Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Cursos Online iMasters
Foto:

[Resolvido!]IE abrindo janelas sozinho

  • Por favor, faça o login para responder
10 respostas neste tópico

#1 Buga

Buga
  • Membros
  • 6 posts

Postado 20 setembro 2008 - 10:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27 Fabiano, on 20/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Spyware Doctor\pctsTray.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: 85.17.237.8 www.filewarez.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ISTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [dljj_df] C:\WINDOWS\system\llzjy080813.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205289319906
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa...GbPluginCef.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/MYSQL/bin/mysqld-opt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9677 bytes
  • 0

#2 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.360 posts

Postado 21 setembro 2008 - 05:41

Bom Dia! Buga

<@> Baixe: < ComboFix.exe >
<@> Salve-o no Desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no desktop,renomeada como: Kombo.exe
Ps: Nomeie durante o salvamento,e não após salvá-la!
Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!
<@> Digite a opção para continuar! >> Enter
<@> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado!
<@> Para parar ou sair do ComboFix,tecle "N".
----------------------
<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

Abraços!
  • 0

#3 Buga

Buga
  • Membros
  • 6 posts

Postado 21 setembro 2008 - 09:21

Bom dia!
DigRam,

Obrigado pelo suporte!
Fiz o que pediu, NAO tive notificação do Win32.
Qdo rodei o ComboFix deu algum erro e o pc deu aquela tela azul de erro do windows e deu boot, tentei novamente no modo de segurança e deu certo.
[]´s
Segue o log.

ComboFix 08-09-20.05 - Fabiano 2008-09-21 8:58:42.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.753 [GMT -3:00]
Executando de: C:\Documents and Settings\Fabiano\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\All Users\lljydf16.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\SkypeComm.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))
.

2008-09-21 09:07 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\WPDNSE
2008-09-21 09:07 . 2008-09-21 09:07 53,248 --a------ C:\TEMP\catchme.dll
2008-09-20 16:27 . 2008-09-20 16:27 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\Nokia Multimedia Player
2008-09-20 16:26 . 2008-09-20 16:26 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\NSeries
2008-09-20 13:21 . 2008-09-20 13:26 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\JustVoip
2008-09-20 13:19 . 2008-09-20 13:19 <DIR> d-------- C:\Arquivos de programas\JustVoip.com
2008-09-20 10:24 . 2008-09-20 19:08 <DIR> d-------- C:\Hijack
2008-09-20 10:01 . 2008-09-20 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools
2008-09-20 10:01 . 2008-09-20 09:59 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-09-20 09:50 . 2008-09-20 09:51 <DIR> d-------- C:\TEMP\plugtmp-30
2008-09-20 09:43 . 2008-09-20 10:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools
2008-09-20 09:24 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\is-9UDPH.tmp
2008-09-20 09:24 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\is-7JA8V.tmp
2008-09-20 09:24 . 2008-09-20 09:24 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\PC Tools
2008-09-20 09:24 . 2008-09-21 08:56 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-09-20 09:24 . 2008-09-21 08:56 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor
2008-09-20 09:24 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-20 09:24 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-20 09:24 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-20 09:24 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-20 08:44 . 2008-04-13 15:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-20 08:44 . 2008-04-13 15:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-20 08:44 . 2008-09-20 08:44 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-20 08:32 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-20 08:32 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-09-20 08:32 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-09-20 08:32 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-09-20 08:32 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-09-20 08:32 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-09-20 08:32 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-09-20 08:31 . 2008-09-20 08:31 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0
2008-09-20 08:29 . 2008-09-20 08:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia
2008-09-20 08:28 . 2008-09-20 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations
2008-09-20 08:16 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\NSU_dd8a433c6461481212dbe0
2008-09-20 08:13 . 2008-09-20 08:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia
2008-09-20 08:01 . 2008-09-20 08:14 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\Nokia
2008-09-20 08:01 . 2008-09-20 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
2008-09-20 08:00 . 2008-09-20 08:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-20 08:00 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\_is34
2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\PC Suite
2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Arquivos de programas\PC Connectivity Solution
2008-09-20 07:51 . 2008-09-20 08:32 <DIR> d-------- C:\Arquivos de programas\Nokia
2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite
2008-09-20 07:51 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-20 07:49 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\Nokia NSeries Update Manager
2008-09-19 20:05 . 2008-09-19 20:05 118,784 --a------ C:\WINDOWS\system32\sprint.dll
2008-09-18 23:30 . 2008-09-18 23:30 <DIR> d-------- C:\TEMP\plugtmp-29
2008-09-14 20:47 . 2008-09-14 20:47 8,382 --a------ C:\WINDOWS\system32\mstmpxmlfun.xml
2008-09-07 07:58 . 2008-09-07 07:58 <DIR> d-------- C:\TEMP\GUM86.tmp
2008-09-04 20:18 . 2008-09-04 20:18 <DIR> d-------- C:\WINDOWS\SUYIN NB Cam
2008-09-04 20:18 . 2008-09-04 20:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\snp2std
2008-09-04 20:18 . 2006-04-07 10:33 147,456 --a------ C:\WINDOWS\rsnp2std.dll
2008-09-04 20:17 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\isp59.tmp
2008-09-04 20:09 . 2006-08-11 17:52 11,985,920 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-09-04 20:09 . 2006-08-09 16:18 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-09-04 20:09 . 2006-05-04 11:14 61,440 --a------ C:\WINDOWS\vsnp2std.dll
2008-09-04 20:09 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-09-04 20:09 . 2006-04-27 20:43 24,832 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-09-04 20:09 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-09-04 20:09 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-09-04 19:54 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\isp48.tmp
2008-09-04 19:54 . 2008-09-04 19:54 <DIR> d-------- C:\TEMP\bye4B.tmp
2008-09-04 19:54 . 2008-09-04 19:54 <DIR> d-------- C:\TEMP\bye45.tmp
2008-09-03 19:35 . 2008-09-03 19:35 <DIR> d-------- C:\TEMP\plugtmp-28

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 11:37 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\AVG7
2008-09-21 09:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\Skype
2008-09-20 15:42 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\skypePM
2008-09-20 10:51 --------- d-----w C:\Arquivos de programas\DIFX
2008-09-13 21:55 --------- d-----w C:\Arquivos de programas\FlashGet
2008-09-04 23:18 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-08-03 19:35 --------- d-----w C:\Arquivos de programas\RadarSync
2008-08-02 18:36 --------- d-----w C:\Arquivos de programas\Tracksource
2008-08-02 17:30 --------- d-----w C:\Arquivos de programas\CloneDVD
2008-08-02 12:15 --------- d-----w C:\Arquivos de programas\Ant Movie Catalog
2008-07-26 15:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype
2008-07-26 15:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype
2008-07-26 15:02 --------- d-----r C:\Arquivos de programas\Skype
2007-09-30 15:10 24,192 -c--a-w C:\Documents and Settings\Fabiano\usbsermptxp.sys
2007-09-30 15:10 22,768 -c--a-w C:\Documents and Settings\Fabiano\usbsermpt.sys
2007-09-11 00:05 81,920 -c--a-w C:\Documents and Settings\Fabiano\Dados de aplicativos\ezpinst.exe
2007-09-11 00:05 47,360 -c--a-w C:\Documents and Settings\Fabiano\Dados de aplicativos\pcouffin.sys
2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe
2008-06-17 02:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008061620080617\index.dat
.

------- Sigcheck -------

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 23:21 549376 b0c0bf2504b830bfc1e93ca39f3c75fe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 23:21 549376 b0c0bf2504b830bfc1e93ca39f3c75fe C:\WINDOWS\system32\winlogon.exe
2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 13:02 2224384 4d6247a172c8f10886b19e70f2d8499d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 15:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 23:00 2326912 c7b4aa4cb4776496c7f09e96159b5831 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 23:00 2326912 c7b4aa4cb4776496c7f09e96159b5831 C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 13:02 2347136 c670713edeff7d175f42fc16987e8d25 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 15:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 23:01 2450048 a572d9bdb7bc906650ff9105ff475135 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 23:01 2450048 a572d9bdb7bc906650ff9105ff475135 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-13 23:20 1554432 7b198d92210d9da9d4e0db1e4855b727 C:\WINDOWS\explorer.exe
2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 23:20 1554432 7b198d92210d9da9d4e0db1e4855b727 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 23:20 25088 d67945a2290e98bb54d7792f09e7504e C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 23:20 25088 d67945a2290e98bb54d7792f09e7504e C:\WINDOWS\system32\ctfmon.exe
2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 25088]
"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 25088]
"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-28 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2007-11-29 337992]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\Arquivos de programas\GbPlugin\gbieh.dll" [2007-08-08 209224]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\Arquivos de programas\GbPlugin\gbiehuni.dll" [2008-05-19 368032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2007-11-29 11:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2008-05-19 15:10 368032 C:\Arquivos de programas\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
2008-03-30 17:18 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fabiano^Menu Iniciar^Programas^Inicializar^Winmysqladmin.LNK]
path=C:\Documents and Settings\Fabiano\Menu Iniciar\Programas\Inicializar\Winmysqladmin.LNK
backup=C:\WINDOWS\pss\Winmysqladmin.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-08-16 11:24 1236992 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 23:20 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-06-29 08:44 1990704 C:\Arquivos de programas\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-08-25 11:36 1168264 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
--a------ 2008-09-17 13:29 8963888 C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 13:24 1825792 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-01 20:46 25504040 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2006-08-09 16:18 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 08:55 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Arquivos de programas\\FlashGet\\flashget.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2005-05-06 21632]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-09-20 160792]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 11985920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1566fdf-ea11-11dc-b530-001636d18ad2}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
.
Conte£do da pasta 'Tarefas Agendadas'
.
- - - - ORFAOS REMOVIDOS - - - -

HKLM-Run-INPROCOMMWireless - C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe
HKLM-Explorer_Run-dljj_df - C:\WINDOWS\system\llzjy080813.exe
MSConfigStartUp-Discador iG - C:\Arquivos de programas\iGv6\Discador iG.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
MSConfigStartUp-INPROCOMMWireless - C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe
MSConfigStartUp-M2SAtualiza - C:\Arquivos de programas\M2S\Instalação M2S\M2SAtualiza.exe
MSConfigStartUp-SandboxieControl - C:\Arquivos de programas\Sandboxie\Control.exe


.
------- Ccan Suplementar -------
.
FireFox -: Profile - C:\Documents and Settings\Fabiano\Dados de aplicativos\Mozilla\Firefox\Profiles\be7ceqy5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orkut.com.br/Communities.aspx|http://www.orkut.com.br/Community.aspx?cmm=41874917|http://www.jacotei.com.br/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 09:07:40
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/MYSQL/bin/mysqld-opt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/MYSQL/bin/mysqld-opt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]
"ImagePath"="C:\Arquivos de programas\GbPlugin\GbpSv.exe"
.
------------------------ Outros Processos em Execu‡Æo ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\ARQUIV~1\GbPlugin\gbpsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-09-21 9:10:52 - Maquina reiniciou [Fabiano]
ComboFix-quarantined-files.txt 2008-09-21 12:10:49

Pre-Run: 13 pasta(s) 11,215,503,360 bytes disponíveis
Post-Run: 16 pasta(s) 11,307,593,728 bytes dispon¡veis

285 --- E O F --- 2008-09-10 02:49:37
  • 0

#4 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.360 posts

Postado 21 setembro 2008 - 09:39

Bom Dia! Buga

<@> Vá a este Link,e baixe:

< Malwarebytes >

<@> Atualize o programa!
<@> Escolha o escaneamento Rápido!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Procure enviar os ítens,detectados,para a quarentena.
<@> Para maiores detalhes: < Link >
-----------------------
<@> Poste,os relatórios: mbam-log-9-21-2008 (00-00-00).txt + HijackThis,atualizado.

Abraços!
  • 0

#5 Buga

Buga
  • Membros
  • 6 posts

Postado 21 setembro 2008 - 11:52

Bom dia!
O IE parou de abri sozinho apos passar o ComboFix, fiz o que mandou e o Malwarebytes acusou 3 Malwares e eles estão na quarentena...
Segue o log do Malwarebytes:

Malwarebytes' Anti-Malware 1.28
Versão do banco de dados: 1184
Windows 5.1.2600 Service Pack 3

21/9/2008 11:45:41 Fabiano
mbam-log-2008-09-21 (11-45-41).txt

Tipo de Verificação: Rápida
Objetos verificados: 65893
Tempo decorrido: 2 minute(s), 49 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 2
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 1

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.
  • 0

#6 Buga

Buga
  • Membros
  • 6 posts

Postado 21 setembro 2008 - 11:55

Segue o log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49 Fabiano, on 21/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205289319906
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa...GbPluginCef.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/MYSQL/bin/mysqld-opt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8529 bytes
  • 0

#7 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.360 posts

Postado 21 setembro 2008 - 22:58

Boa Noite! Buga

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
----------------------
<@> Baixe: < Runscanner v. 1.7.0.0 >
<@> Salve-o no Disco Local-C,e descompacte-o aí mesmo.
<@> Estabeleça um atalho,na área de trabalho,para o executável. ( RunScanner.exe )
<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.
<@> Feche todas as janelas/programas,antes de executar este utilitário.
<@> Rode-o,clicando em Scan computer. Aguarde!
<@> Terminando,clique no menu: Online analysis
<@> Abrirá a página: online malware analysis report
---------------------
<@> Poste,na sua resposta,o Link referente à esta análise.

Abraços!
  • 0

#8 Buga

Buga
  • Membros
  • 6 posts

Postado 22 setembro 2008 - 07:00

Bom dia!!

Segue link:

http://www.runscanne...8f-d13bf83ed677

[]´s
  • 0

#9 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.360 posts

Postado 23 setembro 2008 - 00:51

Bom Dia! Buga

<!> Existem alguns ítens que podem ser removidos!

104 ActiveX controls (Distribution Units)
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} GUID / CLSID not found

170 Explorer MountPoints
{d1566fdf-ea11-11dc-b530-001636d18ad2} C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Mic...

227 HKLM Directory\ShellEx\ContextMenuHandlers
GUID / CLSID not found


<!> Siga,abaixo,os procedimentos de remoção!
-----------------------
<@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho.
<@> Clique em: Mark/unmark item Space
<@> Clique na aba: Item fixer --> Fix selected items.
<@> Na mensagem,dê o OK.
<@> Em Information,confirme!
<@> Clique em Malware hunting,para confirmar-mos as remoções efetuadas.
<@> Confirmadas,as remoções,os logs estarão limpos!

Abraços!
  • 0

#10 Buga

Buga
  • Membros
  • 6 posts

Postado 23 setembro 2008 - 20:18

Remoções confirmadas!
Caso resolvido!!!!! :clap: :clap: :clap:
Muito Obrigado!!!!! :grin: :thumbsup:
  • 0

#11 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.360 posts

Postado 24 setembro 2008 - 02:33

PROBLEMA RESOLVIDO!

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.
  • 0




Publicidade

/ins>