[Arquivado] , analisem meu log do hijackthis

[ricardolord 0]

Atualmente estou tendo problemas de abrir várias páginas do Internet Explorer ao mesmo tempo, já até desinstalei ele mais não sei como ainda continua abrindo janelas do IE, peço por favor aos amigos que me ajudem pois não tenho como fazer backup e formatar meu pc.

 

Logfile of HijackThis v1.99.1Scan saved at 11:01:45, on 31/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\MOZILL~1\FIREFOX.EXEC:\ARQUIV~1\FREEDO~1\fdm.exeC:\DOCUME~1\RICARDO\CONFIG~1\Temp\Rar$EX00.500\HijackThis.exeC:\Arquivos de programas\Puxa Rápido\PuxaRapido.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype Plugin (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Arquivos de programas\Windows Desktop Search\dsWebAllow.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO.dllO2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [IpWins] C:\Arquivos de programas\ipwins\ipwins.exeO4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [POP Peeper] "C:\Arquivos de programas\POP Peeper\POPPeeper.exe" -minO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Steam] C:\Arquivos de programas\Valve\Steam\\Steam.exe -silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: HotSync Manager.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: KYESCAN.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exeO4 - Global Startup: WinKey.lnk = C:\Arquivos de programas\WinKey\WinKey.exeO8 - Extra context menu item: &Save Flash In This Page - C:\ARQUIV~1\FLASHS~1.0\save.htmO8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Baixar com &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: Baixar todos com BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Arquivos de programas\FlashKeeper\GetFlash.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\ARQUIV~1\FLASHS~1.0\save.htmO9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\ARQUIV~1\FLASHS~1.0\save.htmO9 - Extra button: Skype Plugin - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Arquivos de programas\FlashKeeper\GetFlash.htmO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154742290639O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B3087189-D117-4D70-BEED-6FB59D2481EA}: NameServer = 201.10.128.2,201.10.120.2O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - D:\apache2triad2\bin\httpd.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - D:\apache2triad2\bin\httpd.exe" -D SSL -n Apache2SSL -k runservice (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - D:\apache2triad2\mysql\bin\mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - D:\apache2triad2\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D D:\apache2triad2\pgsql\data\ (file missing)O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - D:\apache2triad2\ftp\SlimFTPd.exe" -service (file missing)O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - D:\apache2triad2\mail\bin\XMail.exe

[jgarcia 1]

Opa ricardolord,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> IpWins

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo desinstalado.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS\system32\hldrrr.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [ipWins] C:\Arquivos de programas\ipwins\ipwins.exe

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - Global Startup: KYESCAN.lnk = ?

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Arquivos de programas\ipwins <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Um abraço.

[ricardolord 0]

Olá grande amigão :natal_biggrin: jgarcia seguinte, fiz tudo que você pediu, dá uma olhadinha ai, só me desculpe por demorar a responder, sabe como é né final de ano correndo pra lá e pra cá pra comprar coisas pra ceia de ano novo, mais FELIZ ANO NOVO PRA você e pra todos do fórum valeu.

 

:!: OBS: Só uma observação, a linha abaixo que você pediu pra mim marcar no hijackthis não achei, será que era ela que dava descrição do vírus ? realmente era vírus ou o que ?

O4 - HKLM\..\Run: [ipWins]C:\Arquivos de programas\ipwins\ipwins.exe

 

 

Logfile of HijackThis v1.99.1Scan saved at 15:43:17, on 31/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exeC:\Arquivos de programas\PowerISO\PWRISOVM.EXEC:\Arquivos de programas\DAEMON Tools\daemon.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exeC:\Arquivos de programas\MSN Messenger\MsnMsgr.ExeC:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Arquivos de programas\Free Download Manager\fdm.exeC:\Arquivos de programas\POP Peeper\POPPeeper.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\BitComet\BitComet.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeD:\apache2triad2\bin\httpd.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Arquivos de programas\ewido anti-spyware 4.0\guard.exeC:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exeC:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXED:\apache2triad2\mysql\bin\mysqld.exeC:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exeC:\Arquivos de programas\WinKey\WinKey.exeC:\WINDOWS\system32\nvsvc32.exeC:\Arquivos de programas\Palm\HOTSYNC.EXEC:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exeC:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exeD:\apache2triad2\mail\bin\XMail.exeC:\Arquivos de programas\Windows Desktop Search\WindowsSearchIndexer.exeD:\apache2triad2\bin\httpd.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\svchost.exeC:\Downloads\Software\hijackthis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype Plugin (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Arquivos de programas\Windows Desktop Search\dsWebAllow.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO.dllO2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - HKCU\..\Run: [POP Peeper] "C:\Arquivos de programas\POP Peeper\POPPeeper.exe" -minO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [BitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Steam] C:\Arquivos de programas\Valve\Steam\\Steam.exe -silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: HotSync Manager.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exeO4 - Global Startup: WinKey.lnk = C:\Arquivos de programas\WinKey\WinKey.exeO8 - Extra context menu item: &Save Flash In This Page - C:\ARQUIV~1\FLASHS~1.0\save.htmO8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Baixar com &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: Baixar todos com BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Arquivos de programas\FlashKeeper\GetFlash.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\ARQUIV~1\FLASHS~1.0\save.htmO9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\ARQUIV~1\FLASHS~1.0\save.htmO9 - Extra button: Skype Plugin - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Arquivos de programas\FlashKeeper\GetFlash.htmO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154742290639O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B3087189-D117-4D70-BEED-6FB59D2481EA}: NameServer = 201.10.128.2,201.10.120.2O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - D:\apache2triad2\bin\httpd.exe" -n Apache2 -k runservice (file missing)O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - D:\apache2triad2\bin\httpd.exe" -D SSL -n Apache2SSL -k runservice (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - D:\apache2triad2\mysql\bin\mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - D:\apache2triad2\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D D:\apache2triad2\pgsql\data\ (file missing)O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - D:\apache2triad2\ftp\SlimFTPd.exe" -service (file missing)O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - D:\apache2triad2\mail\bin\XMail.exe

[jgarcia 1]

Opa ricardolord,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[ricardolord 0]

Olá novamente guru JGARCIA, desculpa novamente por estar respondendo só agora, é que tenho chegado tarde da noite demais em casa, trabalho numa empresa de armazenagem de soja e esses dias tava super apertado pra mim, bem... tá aqui o conteúdo do arquivo gerado pelo SilentRunners que você me pediu pra executar, só uma perguntinha, o que esse bixo faz ?

 

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"{904AB22A-0680-1046-1007-031115030037}" = ""C:\Arquivos de programas\Arquivos comuns\{904AB22A-0680-1046-1007-031115030037}\Update.exe" te-110-12-0000073" [file not found]HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]"Free Download Manager" = "C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun" [null data]"POP Peeper" = ""C:\Arquivos de programas\POP Peeper\POPPeeper.exe" -min" ["Mortal Universe"]"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]"BitComet" = ""C:\Arquivos de programas\BitComet\BitComet.exe"" ["www.BitComet.com"]"DVDXGhost" = "(empty string)" [file not found]"swg" = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [file not found]"Steam" = "C:\Arquivos de programas\Valve\Steam\\Steam.exe -silent" ["Valve Corporation"]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"SunJavaUpdateSched" = "C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"PWRISOVM.EXE" = "C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]"DAEMON Tools" = ""C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]"ISUSPM Startup" = ""C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]"ISUSScheduler" = ""C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]"Atualizador - Puxa Rápido" = "C:\Arquivos de programas\Puxa Rápido\Atualiza.exe" [null data]"Google Desktop Search" = ""C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype Plugin (mastermind)"  -> {HKLM...CLSID} = "Skype Plugin (mastermind)"				   \InProcServer32\(Default) = "C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{2F85D76C-0569-466F-A488-493E6BD0E955}\(Default) = (no title provided)  -> {HKLM...CLSID} = "dsWebAllowBHO Class"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Desktop Search\dsWebAllow.dll" [MS]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"  -> {HKLM...CLSID} = "BitComet Helper"				   \InProcServer32\(Default) = "C:\Arquivos de programas\BitComet\tools\BitCometBHO.dll" ["BitComet"]{6EF05952-B48D-4944-AA91-57A6A1A48EF8}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL" [null data]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Windows Live Toolbar Helper"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"  -> {HKLM...CLSID} = "GbIehObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"  -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"  -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"				   \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"  -> {HKLM...CLSID} = "GbPluginObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"				   \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"				   \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"  -> {HKLM...CLSID} = "PowerISO"				   \InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}" = "Execute Hooker"  -> {HKLM...CLSID} = "ExecuteHooker Class"				   \InProcServer32\(Default) = "C:\Arquivos de programas\DVD X Studios\DVD X Utilities 2.1\DVDGhost\ExecuteHooker.dll" ["WWW.Region-Free-DVD.COM"]"{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Deskbar"  -> {HKCU...CLSID} = "Deskbar do Windows"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Desktop Search\deskbar.dll" [MS]"{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"  -> {HKLM...CLSID} = "Windows Desktop Search"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Desktop Search\msnlExt.dll" [MS]"{D426CFD0-87FC-4906-98D9-A23F5D515D61}" = "Windows Desktop Search Outlook Express ISearchFolder Class"  -> {HKLM...CLSID} = "Windows Desktop Search Outlook Express SearchProtocol Class"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Desktop Search\OEPH.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"  -> {HKLM...CLSID} = "History Band"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"				   \InProcServer32\(Default) = "C:\Arquivos de programas\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"  -> {HKLM...CLSID} = "GbPluginObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]<<!>> "{569DAC0F-2791-46ab-8EFC-A54B77C04C20}" = "Execute Hooker"  -> {HKLM...CLSID} = "ExecuteHooker Class"				   \InProcServer32\(Default) = "C:\Arquivos de programas\DVD X Studios\DVD X Utilities 2.1\DVDGhost\ExecuteHooker.dll" ["WWW.Region-Free-DVD.COM"]<<!>> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided)  -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\<<!>> "AppInit_DLLs" = "C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL" [null data]HKLM\Software\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"				   \InProcServer32\(Default) = "C:\Arquivos de programas\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]HVCVTMFile\(Default) = "{362BA661-F1A0-11d6-A9D6-009027992B41}"  -> {HKLM...CLSID} = "Hero Video Convert Shell Extension"				   \InProcServer32\(Default) = "C:\Herosoft\Hero Video Convert\VCvtShell.dll" [null data]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"				   \InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"  -> {HKLM...CLSID} = "CContextScan Object"				   \InProcServer32\(Default) = "C:\Arquivos de programas\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"				   \InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"  -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"				   \InProcServer32\(Default) = "C:\Arquivos de programas\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"  -> {HKLM...CLSID} = "PowerISO"				   \InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]Default executables:--------------------HKCU\Software\Classes\.bat\(Default) = (value not set)HKCU\Software\Classes\.cmd\(Default) = (value not set)HKCU\Software\Classes\.com\(Default) = (value not set)HKCU\Software\Classes\.exe\(Default) = (value not set)HKCU\Software\Classes\.hta\(Default) = "htafile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|System|Prevent access to registry editing tools}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\RICARDO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Startup items in "RICARDO" & "All Users" startup folders:---------------------------------------------------------C:\Documents and Settings\RICARDO\Menu Iniciar\Programas\Inicializar"Adobe Gamma" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"HotSync Manager" -> shortcut to: "C:\Arquivos de programas\Palm\HOTSYNC.EXE" ["Palm, Inc."]C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar"Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]"DataViz Inc Messenger" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe" ["DataViz, Inc."]"InterVideo WinCinema Manager" -> shortcut to: "C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]"Microsoft Office" -> shortcut to: "C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE -b -l" [MS]"Windows Desktop Search" -> shortcut to: "C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe  /startup" [MS]"WinKey" -> shortcut to: "C:\Arquivos de programas\WinKey\WinKey.exe" [null data]Enabled Scheduled Tasks:------------------------"Check Updates for Windows Live Toolbar" -> launches: "C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"  -> {HKLM...CLSID} = "Windows Live Toolbar"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"  -> {HKLM...CLSID} = "Windows Live Toolbar"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]"{4064EA35-578D-4073-A834-C96D82CBCF40}"  -> {HKLM...CLSID} = "&Save Flash"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Save Flash\SaveFlash.dll" ["TODO: <Company name>"]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)  -> {HKLM...CLSID} = "Windows Live Toolbar"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]"{4064EA35-578D-4073-A834-C96D82CBCF40}" = (no title provided)  -> {HKLM...CLSID} = "&Save Flash"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Save Flash\SaveFlash.dll" ["TODO: <Company name>"]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"				   \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{09EA1F80-F40A-11D1-B792-444553540001}\"ButtonText" = "Flash Saver""MenuText" = "Flash Saver""Script" = "C:\ARQUIV~1\FLASHS~1.0\save.htm" [null data]{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype Plugin""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"  -> {HKLM...CLSID} = "Skype Plugin (button)"				   \InProcServer32\(Default) = "C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{86301D40-94C1-4A5E-843B-7F43965E364A}\"ButtonText" = "FlashKeeper""Script" = "C:\Arquivos de programas\FlashKeeper\GetFlash.htm" [null data]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Pesquisar"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Apache2Triad Apache2 Service, Apache2, ""D:\apache2triad2\bin\httpd.exe" -n Apache2 -k runservice" ["Apache Software Foundation"]Apache2Triad MySql Service, MySql, "D:\apache2triad2\mysql\bin\mysqld.exe" [null data]Apache2Triad Xmail Service, XMail, "D:\apache2triad2\mail\bin\XMail.exe" [null data]avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Serviço Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Arquivos de programas\MSN Messenger\usnsvc.dll" [MS]}Ulead Burning Helper, UleadBurningHelper, "C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]VeryPDF\Driver = "_pdfxp.dll" [null data]----------<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 64 seconds, including 9 seconds for message boxes)

[jgarcia 1]

... tá aqui o conteúdo do arquivo gerado pelo SilentRunners que você me pediu pra executar, só uma perguntinha, o que esse bixo faz ?

O SilentRunners fornece um log mais apurado sobre os processos em execução no PC. ;)

 

Bem, vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Arquivos de programas\Arquivos comuns\{904AB22A-0680-1046-1007-031115030037}\Update.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Localize e delete:

 

C:\Arquivos de programas\Arquivos comuns\{904AB22A-0680-1046-1007-031115030037} <- a pasta

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho e o execute. Aceite o acordo.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsb-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.