-11-10 11:20 -------- d-----w- c:\windows\system32\bits 2009-11-10 01:11 . 2009-11-10 01:11 -------- d-sh--w- c:\documents and settings\Mary\IECompatCache 2009-11-10 00:56 . 2009-11-10 00:56 -------- d-sh--w- c:\documents and settings\Mary\PrivacIE 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\arquivos de programas\MSBuild 2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-11-10 00:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-10 00:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-10 00:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-10 00:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-10 00:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-10 00:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-10 00:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-10 00:53 . 2009-11-10 00:53 -------- d-----w- C:\0ac048d281d4c4203653b1 2009-11-10 00:47 . 2009-11-10 00:47 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-11-10 00:41 . 2009-11-10 00:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-10 00:38 . 2009-11-10 00:38 -------- d-sh--w- c:\documents and settings\Mary\IETldCache 2009-11-10 00:29 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-11-10 00:29 . 2009-11-12 00:27 -------- d-----w- c:\windows\ie8updates 2009-11-10 00:29 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-11-10 00:29 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-10 00:29 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-10 00:29 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-10 00:29 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-10 00:29 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-10 00:27 . 2009-11-10 11:20 -------- d-----w- c:\windows\system32\pt-BR 2009-11-10 00:27 . 2009-11-10 00:28 -------- dc-h--w- c:\windows\ie8 2009-11-10 00:07 . 2009-11-10 11:13 -------- d-----w- c:\windows\ServicePackFiles 2009-11-09 22:52 . 2006-04-18 06:00 102400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE 2009-11-09 22:51 . 2009-11-09 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EPSON 2009-11-09 22:51 . 2006-08-10 04:02 75264 ----a-w- c:\windows\system32\E_FLBBGL.DLL 2009-11-09 22:51 . 2006-04-19 04:00 62976 ----a-w- c:\windows\system32\E_FD4BBGL.DLL 2009-11-09 22:35 . 2009-11-09 22:35 -------- d-----w- C:\CI_C79 2009-11-09 22:08 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-09 22:08 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-09 22:08 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-09 22:07 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-09 22:07 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-09 22:07 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-09 22:07 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-09 22:07 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-09 22:05 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2009-11-09 22:05 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2009-11-09 22:05 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2009-11-09 21:32 . 2009-11-17 18:04 -------- d-----w- c:\documents and settings\Mary\Dados de aplicativos\Ahead 2009-11-09 21:28 . 2009-11-09 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-11-09 21:28 . 2009-11-09 21:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead 2009-11-09 21:28 . 2009-11-09 21:28 -------- d-----w- c:\arquivos de programas\Nero 2009-11-09 14:28 . 2009-11-24 12:45 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-09 14:11 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-11-09 13:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-11-09 13:53 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-11-09 13:53 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-11-09 13:53 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-11-09 13:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-11-09 13:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-11-09 13:53 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-11-09 13:53 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-11-09 13:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-11-09 13:53 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-11-09 13:53 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-11-09 13:53 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-11-09 13:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-11-09 13:37 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-11-09 13:37 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2009-11-09 13:33 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-24 20:52 . 2009-11-07 20:40 -------- d-----w- c:\arquivos de programas\IObit 2009-11-16 16:00 . 2009-11-07 20:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-16 12:46 . 2009-11-07 20:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-16 12:46 . 2009-11-07 20:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-16 12:45 . 2009-11-07 20:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-16 12:44 . 2009-11-07 20:25 -------- d-----w- c:\arquivos de programas\AVG 2009-11-10 16:54 . 1782-01-19 00:14 79370 ----a-w- c:\windows\system32\perfc016.dat 2009-11-10 16:54 . 1782-01-19 00:14 468440 ----a-w- c:\windows\system32\perfh016.dat 2009-11-09 22:06 . 2009-11-09 22:06 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-09 20:38 . 2009-11-07 20:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-08 11:27 . 2009-11-08 11:27 -------- d-----w- c:\arquivos de programas\Realtek AC97 2009-11-07 20:44 . 2009-11-07 20:42 -------- d-----w- c:\arquivos de programas\K-LiteNitro 2009-11-07 20:40 . 2009-11-07 20:39 -------- d-----w- c:\arquivos de programas\DreaMule 2009-11-07 20:38 . 2009-11-07 20:38 -------- d-----w- c:\arquivos de programas\DsNET Corp 2009-11-07 20:36 . 2009-11-07 20:36 0 ----a-w- c:\windows\nsreg.dat 2009-11-07 20:06 . 2009-11-07 20:06 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2009-11-07 20:03 . 2009-11-07 20:03 -------- d-----w- c:\arquivos de programas\Serviços on-line 2009-11-07 20:02 . 2009-11-07 20:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2009-11-07 20:01 . 2009-11-07 20:01 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-09-25 05:50 . 2009-09-25 05:50 81920 ------w- c:\windows\system32\ieencode.dll 2009-09-15 09:59 . 2009-11-09 22:06 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-11 14:19 . 2004-08-04 00:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2004-08-04 00:45 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:57 . 2004-08-04 00:45 916480 ------w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-25_18.54.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-26 17:36 . 2009-11-26 17:36 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\arquiv~1\DAP\SBSearch.dll" [2009-11-08 38384] [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}] [HKEY_CLASSES_ROOT\SearchHook.SrchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-11-08 2803200] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPPOLL10"="c:\arquivos de programas\TOPRO\TP6810\TPPOLL10.EXE" [2006-09-17 24576] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328] "AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-11-16 2020120] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-22 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "IObit Security 360"="c:\arquivos de programas\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-11-11 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-16 12:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"= "c:\\Arquivos de programas\\MSN content crazy show\\CrazyMsnWinks.exe"= R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [13/11/2009 11:02 5504] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/11/2009 20:07 114768] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/11/2009 18:25 333192] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/11/2009 18:25 360584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/11/2009 20:07 20560] R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [16/11/2009 10:44 285392] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [8/11/2009 13:14 54752] R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [23/11/2009 21:48 312592] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 DCamUSBTP10;TP6810 USB Video Camera;c:\windows\system32\drivers\TP6810.SYS [8/11/2009 09:54 241908] S0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [13/11/2009 11:02 140800] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-26 c:\windows\Tasks\User_Feed_Synchronization-{E0EF4419-AFAF-425B-9AC9-C611767CC27E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 06:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Search - ?p=ZJxdm438YYBR IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll TCP: {75FB741E-2ACC-454A-8787-F5374357FF7B} = 192.169.68.1 200.175.5.139 FF - ProfilePath - c:\documents and settings\Mary\Dados de aplicativos\Mozilla\Firefox\Profiles\j1cusu13.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/ FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-26 16:30 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(616) c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\arquivos de programas\SpeedBit Video Accelerator\CommPipe.dll c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll . Tempo para conclusão: 2009-11-26 16:33 ComboFix-quarantined-files.txt 2009-11-26 18:33 ComboFix2.txt 2009-11-26 17:54 ComboFix3.txt 2009-11-25 19:00 Pré-execução: 11 pasta(s) 109.539.299.328 bytes disponíveis Pós execução: 13 pasta(s) 109.531.291.648 bytes disponíveis - - End Of File - - FF951D32FC8254B6DA6C65BFDCB9FCF8 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 26, 2009 OK...o log está limpo. 1. *Clique em [iniciar] > [Executar] > digite: combofix /uninstall *Clique [OK] *Clique em [Executar] *Surgirá a mensagem: "ComboFix está desinstalado" *Clique [OK] *Delete a pasta C:\Combofix e o arquivo C:\combofix.txt, se ainda existirem. 2. *Delete o programa C:\mbr.exe 3. *Faça o download e instale o CCleaner *Na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos" *Abra o programa e clique em [Executar Limpeza] *Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Maryrj 0 Denunciar post Postado Novembro 27, 2009 Obrigada por toda ajuda, fiz o que me pediu e o ccleaner eu ja tinha no meu computador. Então obrigada mesmo pela solução de meu problema. abraços. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 27, 2009 CASO RESOLVIDO. Caso o autor necessite o tópico poderá ser reaberto através de contato com um dos membros da moderação. Compartilhar este post Link para o post Compartilhar em outros sites
