[Arquivado] Ibm00001.exe, dando erro quando inico o pc!!Resolv

Kamia · Dezembro 30, 2006

meu antivirsus deleto o arquivo ibm00001.exe(C:\Arquivos e programas\arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe) por causa de virus!!agora ele não inicia direito!!tem como resolver?aguardando resposta!

jgarcia · Dezembro 30, 2006

Opa Kamia,

Faça o seguinte:

Baixe o HijackThis versão 1.99.1.

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

Abraços.

Kamia · Dezembro 31, 2006

Logfile of HijackThis v1.99.1

Scan saved at 15:46:26, on 1/1/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\EasyPHP\Apache\apache.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\EasyPHP\Apache\apache.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\EasyPHP\MySql\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\DriveCleaner 2006 Free\udcsdr.exe

C:\Arquivos de programas\Arquivos comuns\DriveCleaner 2006 Free\udcpas.exe

C:\Arquivos de programas\DriveCleaner 2006 Free\UDC6cw.exe

C:\Arquivos de programas\Arquivos comuns\Error Safe\erscw.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Windows\xpupdate.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\USUARI~1.000\CONFIG~1\Temp\se.dll/space.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2098F47D-4FF2-45E5-AC58-69B0C0E3A506} - C:\WINDOWS\System32\gcbb.dll (file missing)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\pwnshqaj.dll

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Arquivos de programas\VSAdd-in\VSAdd-in_1.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\System32\muunqlds.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C0BE3622-E7AA-4364-B939-796825A33AE5} - C:\WINDOWS\Cursors\mcdloe.dll (file missing)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Arquivos de programas\VSAdd-in\VSAdd-in_1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [EasyPHP] "C:\EasyPHP\easyphp.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Arquivos de programas\DriveCleaner 2006 Free\UDC2006.exe" /min

O4 - HKLM\..\Run: [sDR6_Check] "C:\Arquivos de programas\Arquivos comuns\DriveCleaner 2006 Free\udcsdr.exe"

O4 - HKLM\..\Run: [PAS_Check] "C:\Arquivos de programas\Arquivos comuns\DriveCleaner 2006 Free\udcpas.exe"

O4 - HKLM\..\Run: [uDC6cw] "C:\Arquivos de programas\DriveCleaner 2006 Free\UDC6cw.exe" -c

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [erscw] C:\Arquivos de programas\Arquivos comuns\Error Safe\erscw.exe -c

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...eInstall_br.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB880E1C-A0E8-4BF8-A0C2-5D595CEA8259}: NameServer = 85.255.113.108,85.255.112.197

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4225E5-9D55-4D16-9103-C39D9F19E75F}: NameServer = 85.255.113.108 85.255.112.197

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O18 - Filter: text/plain - {C098AE88-6656-4447-BF96-F79F15ABB4FA} - C:\WINDOWS\System32\gcbb.dll

O20 - Winlogon Notify: mcdloe - C:\WINDOWS\Cursors\mcdloe.dll (file missing)

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Ondbpm32.dll (file missing)

O23 - Service: Apache - Unknown owner - C:\EasyPHP\Apache\apache.exe" --ntservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXN1YXJpbw\command.exe (file missing)

O23 - Service: MySql - Unknown owner - C:\EasyPHP\MySql\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\smagent.exe

jgarcia · Dezembro 31, 2006

Opa Kamia,

1. Baixe o SmitfraudFix;

2. Desabilite a proteção do seu anti-vírus (temporariamente);

3. Extraia o arquivo SmitFraudFix para o seu desktop;

4. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 1;

5. Aguarde o término do scan;

6. Reabilite o seu anti-vírus;

7. Poste o log gerado pelo SmitfraudFix (opção 1).

Aguardo retorno.

Abraços.

Kamia · Janeiro 1, 2007

SmitFraudFix v2.132Scan done at 20:23:08,66, ter 02/01/2007Run from C:\Documents and Settings\Usuario.USUARIO.001\Desktop\SmitfraudFixOS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NTThe filesystem type is FAT32Fix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\ei malz a demora pra responder num pude entrar no pc esses dias por causa do final de ano!!Abraço!

jgarcia · Janeiro 2, 2007

Opa Kamia,

O log está incompleto. O log a ser gerado deveria possuir conjuntura como esta aqui (Post #3).

Preciso que você poste um log na íntegra.

Abraços.

Kamia · Janeiro 3, 2007

opa malz!!SmitFraudFix v2.132Scan done at 1:16:05,79, qui 04/01/2007Run from C:\Documents and Settings\Usuario.USUARIO.001\Desktop\SmitfraudFixOS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NTThe filesystem type is FAT32Fix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\warnhp.html FOUND !C:\WINDOWS\xpupdate.exe FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\migicons.exe FOUND !C:\WINDOWS\system32\zlbw.dll FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usuario.USUARIO.001»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usuario.USUARIO.001\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start MenuC:\WINDOWS\ALLUSE~1\MENUIN~1\PROGRA~1\AdwareSheriff FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\USUARI~1.001\FAVORI~1»»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Arquivos de programas C:\Arquivos de programas\AdwareSheriff\ FOUND !»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keysHKLM\SOFTWARE\WinHound.com FOUND !»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="Minha p gina inicial atual" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"="csifw.exe"»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End

jgarcia · Janeiro 3, 2007

Opa Kamia,

Vamos lá.

1. Desabilite a proteção do seu anti-vírus (temporariamente);

2. Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro);

3. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

4. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

5. Aguarde o término do scan e a geração do log;

6. Reinicie em Modo Normal;

7. Reabilite seu anti-vírus;

8. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

Aguardo retorno.

Abraços.

Kamia · Janeiro 3, 2007

SmitfraudFix:

SmitFraudFix v2.132

Scan done at 12:48:01,68, qui 04/01/2007

Run from C:\Documents and Settings\Usuario.USUARIO.001\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"="csolc.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 13:19:10, on 4/1/2007