[Resolvido!]Como remover Pop-ups CiD ?

[ckcharlie 0]

A galera, meu irmão baixou OOVOO, um programa parecido com o MSNmessenger, porém faz video-conferencia. O Programa trouxe-me algum malware. Fica abrindo umas pop-ups nomeada CiD. Já vi resolução desse problema em um outro tópico resolvidos pelo usuário DigRam. Queria saber se é seguro repetir os msm procedimento no meu pc, ou devo fazer uma nova análise e fazer um novo procedimento para meu PC. Se precisar fazer um novo procedimento, o que devo fazer ?Grato galera,

[jgarcia 1]

Opa ckcharlie,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[ckcharlie 0]

Opa desculpe a demora, estava de férias ;P

 

Aqui esta amigo:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:02:32, on 26/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\winhlp32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O1 - Hosts: are.Alexa][Alexa Toolbar]

O1 - Hosts: d]

O1 - Hosts: E2Give][spyware.e2give]

O1 - Hosts: .0 www.gigex.com #[download Class][eTrust.Gigex SpeedDelivery]

O1 - Hosts: afficstar.com #[iE-SpyAd]

O1 - Hosts: .com #[iE-SpyAd]

O1 - Hosts: tective.com

O1 - Hosts: cooweb.com #[backdoor.Graybird.N]

O1 - Hosts: 0.0 hit.traxdb.net

O1 - Hosts: TinyBar]

O1 - Hosts: 0 r18.trafficserverstats.com

O1 - Hosts: .com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]

O1 - Hosts: .0.0.0 xbs.climaxbucks.com

O1 - Hosts: d]

O1 - Hosts: asalemedia.com

O1 - Hosts: ok-today.com

O1 - Hosts: s.joysticknetworks.com

O1 - Hosts: 3.coolsavings.com

O1 - Hosts: archadv.com #[Trojan.GuestBook][umaxlogin.com]

O1 - Hosts: ]

O1 - Hosts: o #[Troj/Warspy-G]

O1 - Hosts: 0.0 quick-searcher.com

O1 - Hosts: dia.com #[Wishbone.com]

O1 - Hosts: bin.wordsx.cc #[TROJ_SAMLLAMB.A]

O1 - Hosts: r.org #[Troj/StartPa-H]

O1 - Hosts: 0.0 v61.com #[Win32.Winshow.G]

O1 - Hosts: it.com

O1 - Hosts: ps.com

O1 - Hosts: com #[ZeroPopUpBar][iE-SpyAd]

O1 - Hosts: spyware.com.16871.fb.dbbsrv.com

O1 - Hosts: .doubleclick.net

O1 - Hosts: ix-screensaver.com

O1 - Hosts: opsearch10.com]

O1 - Hosts: y.com

O1 - Hosts: fectnav.com

O1 - Hosts: utions AG][Tracking Service]

O1 - Hosts: websearch.co.uk

O1 - Hosts: s.passion.com

O1 - Hosts: .0.0 wwd.hitbox.com

O1 - Hosts: .0.0 ads10.bpath.com

O1 - Hosts: ldwide.com

O1 - Hosts: ad5.bannerbank.ru

O1 - Hosts: .ru

O1 - Hosts: getnet.com

O1 - Hosts: se.mycomputer.com

O1 - Hosts: 0 ads13.udc.advance.net

O1 - Hosts: fficmarketplace.com

O1 - Hosts: lasearch.com

O1 - Hosts: ust.Win32.Qoologic]

O1 - Hosts: .0.0 els.redswoosh.net

O1 - Hosts: w.esunsofttechnologies.com

O1 - Hosts: .com

O1 - Hosts: Typo squatter]

O1 - Hosts: .net

O1 - Hosts: 0 search.startsurfing.com

O1 - Hosts: er]

O1 - Hosts: .net #[Webclients Ad Network]

O1 - Hosts: om #[lspak.dll]

O1 - Hosts: Midaddle-C]

O1 - Hosts: .paypopup.com

O1 - Hosts: com

O1 - Hosts: grab.com

O1 - Hosts: *****

O1 - Hosts: exfiles.nu #[sMS Dialer][Date Regon]

O1 - Hosts: pport.electronic-group.com

O1 - Hosts: ler]

O1 - Hosts: iz #[Win32.Bagz.F][MHTMLRedir.Exploit]

O1 - Hosts: .0.0.0 www.supersexpass.com #[iE-SpyAd]

O1 - Hosts: www.maturetoolbar.com

O1 - Hosts: er.com

O1 - Hosts: asite.ISTbar]

O1 - Hosts: .com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [2 Poke Balm Manager] C:\Documents and Settings\All Users\Dados de aplicativos\eggsshow2poke\Online Tons.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [lies mail] C:\DOCUME~1\ADMINI~1\DADOSD~1\WAVEMA~1\live log comp.exe

O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6014012A-C79C-4EB8-8DCA-10585292A8BA}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[jgarcia 1]

Opa ckcharlie,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[ckcharlie 0]

Opa, aqui está, ele não reiniciou a máquina, terminou e o log foi este:

 

"Administrador" - 2007-07-26 18:13:28 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

 

 

2007-07-26 18:12 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-26 13:01 218,112 --a------ C:\HijackThis.exe

2007-07-26 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Help

2007-07-25 08:15 <DIR> d-------- C:\Arquivos de programas\mIRC

2007-07-24 08:35 <DIR> dr------- C:\Fontes

2007-07-23 16:41 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Favoritos

2007-07-23 16:40 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL

2007-07-23 16:40 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE

2007-07-23 16:40 28,672 --a------ C:\WINDOWS\system32\zlm.dll

2007-07-23 16:40 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL

2007-07-23 16:40 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL

2007-07-23 16:40 143,360 -ra------ C:\WINDOWS\apptune1018.exe

2007-07-23 16:40 106,496 -ra------ C:\WINDOWS\system32\VSHP1018.DLL

2007-07-23 16:40 102,400 --a------ C:\WINDOWS\system32\zlhp1018.dll

2007-07-23 16:40 <DIR> d--h----- C:\Arquivos de programas\Zenographics

2007-07-23 16:40 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2007-07-23 16:38 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-07-22 16:57 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2007-07-22 14:55 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2007-07-22 14:55 69,632 --a------ C:\WINDOWS\system32\xmltok.dll

2007-07-22 14:55 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll

2007-07-22 14:55 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe

2007-07-22 14:55 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-07-22 14:52 <DIR> d-------- C:\Arquivos de programas\UBISOFT

2007-07-21 17:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeUM

2007-07-20 13:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Webroot

2007-07-18 21:11 <DIR> d-------- C:\Arquivos de programas\ooVoo

2007-07-18 20:50 24,576 --a------ C:\WINDOWS\system32\Ulead Photo Explorer 8.scr

2007-07-18 20:50 24,576 --------- C:\WINDOWS\system32\UleadPhotoExplorer8_Res.dll

2007-07-18 20:50 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

2007-07-18 20:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

2007-07-18 20:48 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll

2007-07-18 20:48 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll

2007-07-18 20:48 40,960 --a------ C:\WINDOWS\vsnpstd2.exe

2007-07-18 20:48 40,960 --a------ C:\WINDOWS\system32\rsnpstd2.dll

2007-07-18 20:48 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll

2007-07-18 20:48 302,720 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys

2007-07-18 20:48 245,408 --a------ C:\WINDOWS\system32\unicows.dll

2007-07-18 20:48 20,480 --a------ C:\WINDOWS\usnpstd2.exe

2007-07-18 20:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\snpstd2

2007-07-16 19:48 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2007-07-15 18:28 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-15 18:27 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-07-15 18:27 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-15 18:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-15 18:27 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-15 18:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-15 18:27 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-15 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\eggsshow2poke

2007-07-15 00:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Wave Mapi Meta

2007-07-15 00:42 <DIR> d-------- C:\Arquivos de programas\Wave Mapi Meta

2007-07-14 13:30 <DIR> d--h----- C:\Arquivos de programas\Scpad

2007-07-14 12:20 <DIR> d-------- C:\Arquivos de programas\The KMPlayer

2007-07-13 21:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Ulead Systems

2007-07-13 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ulead Systems

2007-07-13 21:12 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-07-13 21:12 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-07-13 21:12 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-07-13 21:12 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-07-13 21:12 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-07-13 21:12 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-07-13 21:12 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-07-13 21:11 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-07-13 21:10 53,248 --a------ C:\WINDOWS\amcap.exe

2007-07-13 21:08 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-07-13 21:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-13 17:08 <DIR> d-------- C:\Incomplete

2007-07-13 17:07 <DIR> d-------- C:\LimeandShare

2007-07-13 17:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete

2007-07-13 17:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

2007-07-13 17:05 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-07-12 23:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\RadLight Company

2007-07-12 23:52 <DIR> d-------- C:\Arquivos de programas\RadLight Company

2007-07-12 23:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DivX

2007-07-12 23:41 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-12 23:41 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-12 23:41 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-12 23:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-12 23:41 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-07-12 23:41 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-07-12 23:41 <DIR> d-------- C:\Arquivos de programas\DivX

2007-07-12 23:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-07-12 22:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-07-12 19:37 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-07-12 19:19 <DIR> d-------- C:\JOGOS

2007-07-12 19:14 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-12 19:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Corel

2007-07-12 19:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

2007-07-12 19:12 <DIR> d-------- C:\Arquivos de programas\Corel

2007-07-12 19:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-07-12 19:03 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-07-12 19:01 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-07-12 13:36 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData

2007-07-12 09:02 <DIR> d-------- C:\Cavaleios dos Zod¡aco

2007-07-12 00:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-07-11 15:37 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2007-07-11 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

2007-07-11 15:23 <DIR> d-------- C:\BancoBrasil

2007-07-11 11:08 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2007-07-11 09:08 <DIR> d-------- C:\Arquivos de programas\Webzen

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-10 13:52:22 69,818 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-10 13:52:22 428,116 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-07 14:01:19 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-07-07 05:41:35 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-07-07 05:40:59 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"nwiz"="nwiz.exe" [2006-08-07 22:25 C:\WINDOWS\system32\nwiz.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 14:00 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]

"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-07-12 23:08]

"2 Poke Balm Manager"="C:\Documents and Settings\All Users\Dados de aplicativos\eggsshow2poke\Online Tons.exe" [2007-07-15 00:43]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Ulead AutoDetector"="C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-05-07 17:39]

"OrderReminder"="C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 14:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 19:29]

"lies mail"="C:\DOCUME~1\ADMINI~1\DADOSD~1\WAVEMA~1\live log comp.exe" []

"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSharedDocuments"=1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSharedDocuments"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Arquivos de programas\GbPlugin\gbieh.dll [2007-06-25 09:24 332616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - Apartment [ ]

 

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys

S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 18:15:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000001d1

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-26 18:15:49

 

--- E O F ---

[jgarcia 1]

Opa ckcharlie,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o HostsXpert em:

HostsXpert

 

Execute o HostsXpert, por meio do arquivo HostsXpert.exe, clique em Restore Microsoft's Hosts File e aperte em OK. Depois disso, finalize o programa.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Documents and Settings\All Users\Dados de aplicativos\eggsshow2poke\Online Tons.exe

C:\DOCUME~1\ADMINI~1\DADOSD~1\WAVEMA~1\live log comp.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [2 Poke Balm Manager] C:\Documents and Settings\All Users\Dados de aplicativos\eggsshow2poke\Online Tons.exe

O4 - HKCU\..\Run: [lies mail] C:\DOCUME~1\ADMINI~1\DADOSD~1\WAVEMA~1\live log comp.exe

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Documents and Settings\All Users\Dados de aplicativos\eggsshow2poke <- a pasta

C:\DOCUME~1\ADMINI~1\DADOSD~1\WAVEMA~1 <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[ckcharlie 0]

Oi amigo,o Killbox é somente um arquivo exe ?Ele não está executando aqui. Aparece a seguinte mensagem de erro:Componente 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: a file is missing or invalid=/

[ckcharlie 0]

Opa, eu não estava fazendo nada no meu pc e resolvi executar o killbox. Pois não é que ele funcionou, rs.

 

Segui todos os passos que você pediu.

 

Aqui está o novo log:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:56:29, on 28/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ckcharlie 0]

Bem, acredito que o problema foi resolvido.Caso ainda não apareceu as Pop-ups.Caso o problema persista eu tentarei entrar em contato novamente.Obrigado jgarcia.

[jgarcia 1]

Opa ckcharlie,

 

Fico feliz por saber que o problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.