Jump to content
Fórum Script Brasil
  • 0

Tenho Um Killfiles No Meu Notebook


katia-boop
 Share

Question

Olá.. Há alguns dias estou com esse tróia Killfiles no notebook. Baixei e executei o HijackThis e aqui está o log. Aguardo notícias. Obrigada!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:21:50, on 26/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 6011 bytes

Link to comment
Share on other sites

11 answers to this question

Recommended Posts

  • 0

Faça o download do ComboFix

É importante que o salve no seu desktop (ambiente de trabalho)

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
  • É um pouco demorado, por favor seja paciente.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.
Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

Link to comment
Share on other sites

  • 0

Aí vai o escaneamento solicitado..

Valeu!

Kátia

Service load: 0% 100%

File: hyplay.exe_

Status: OK

MD5: ee1a816b32121e328aae9ae7f5529086

Packers detected: -

Bit9 reports: No threat detected (more info)

Scanner results

Scan taken on 29 Sep 2007 14:18:51 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Powered by

Statistics

Last file scanned at least one scanner reported something about: stub.shark (MD5: 4a98f2165e1a942be062d8493d65d8bb, size: 286720 bytes), detected by:

Scanner Malware name

A-Squared X

AntiVir X

ArcaVir Trojan.Vb.Bax

Avast Win32:VB-FED

AVG Antivirus X

BitDefender Backdoor.VB.BJP

ClamAV Trojan.Karsh-1

CPsecure BackDoor.W32.VB.bax

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Kaspersky Anti-Virus X

NOD32 probably a variant of Win32/VB.BCO

Norman Virus Control X

Panda Antivirus X

Rising Antivirus X

Sophos Antivirus Troj/Baxor-Gen

VirusBuster X

VBA32 X

Link to comment
Share on other sites

  • 0

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  • Scan Options:
Scan Archives

Scan Mail Bases

Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu Sistema.Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e poste na sua próxima resposta.Gere e cole também um novo log do HijackThis.
Link to comment
Share on other sites

  • 0

Aí vão os dois escaneamentos, Renato..

Obrigda,

K.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, September 29, 2007 6:00:02 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.1

Kaspersky Anti-Virus database last update: 29/09/2007

Kaspersky Anti-Virus database records: 425210

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

C:\

D:\

Scan Statistics:

Total number of scanned objects: 125004

Number of viruses found: 3

Number of infected objects: 40

Number of suspicious objects: 0

Duration of the scan process: 02:14:41

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\eMule\Temp03.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp04.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp05.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp09.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp12.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp38.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp50.part Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe Infected: Trojan-Downloader.Win32.Banload.aqo skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe Infected: Trojan-PSW.Win32.Delf.que skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Infected: Trojan-Downloader.Win32.Banload.aqo skipped

C:\Documents and Settings\Ka\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ka\NtUser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Lu\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lu\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lu\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Lu\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Lu\NtUser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\qoobox\Quarantine\C\136907.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\qoobox\Quarantine\C\210504.exe.vir Infected: Trojan-PSW.Win32.Delf.que skipped

C:\qoobox\Quarantine\C\979623.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004655.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004682.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004704.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004729.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004739.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004860.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004878.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004890.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004900.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004911.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004926.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005928.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005958.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005975.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP104\A0006010.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP105\A0006048.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP106\A0006072.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006104.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006114.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007116.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007136.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007158.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP108\A0007189.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007229.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007260.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007270.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008272.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008289.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008298.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008387.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008388.exe Infected: Trojan-PSW.Win32.Delf.que skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008389.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP112\change.log Object is locked skipped

C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP99\A0004613.exe Infected: Trojan-Spy.Win32.Banker.ark skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_444.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process complet!

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07:09, on 29/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-776561741-162531612-1417001333-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ka')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 6241 bytes

Link to comment
Share on other sites

  • 0

Ok...

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Abra o Bloco de Notas, copie estas linhas e salve.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe

C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão killbox.png . Depois clique em Não.

Apague a pasta Qoobox que está em C:\Qoobox

Desative e reative a Restauração do Sistema

Poste no próximo log o conteúdo do arquivo C:\!KillBox\Logs\kb.txt

Link to comment
Share on other sites

  • 0

Olá, Renato..

Após desativar e ativar a restauração do sistema, reiniciei o pc. Logo em seguida, veio aviso de um killfiles. Selecionei excluir.

Aí vai o resultado do log do pocket killbox

Katia

Pocket Killbox version

Running on Windows XP as Administrador(Administrator)

was started @ segunda-feira, outubro 01, 2007, 10:35 AM

Killbox Closed(Exit) @ 10:43:05 AM

__________________________________________________

Pocket Killbox version

Running on Windows XP as Administrador(Administrator)

was started @ segunda-feira, outubro 01, 2007, 10:43 AM

Killbox Closed(Exit) @ 10:43:39 AM

__________________________________________________

Pocket Killbox version

Running on Windows XP as Administrador(Administrator)

was started @ segunda-feira, outubro 01, 2007, 10:43 AM

# 1 [Delete on Reboot]

Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe

# 2 [Delete on Reboot]

Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe

# 3 [Delete on Reboot]

Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe

# 4 [Delete on Reboot]

Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe

# 5 [Delete on Reboot]

Path = C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe

Killbox Closed(Exit) @ 11:03:54 AM

__________________________________________________

Pocket Killbox version

Running on Windows XP as Administrador(Administrator)

was started @ segunda-feira, outubro 01, 2007, 11:23 AM

Killbox Closed(Exit) @ 11:23:44 AM

__________________________________________________

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Forum Statistics

    • Total Topics
      149.8k
    • Total Posts
      646.6k
×
×
  • Create New...