Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
ESTE É O LOG do HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:30, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\dale mail.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [frag rect] C:\DOCUME~1\FILHOE~1\DADOSD~1\POPLOU~1\WAY REGS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 7731 bytes
_________________________________________________________________________
Este é o log do findlop.txt
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A94855479197D43F.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Filho e Karol'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/09/2008 23:00:00
NextRun: 04/10/2008 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/10/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
Boa Tarde esse são os Logs,agradeço por sua atenção.....
Abraços.
LOG AVENGER
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe" not found!
Deletion of file "c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\tasks\A94855479197D43F.job" not found!
Deletion of file "c:\windows\tasks\A94855479197D43F.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great" deleted successfully.
Completed script processing.
********************************
Finished! Terminate.
________________________________
LOG HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:11, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)
End of file - 6816 bytes
Bom Dia! Karoline ferreira
>@< Faça o download do ComboFix.
>@< Baixe-o para o Desktop!
>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.
>@< Feche todas as janelas e execute a ferramenta!
Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe
Ps: Nomeie durante o salvamento,e não após salvá-la!
>@< Abrirá a janela Auto Scan. Aguarde!
>@< Digite a opção para continuar e < Enter >
>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!
_______________________
>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.
Abraços!
Bom Dia! Karoline ferreira
>@< Faça o download do ComboFix.
>@< Baixe-o para o Desktop!
>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.
>@< Feche todas as janelas e execute a ferramenta!
Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe
Ps: Nomeie durante o salvamento,e não após salvá-la!
>@< Abrirá a janela Auto Scan. Aguarde!
>@< Digite a opção para continuar e < Enter >
>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!
_______________________
>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.
Abraços!
________________________________________________________________________________
___
Boa Noite td bom,esses são os logs.
log do combofix
ComboFix 08-04-12.4 - Filho e Karol 2008-04-12 19:43:01.4 - NTFSx86
Executando de: C:\Documents and Settings\Filho e Karol\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\NPF
((((((((((((((((((((((( Ficheiros criados de 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))
.
2008-04-11 23:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-11 23:19 . 2008-04-11 23:21 <DIR> d-------- C:\Arquivos de programas\Java
2008-04-11 23:13 . 2008-04-11 23:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java
2008-04-11 22:18 . 2008-04-11 22:18 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Windows Live Writer
2008-04-11 20:47 . 2008-04-11 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!2008-04-11 20:16 . 2007-01-08 15:53 1,640,960 --a------ C:\WINDOWS\lhelp.exe
2008-04-11 20:12 . 2008-04-11 20:16 <DIR> d-------- C:\Arquivos de programas\Oi Velox
2008-04-11 17:26 . 2008-04-11 17:26 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live
2008-04-11 16:42 . 2008-04-12 06:25 <DIR> d-------- C:\Arquivos de programas\Windows Live
2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais
2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais
2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais
2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Configurações locais2008-04-10 22:30 . 2008-04-10 22:30 180,719 --a------ C:\bankerfix.exe
2008-04-10 13:06 . 2008-04-10 13:41 <DIR> d-------- C:\backups
2008-04-10 10:37 . 2008-04-10 10:37 93,696 --a------ C:\KillBox.exe
2008-04-10 08:41 . 2008-04-10 17:03 <DIR> d-------- C:\Arquivos de programas\NitroPC
2008-04-10 08:03 . 2008-04-12 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP2008-04-09 16:55 . 2008-04-09 22:51 401,720 --a------ C:\HijackThis.exe
2008-04-09 15:40 . 2008-04-10 10:43 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Pop Loud Log
2008-04-09 15:40 . 2008-04-09 15:40 <DIR> d-------- C:\Arquivos de programas\Pop Loud Log
2008-04-07 21:25 . 2008-04-07 21:25 <DIR> d-------- C:\Arquivos de programas\Google
2008-04-07 07:55 . 2008-04-07 07:55 <DIR> d-------- C:\Arquivos de programas\Macrovision Corporation
2008-04-07 07:54 . 2008-04-07 07:54 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\InstallShield2008-04-07 00:02 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-07 00:02 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 18:38 . 2008-04-10 17:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-18 13:11 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-03-13 18:02 . 2008-03-13 18:02 1,190 --a------ C:\WINDOWS\mozver.dat
2008-03-13 17:17 . 2008-03-13 17:17 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Talkback
2008-03-13 17:17 . 2008-03-13 17:17 0 --a------ C:\WINDOWS\nsreg.dat
.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 00:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller
2008-04-11 23:23 --------- d-----w C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Lightcomm
2008-04-02 12:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 21:26 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2008-01-03 15:00 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C45 Series (cópia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]
"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 14:03 1975824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-04-30 17:21 180269]
"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]
"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 17:46 258114]
"EPSON Stylus C45 Series (cópia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]
"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]
"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Arquivos de programas\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]
R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 10:11]
R3 IrUSB;ArkMicro USB Infrared Miniport Adapter;C:\WINDOWS\system32\DRIVERS\IrUSB.sys [2006-03-06 17:47]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 19:49:31
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Arquivos de programas\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-04-12 19:54:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 22:54:15
Pre-Run: 24,579,395,584 bytes disponíveis
Post-Run: 24,545,361,920 bytes dispon¡veis
.
2008-04-12 20:31:27 --- E O F ---
________________________________________________________________________________
___
E esse do hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:00, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\NitroPC\NitroPC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142
O17 - HKLM\System\CS2\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 8024 bytes
Obs:esta aparecendo uma janela quando eu inicio o pc depois que eu fiz o procedimento do combofix a janela que aparece no é essa.
""desp2k.exe_ nao é possivel localizar componente.''
''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''
Nao sei o que significa essa janela.
Boa Noite! karoline ferreira
""desp2k.exe_ nao é possivel localizar componente.''''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''
>@< O ComboFix removeu um arquivo legítimo,que pertence ao discador Velox.
>@< Reinstale o seu discador,para que o problema seja sanado.
----------------------------------
>@< Faça o download do LopS&D.
>@< Salve-o no Disco Local-C.
>@< Instale o programa e clique em: LopSD.cmd
>@< Na janela que abrir,aperte o "p" >> Aperte Enter.
>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!
>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )
>@< Poste,também,HJT atualizado.
Abraços!
Boa Noite! karoline ferreira
""desp2k.exe_ nao é possivel localizar componente.''''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''
>@< O ComboFix removeu um arquivo legítimo,que pertence ao discador Velox.
>@< Reinstale o seu discador,para que o problema seja sanado.
----------------------------------
>@< Faça o download do LopS&D.
>@< Salve-o no Disco Local-C.
>@< Instale o programa e clique em: LopSD.cmd
>@< Na janela que abrir,aperte o "p" >> Aperte Enter.
>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!
>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )
>@< Poste,também,HJT atualizado.
Abraços!
********************************************************************************
**
Boa Noite,
tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.
Boa Noite! karoline ferreira
tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.
>@< Siga a ordem que postei!
>@< Primeiramente,reinstale o discador Velox.
Abraços!
Boa Noite! karoline ferreira
tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.
>@< Siga a ordem que postei!
>@< Primeiramente,reinstale o discador Velox.
Abraços!
********************************************************************************
********************************************************************************
*
*****
Boa tarde "Dig Ram''
Este é o log do Lop.
-----------------------[ Lop S&D 4.1.1-0 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Filho e Karol ] [ "C:\Lop SD" ]
[ ter 15/04/2008 | 13:18:34,81 ] [ PC : FILHO ]
[ MAJ : 14-04-2008 | 20:30 ]
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Lista de pastas em Application Data ]------------
[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.
[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..
[29/04/2007|12:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe
[29/04/2007|08:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini
[04/01/2008|18:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ezsid.dat
[02/04/2008|09:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin
[10/12/2007|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations
[03/01/2008|11:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield
[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!
[15/04/2008|12:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft
[14/12/2007|21:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help
[29/04/2007|13:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage
[03/05/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson
[03/05/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca
[15/04/2008|13:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP
[29/04/2007|13:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage
[11/04/2008|21:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller
[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.
[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..
[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini
[29/04/2007|11:23] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft
[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\.
[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\..
[13/03/2008|18:03] C:\DOCUME~1\FILHOE~1\DADOSD~1\Adobe
[19/12/2007|17:03] C:\DOCUME~1\FILHOE~1\DADOSD~1\AdobeUM
[29/04/2007|18:16] C:\DOCUME~1\FILHOE~1\DADOSD~1\ArcSoft
[03/01/2008|11:14] C:\DOCUME~1\FILHOE~1\DADOSD~1\Bitstream
[29/04/2007|08:10] C:\DOCUME~1\FILHOE~1\DADOSD~1\desktop.ini
[02/06/2007|13:42] C:\DOCUME~1\FILHOE~1\DADOSD~1\Help
[29/04/2007|11:35] C:\DOCUME~1\FILHOE~1\DADOSD~1\Identities
[07/04/2008|07:54] C:\DOCUME~1\FILHOE~1\DADOSD~1\InstallShield
[11/04/2008|20:23] C:\DOCUME~1\FILHOE~1\DADOSD~1\Lightcomm
[29/04/2007|13:26] C:\DOCUME~1\FILHOE~1\DADOSD~1\Macromedia
[11/04/2008|16:59] C:\DOCUME~1\FILHOE~1\DADOSD~1\Microsoft
[13/03/2008|17:16] C:\DOCUME~1\FILHOE~1\DADOSD~1\Mozilla
[10/04/2008|10:43] C:\DOCUME~1\FILHOE~1\DADOSD~1\Pop Loud Log
[30/04/2007|17:23] C:\DOCUME~1\FILHOE~1\DADOSD~1\Real
[03/05/2007|11:09] C:\DOCUME~1\FILHOE~1\DADOSD~1\Sony Ericsson
[13/03/2008|17:17] C:\DOCUME~1\FILHOE~1\DADOSD~1\Talkback
[03/05/2007|11:09] C:\DOCUME~1\FILHOE~1\DADOSD~1\Teleca
[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\Windows Live Writer
[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\.
[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\..
[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\Identities
[29/04/2007|11:28] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft
[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\.
[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\..
[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft
----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------
[15/04/2008 12:54][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/10/2001 12:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Lista de pastas em C:\Arquivos de programas ]--------------
[15/04/2008|11:53] C:\Arquivos de programas\.
[15/04/2008|11:53] C:\Arquivos de programas\..
[29/04/2007|12:05] C:\Arquivos de programas\Adobe
[26/01/2008|14:16] C:\Arquivos de programas\Alwil Software
[29/04/2007|18:13] C:\Arquivos de programas\ArcSoft
[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns
[03/01/2008|19:29] C:\Arquivos de programas\CCleaner
[29/04/2007|11:45] C:\Arquivos de programas\C-Media 3D Audio
[10/12/2007|22:56] C:\Arquivos de programas\DIFX
[02/06/2007|13:51] C:\Arquivos de programas\EPSON
[29/04/2007|19:00] C:\Arquivos de programas\InstallShield Installation Information
[09/04/2008|19:08] C:\Arquivos de programas\Internet Explorer
[11/04/2008|23:21] C:\Arquivos de programas\Java
[11/04/2008|17:26] C:\Arquivos de programas\Messenger Plus! Live
[29/04/2007|11:23] C:\Arquivos de programas\microsoft frontpage
[16/12/2007|20:47] C:\Arquivos de programas\Microsoft Office
[15/01/2008|19:45] C:\Arquivos de programas\Microsoft SQL Server Compact Edition
[16/12/2007|20:49] C:\Arquivos de programas\Microsoft.NET
[29/04/2007|11:20] C:\Arquivos de programas\Movie Maker
[12/04/2008|00:03] C:\Arquivos de programas\Mozilla Firefox
[15/12/2007|13:01] C:\Arquivos de programas\MSECache
[29/04/2007|11:18] C:\Arquivos de programas\MSN Gaming Zone
[13/08/2007|14:17] C:\Arquivos de programas\MSXML 4.0
[29/04/2007|12:20] C:\Arquivos de programas\Nero
[29/04/2007|11:20] C:\Arquivos de programas\NetMeeting
[10/04/2008|17:03] C:\Arquivos de programas\NitroPC
[29/04/2007|13:27] C:\Arquivos de programas\NovaLogic
[15/04/2008|12:28] C:\Arquivos de programas\Oi Velox
[13/08/2007|10:29] C:\Arquivos de programas\Outlook Express
[30/04/2007|17:21] C:\Arquivos de programas\Real
[06/01/2008|18:53] C:\Arquivos de programas\Scpad
[29/04/2007|11:21] C:\Arquivos de programas\Servi‡os on-line
[29/04/2007|11:42] C:\Arquivos de programas\SiS VGA Utilities V3.59
[10/12/2007|22:05] C:\Arquivos de programas\Sony Ericsson
[29/04/2007|11:35] C:\Arquivos de programas\Uninstall Information
[12/04/2008|06:25] C:\Arquivos de programas\Windows Live
[04/09/2007|20:52] C:\Arquivos de programas\Windows Media Connect 2
[11/08/2007|22:53] C:\Arquivos de programas\Windows Media Player
[29/04/2007|11:18] C:\Arquivos de programas\Windows NT
[14/01/2008|10:05] C:\Arquivos de programas\WinRAR
[29/04/2007|11:23] C:\Arquivos de programas\xerox
------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------
[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\.
[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\..
[29/04/2007|12:06] C:\Arquivos de programas\Arquivos comuns\Adobe
[29/04/2007|12:20] C:\Arquivos de programas\Arquivos comuns\Ahead
[01/06/2007|13:42] C:\Arquivos de programas\Arquivos comuns\Borland Shared
[03/01/2008|11:17] C:\Arquivos de programas\Arquivos comuns\DESIGNER
[03/01/2008|11:17] C:\Arquivos de programas\Arquivos comuns\InstallShield
[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\Java
[15/04/2008|11:57] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
[29/04/2007|11:20] C:\Arquivos de programas\Arquivos comuns\MSSoap
[29/04/2007|08:10] C:\Arquivos de programas\Arquivos comuns\ODBC
[03/01/2008|11:13] C:\Arquivos de programas\Arquivos comuns\Protexis
[30/04/2007|17:22] C:\Arquivos de programas\Arquivos comuns\Real
[29/04/2007|11:20] C:\Arquivos de programas\Arquivos comuns\Servi‡os
[29/04/2007|08:10] C:\Arquivos de programas\Arquivos comuns\SpeechEngines
[13/08/2007|10:29] C:\Arquivos de programas\Arquivos comuns\System
[03/05/2007|12:50] C:\Arquivos de programas\Arquivos comuns\Teleca Shared
[15/01/2008|18:44] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
[30/04/2007|17:22] C:\Arquivos de programas\Arquivos comuns\xing shared
----------------------[ Procura pelo S_Lop ]---------------------
Não foram encontradas pastas com o Lop!
-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------
Não foram encontradas pastas com o Lop!
----------------------[ Procura no Registro ]----------------------
..... OK !
--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------
Arquivos/Ficheiros Hosts LIMPO
----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 13:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Procurando por outras infecções ]---------------------
Não foram encontradas outras infecções.
/!\ [Fich:3][Doss:5] C:\DOCUME~1\FILHOE~1\CONFIG~1\Temp
/!\ [Fich:10][Doss:0] C:\DOCUME~1\FILHOE~1\Cookies
/!\ [Fich:453][Doss:4] C:\DOCUME~1\FILHOE~1\CONFIG~1\TEMPOR~1\content.IE5
--------------------[ Verificação completa em 13:22:45,85 ]----------------------
********************************************************************************
********************************************************************************
*
*****
E este outro do do hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:34, on 15/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\NitroPC\NitroPC.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 7440 bytes
Obs:Apareceu esse bloco de nota no pc no desktop,o que significa.
'''catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 13:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 O sistema não pode encontrar o arquivo especificado.
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0'''
Boa Tarde! karoline ferreira
DELETE: C:\Qoobox
------------------------------
>@< Faça o download do CCleaner.
>@< Baixe-o para o Desktop!
>@< Abra o programa e clique em Analisar >> Executar Limpeza.
>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.
------------------------------
Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.
Depois,desmarque novamente! >> Aplicar >> Ok.
Para maiores detalhes,vá em:< Docs >
>@< O Log está limpo!
>@< Algum problema ainda?
Abraços!
Boa Tarde! karoline ferreira
DELETE: C:\Qoobox
------------------------------
>@< Faça o download do CCleaner.
>@< Baixe-o para o Desktop!
>@< Abra o programa e clique em Analisar >> Executar Limpeza.
>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.
------------------------------
Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.
Depois,desmarque novamente! >> Aplicar >> Ok.
Para maiores detalhes,vá em:< Docs >
>@< O Log está limpo!
>@< Algum problema ainda?
Abraços!
********************************************************************************
********************************************************************************
*
*****
Boa Noite,'DigRam'
só passei pra agradecer sua ajuda esta tudo ok,sua ajuda foi de grande importancia muito Obrigado.Ate uma proxima vez.
Abraços.
PROBLEMA RESOLVIDO!
Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.
Bom Dia! karoline ferreira
>@< Abra o HijackThis >> Clique: Do a system scan only
>@< Marque as entradas,logo abaixo,e clique em Fix checked.
>
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)
O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\dale mail.exe
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)
@@@@@@@@@@@@@@@@@@@
>@< Faça o download do Avenger.
>@< Descompacte-o,e crie uma pasta para o programa. ( Avenger.exe )
>@< Coloque esta pasta,no Desktop!
>@< Selecione e copie,tudo o que estiver abaixo da palavra code.
>@< Ou,caso queira,utilize os atalhos: ( control + a ) >> ( control + c )
Files to delete:c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exec:\windows\tasks\A94855479197D43F.jobFolders to delete:C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great
>@< Execute o Avenger.exe
>@< Clique com o direito do mouse,na janela Input script here.
>@< Clique em Paste ou ( control + v ).
>@< Clique em Execute.
>@< Escolha "Yes",duas vezes, quando solicitado.
>@< Terminando o script,o computador será reiniciado.
>@< É possivel que o PC, seja reiniciado mais de uma vez!
>@< Poste o relatório,que estará em: C:\avenger.txt + HJT,atualizado.
Abraços!