[Resolvido!]problemas com service.exe

[slyp 0]

me desculpe eu sei que ja tem uns topicos como esse nos resolvidos mais nao to conseguindo resolvelo. pesso ajuda a vc6.

aqui esta o meu log do HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:41:48, on 29/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\dwwin.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\Explorer.EXE

C:\DOCUME~1\Douglas\CONFIG~1\Temp\Rar$EX18.594\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [NCLaunch] C:\DOCUME~1\Douglas\CONFIG~1\Temp\

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: RtlWake.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

fico no aguardo.

[jgarcia 1]

Opa slyp,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[slyp 0]

ai esta amigo!

mas ja tem 1 dia que o pc nao da esse problema.

ai esta o log.

 

 

ComboFix 07-07-30.2 - "Douglas" 2007-08-01 22:11:29.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

* Created a new restore point

 

Rootkit driver pe386 is present. ... attempting disinfection

pe386 ...... driver unloaded successfully.

ADS removed - system32: deleted 54466 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Arquivos de programas\myglobalsearch

C:\Arquivos de programas\myglobalsearch\bar\History\search

C:\WINDOWS\DOWNLO~1.\HbInstIE.dll

C:\WINDOWS\system32\ipv6mons.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

 

 

2007-08-01 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-30 21:11 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-07-30 21:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-07-30 21:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-30 17:57 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-30 17:57 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-30 17:57 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-28 17:23 <DIR> d-------- C:\Arquivos de programas\Samsung

2007-07-28 14:25 <DIR> d-------- C:\!KillBox

2007-07-28 14:03 2,794 --a------ C:\WINDOWS\system32\tmp.reg

2007-07-27 19:35 <DIR> d-------- C:\Arquivos de programas\BenQ Mobile

2007-07-27 19:31 <DIR> d-------- C:\PureUSBCableDrv

2007-07-26 19:54 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-07-26 19:48 <DIR> d-------- C:\Programme

2007-07-26 19:19 356,352 --a------ C:\Sommerspiele.exe

2007-07-26 19:14 <DIR> d-------- C:\Sommerspiele.2004.German_for_www.goldesel.to

2007-07-26 13:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WildTangent

2007-07-21 13:31 85,408 -ra------ C:\WINDOWS\system32\drivers\z530mgmt.sys

2007-07-21 13:31 83,344 -ra------ C:\WINDOWS\system32\drivers\z530obex.sys

2007-07-21 13:30 94,064 -ra------ C:\WINDOWS\system32\drivers\z530mdm.sys

2007-07-21 13:30 8,336 -ra------ C:\WINDOWS\system32\drivers\z530mdfl.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cmnt.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cm.sys

2007-07-21 12:01 58,288 -ra------ C:\WINDOWS\system32\drivers\z530bus.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530whnt.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530wh.sys

2007-07-21 12:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-21 11:59 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Teleca

2007-07-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-17 15:57 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-17 13:58 <DIR> d-------- C:\Games

2007-07-14 19:36 <DIR> d-------- C:\WINDOWS\United Football

2007-07-14 19:36 <DIR> d-------- C:\Arquivos de programas\United Football

2007-07-13 11:03 <DIR> d-------- C:\Arquivos de programas\EA Games

2007-07-13 00:50 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Command & Conquer 3 Tiberium Wars

2007-07-13 00:47 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-07-08 17:09 <DIR> d--h----- C:\WINDOWS\PIF

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-01 22:14 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Free Download Manager

2007-08-01 22:04 --------- d-------- C:\Arquivos de programas\grand prix 4 2006

2007-07-30 13:25 --------- d-------- C:\Arquivos de programas\AlienGUIse

2007-07-27 21:07 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-27 18:32 --------- d-------- C:\Arquivos de programas\Valve

2007-07-26 19:54 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-07-25 23:46 11652 --a------ C:\WINDOWS\mozver.dat

2007-07-24 01:03 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Babylon

2007-07-16 00:09 --------- d-------- C:\Arquivos de programas\Konami

2007-07-13 11:26 1202 --a------ C:\WINDOWS\eReg.dat

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\OnGame

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\Kaneva

2007-07-11 10:05 0 --a------ C:\WINDOWS\system32\dummy.dat

2007-06-29 22:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 21:32 --------- d-------- C:\Arquivos de programas\Rockstar Games

2007-06-29 21:30 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-06-29 21:30 --------- d-------- C:\Arquivos de programas\DAEMON Tools

2007-06-29 15:35 --------- d-------- C:\Arquivos de programas\Riva

2007-06-29 12:45 --------- d-------- C:\Arquivos de programas\WinAVIVideoConverter

2007-06-16 18:46 --------- d-------- C:\Arquivos de programas\MP3 Player Utilities 4.00

2007-06-11 21:02 --------- d-------- C:\Arquivos de programas\WinISO

2007-06-10 19:49 --------- d-------- C:\Arquivos de programas\Pcsx2

2007-05-05 13:21 1854208 --a------ C:\WINDOWS\systen291.exe

2002-09-02 10:38 337408 --a------ C:\Arquivos de programas\VisualBoyAdvance versao1.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-01-28 13:16 C:\WINDOWS\mixer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]

"nwiz"="nwiz.exe" [2003-02-14 04:56 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 17:39]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2006-08-21 00:24]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-11 12:31:55]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

RtlWake.lnk - C:\Arquivos de programas\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2006-12-04 15:20:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

 

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys

R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS

R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys

S2 USB680x;Genius USB Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.SYS

S3 EagleNT;EagleNT;\??\C:\WINDOWS\System32\drivers\EagleNT.sys

S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Douglas\CONFIG~1\Temp\jnv4_mib.sys

S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-02 01:10:54 C:\WINDOWS\Tasks\startt.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-01 22:16:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-01 22:17:53

C:\ComboFix-quarantined-files.txt ... 2007-08-01 22:17

 

--- E O F ---

[jgarcia 1]

Opa slyp,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Sommerspiele.exe

C:\Sommerspiele.2004.German_for_www.goldesel.to

C:\WINDOWS\systen291.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[slyp 0]

aiestao os logs.

 

HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:18:59, on 2/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Douglas\CONFIG~1\Temp\Rar$EX00.984\HijackThis.exe

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: RtlWake.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

ComboFix

 

 

ComboFix 07-07-30.2 - "Douglas" 2007-08-02 12:20:56.2 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

 

 

2007-08-01 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-30 21:11 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-07-30 21:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-07-30 21:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-30 17:57 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-30 17:57 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-30 17:57 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-28 17:23 <DIR> d-------- C:\Arquivos de programas\Samsung

2007-07-28 14:03 2,794 --a------ C:\WINDOWS\system32\tmp.reg

2007-07-27 19:35 <DIR> d-------- C:\Arquivos de programas\BenQ Mobile

2007-07-27 19:31 <DIR> d-------- C:\PureUSBCableDrv

2007-07-26 19:54 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-07-26 19:48 <DIR> d-------- C:\Programme

2007-07-26 19:14 <DIR> d-------- C:\Sommerspiele.2004.German_for_www.goldesel.to

2007-07-26 13:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WildTangent

2007-07-21 13:31 85,408 -ra------ C:\WINDOWS\system32\drivers\z530mgmt.sys

2007-07-21 13:31 83,344 -ra------ C:\WINDOWS\system32\drivers\z530obex.sys

2007-07-21 13:30 94,064 -ra------ C:\WINDOWS\system32\drivers\z530mdm.sys

2007-07-21 13:30 8,336 -ra------ C:\WINDOWS\system32\drivers\z530mdfl.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cmnt.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cm.sys

2007-07-21 12:01 58,288 -ra------ C:\WINDOWS\system32\drivers\z530bus.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530whnt.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530wh.sys

2007-07-21 12:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-21 11:59 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Teleca

2007-07-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-17 15:57 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-17 13:58 <DIR> d-------- C:\Games

2007-07-14 19:36 <DIR> d-------- C:\WINDOWS\United Football

2007-07-14 19:36 <DIR> d-------- C:\Arquivos de programas\United Football

2007-07-13 11:03 <DIR> d-------- C:\Arquivos de programas\EA Games

2007-07-13 00:50 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Command & Conquer 3 Tiberium Wars

2007-07-13 00:47 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-07-08 17:09 <DIR> d--h----- C:\WINDOWS\PIF

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-02 12:26 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Free Download Manager

2007-08-01 22:04 --------- d-------- C:\Arquivos de programas\grand prix 4 2006

2007-07-30 13:25 --------- d-------- C:\Arquivos de programas\AlienGUIse

2007-07-27 21:07 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-27 18:32 --------- d-------- C:\Arquivos de programas\Valve

2007-07-26 19:54 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-07-25 23:46 11652 --a------ C:\WINDOWS\mozver.dat

2007-07-24 01:03 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Babylon

2007-07-16 00:09 --------- d-------- C:\Arquivos de programas\Konami

2007-07-13 11:26 1202 --a------ C:\WINDOWS\eReg.dat

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\OnGame

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\Kaneva

2007-07-11 10:05 0 --a------ C:\WINDOWS\system32\dummy.dat

2007-06-29 22:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 21:32 --------- d-------- C:\Arquivos de programas\Rockstar Games

2007-06-29 21:30 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-06-29 21:30 --------- d-------- C:\Arquivos de programas\DAEMON Tools

2007-06-29 15:35 --------- d-------- C:\Arquivos de programas\Riva

2007-06-29 12:45 --------- d-------- C:\Arquivos de programas\WinAVIVideoConverter

2007-06-16 18:46 --------- d-------- C:\Arquivos de programas\MP3 Player Utilities 4.00

2007-06-11 21:02 --------- d-------- C:\Arquivos de programas\WinISO

2007-06-10 19:49 --------- d-------- C:\Arquivos de programas\Pcsx2

2002-09-02 10:38 337408 --a------ C:\Arquivos de programas\VisualBoyAdvance versao1.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-01-28 13:16 C:\WINDOWS\mixer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]

"nwiz"="nwiz.exe" [2003-02-14 04:56 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 17:39]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2006-08-21 00:24]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-11 12:31:55]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

RtlWake.lnk - C:\Arquivos de programas\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2006-12-04 15:20:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

 

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys

R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS

R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys

S2 USB680x;Genius USB Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.SYS

S3 EagleNT;EagleNT;\??\C:\WINDOWS\System32\drivers\EagleNT.sys

S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Douglas\CONFIG~1\Temp\jnv4_mib.sys

S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-02 15:14:02 C:\WINDOWS\Tasks\startt.job - c:\start.bat

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-02 12:27:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-02 12:28:52

C:\ComboFix-quarantined-files.txt ... 2007-08-02 12:28

C:\ComboFix2.txt ... 2007-08-01 22:17

 

--- E O F ---

 

obrigado!

[jgarcia 1]

Opa slyp,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\wbsys.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Execute o HijackThis, clique em Do a system scan only e marque:

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

Clique em Fix checked.

 

3ª Etapa

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[slyp 0]

ta ai amigo os logs.

 

HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 21:18:32, on 2/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\Arquivos de programas\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Giganology\Gigaget\Gigaget.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Douglas\CONFIG~1\Temp\Rar$EX00.688\HijackThis.exe

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Gigaget] "C:\Arquivos de programas\Giganology\Gigaget\GigagetShell.exe" /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: RtlWake.lnk = ?

O8 - Extra context menu item: &Download All by Gigaget - C:\Arquivos de programas\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Arquivos de programas\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

COMBOFIX

 

 

 

 

ComboFix 07-07-30.2 - "Douglas" 2007-08-02 21:20:40.3 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))

 

 

2007-08-02 14:35 <DIR> d-------- C:\TDdownload

2007-08-02 14:11 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

2007-08-02 14:11 <DIR> d-------- C:\Arquivos de programas\Giganology

2007-08-01 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-30 21:11 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-07-30 21:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-07-30 21:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-30 17:57 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-30 17:57 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-30 17:57 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-28 17:23 <DIR> d-------- C:\Arquivos de programas\Samsung

2007-07-28 14:03 2,794 --a------ C:\WINDOWS\system32\tmp.reg

2007-07-27 19:35 <DIR> d-------- C:\Arquivos de programas\BenQ Mobile

2007-07-27 19:31 <DIR> d-------- C:\PureUSBCableDrv

2007-07-26 19:54 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-07-26 19:48 <DIR> d-------- C:\Programme

2007-07-26 19:14 <DIR> d-------- C:\Sommerspiele.2004.German_for_www.goldesel.to

2007-07-26 13:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WildTangent

2007-07-21 13:31 85,408 -ra------ C:\WINDOWS\system32\drivers\z530mgmt.sys

2007-07-21 13:31 83,344 -ra------ C:\WINDOWS\system32\drivers\z530obex.sys

2007-07-21 13:30 94,064 -ra------ C:\WINDOWS\system32\drivers\z530mdm.sys

2007-07-21 13:30 8,336 -ra------ C:\WINDOWS\system32\drivers\z530mdfl.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cmnt.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cm.sys

2007-07-21 12:01 58,288 -ra------ C:\WINDOWS\system32\drivers\z530bus.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530whnt.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530wh.sys

2007-07-21 12:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-21 11:59 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Teleca

2007-07-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-17 15:57 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-17 13:58 <DIR> d-------- C:\Games

2007-07-14 19:36 <DIR> d-------- C:\WINDOWS\United Football

2007-07-14 19:36 <DIR> d-------- C:\Arquivos de programas\United Football

2007-07-13 11:03 <DIR> d-------- C:\Arquivos de programas\EA Games

2007-07-13 00:50 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Command & Conquer 3 Tiberium Wars

2007-07-13 00:47 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-07-08 17:09 <DIR> d--h----- C:\WINDOWS\PIF

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-02 13:31 --------- d-------- C:\Arquivos de programas\grand prix 4 2006

2007-07-30 13:25 --------- d-------- C:\Arquivos de programas\AlienGUIse

2007-07-27 21:07 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-27 18:32 --------- d-------- C:\Arquivos de programas\Valve

2007-07-26 19:54 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-07-25 23:46 11652 --a------ C:\WINDOWS\mozver.dat

2007-07-24 01:03 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Babylon

2007-07-16 00:09 --------- d-------- C:\Arquivos de programas\Konami

2007-07-13 11:26 1202 --a------ C:\WINDOWS\eReg.dat

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\OnGame

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\Kaneva

2007-07-11 10:05 0 --a------ C:\WINDOWS\system32\dummy.dat

2007-06-29 22:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 21:32 --------- d-------- C:\Arquivos de programas\Rockstar Games

2007-06-29 21:30 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-06-29 21:30 --------- d-------- C:\Arquivos de programas\DAEMON Tools

2007-06-29 15:35 --------- d-------- C:\Arquivos de programas\Riva

2007-06-29 12:45 --------- d-------- C:\Arquivos de programas\WinAVIVideoConverter

2007-06-16 18:46 --------- d-------- C:\Arquivos de programas\MP3 Player Utilities 4.00

2007-06-11 21:02 --------- d-------- C:\Arquivos de programas\WinISO

2007-06-10 19:49 --------- d-------- C:\Arquivos de programas\Pcsx2

2002-09-02 10:38 337408 --a------ C:\Arquivos de programas\VisualBoyAdvance versao1.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-01-28 13:16 C:\WINDOWS\mixer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]

"nwiz"="nwiz.exe" [2003-02-14 04:56 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 17:39]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Gigaget"="C:\Arquivos de programas\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-11 12:31:55]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

RtlWake.lnk - C:\Arquivos de programas\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2006-12-04 15:20:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

 

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys

R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS

R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys

S2 USB680x;Genius USB Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.SYS

S3 EagleNT;EagleNT;\??\C:\WINDOWS\System32\drivers\EagleNT.sys

S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Douglas\CONFIG~1\Temp\jnv4_mib.sys

S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-03 00:08:35 C:\WINDOWS\Tasks\startt.job - c:\start.bat

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-02 21:25:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-02 21:27:04

C:\ComboFix-quarantined-files.txt ... 2007-08-02 21:26

C:\ComboFix2.txt ... 2007-08-02 12:28

C:\ComboFix3.txt ... 2007-08-01 22:17

 

--- E O F ---

 

 

OBRIGADO.

[jgarcia 1]

Opa slyp,

 

Reinicie em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows

 

Na janela à direita selecione appinit_dlls, dê um clique-direito e escolha Modificar.

 

Em Dados do valor delete wbsys.dll, deixando o espaço em branco e clique em Ok.

 

Saia do Editor do Registro.

 

Reinicie em Modo Normal.

 

Poste um novo log do ComboFix.

 

Abraços.

[slyp 0]

ai esta amigo!

 

 

ComboFix 07-07-30.2 - "Douglas" 2007-08-06 14:42:55.5 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

 

 

2007-08-04 21:25 <DIR> d-------- C:\jogos de 64

2007-08-03 11:33 <DIR> d-------- C:\Arquivos de programas\LevelUpGames

2007-08-02 14:35 <DIR> d-------- C:\TDdownload

2007-08-02 14:11 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

2007-08-02 14:11 <DIR> d-------- C:\Arquivos de programas\Giganology

2007-08-01 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-30 21:11 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-07-30 21:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-07-30 21:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-30 17:58 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-30 17:57 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-30 17:57 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-30 17:57 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-30 17:57 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-30 17:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-28 17:23 <DIR> d-------- C:\Arquivos de programas\Samsung

2007-07-28 14:03 2,794 --a------ C:\WINDOWS\system32\tmp.reg

2007-07-27 19:35 <DIR> d-------- C:\Arquivos de programas\BenQ Mobile

2007-07-27 19:31 <DIR> d-------- C:\PureUSBCableDrv

2007-07-26 19:54 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-07-26 19:48 <DIR> d-------- C:\Programme

2007-07-26 19:14 <DIR> d-------- C:\Sommerspiele.2004.German_for_www.goldesel.to

2007-07-26 13:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WildTangent

2007-07-21 13:31 85,408 -ra------ C:\WINDOWS\system32\drivers\z530mgmt.sys

2007-07-21 13:31 83,344 -ra------ C:\WINDOWS\system32\drivers\z530obex.sys

2007-07-21 13:30 94,064 -ra------ C:\WINDOWS\system32\drivers\z530mdm.sys

2007-07-21 13:30 8,336 -ra------ C:\WINDOWS\system32\drivers\z530mdfl.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cmnt.sys

2007-07-21 13:30 6,176 -ra------ C:\WINDOWS\system32\drivers\z530cm.sys

2007-07-21 12:01 58,288 -ra------ C:\WINDOWS\system32\drivers\z530bus.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530whnt.sys

2007-07-21 12:01 5,808 -ra------ C:\WINDOWS\system32\drivers\z530wh.sys

2007-07-21 12:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-21 11:59 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Teleca

2007-07-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-07-21 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-17 15:57 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-14 19:36 <DIR> d-------- C:\WINDOWS\United Football

2007-07-14 19:36 <DIR> d-------- C:\Arquivos de programas\United Football

2007-07-13 11:03 <DIR> d-------- C:\Arquivos de programas\EA Games

2007-07-13 00:50 <DIR> d-------- C:\DOCUME~1\Douglas\DADOSD~1\Command & Conquer 3 Tiberium Wars

2007-07-13 00:47 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-07-08 17:09 <DIR> d--h----- C:\WINDOWS\PIF

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-06 13:17 --------- d-------- C:\Arquivos de programas\grand prix 4 2006

2007-08-05 17:56 --------- d-------- C:\Arquivos de programas\AlienGUIse

2007-08-03 12:04 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-03 12:04 --------- d-------- C:\Arquivos de programas\OnGame

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-27 18:32 --------- d-------- C:\Arquivos de programas\Valve

2007-07-26 19:54 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-07-25 23:46 11652 --a------ C:\WINDOWS\mozver.dat

2007-07-24 01:03 --------- d-------- C:\DOCUME~1\Douglas\DADOSD~1\Babylon

2007-07-16 00:09 --------- d-------- C:\Arquivos de programas\Konami

2007-07-13 11:26 1202 --a------ C:\WINDOWS\eReg.dat

2007-07-12 22:04 --------- d-------- C:\Arquivos de programas\Kaneva

2007-07-11 10:05 0 --a------ C:\WINDOWS\system32\dummy.dat

2007-06-29 22:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 21:32 --------- d-------- C:\Arquivos de programas\Rockstar Games

2007-06-29 21:30 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-06-29 21:30 --------- d-------- C:\Arquivos de programas\DAEMON Tools

2007-06-29 15:35 --------- d-------- C:\Arquivos de programas\Riva

2007-06-29 12:45 --------- d-------- C:\Arquivos de programas\WinAVIVideoConverter

2007-06-16 18:46 --------- d-------- C:\Arquivos de programas\MP3 Player Utilities 4.00

2007-06-11 21:02 --------- d-------- C:\Arquivos de programas\WinISO

2007-06-10 19:49 --------- d-------- C:\Arquivos de programas\Pcsx2

2002-09-02 10:38 337408 --a------ C:\Arquivos de programas\VisualBoyAdvance versao1.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-01-28 13:16 C:\WINDOWS\mixer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]

"nwiz"="nwiz.exe" [2003-02-14 04:56 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 17:39]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Gigaget"="C:\Arquivos de programas\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-11 12:31:55]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

RtlWake.lnk - C:\Arquivos de programas\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2006-12-04 15:20:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys

R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS

R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys

S2 USB680x;Genius USB Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.SYS

S3 EagleNT;EagleNT;\??\C:\WINDOWS\System32\drivers\EagleNT.sys

S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Douglas\CONFIG~1\Temp\jnv4_mib.sys

S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-06 17:25:21 C:\WINDOWS\Tasks\startt.job - c:\start.bat

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-06 14:47:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-06 14:48:43

C:\ComboFix-quarantined-files.txt ... 2007-08-06 14:48

C:\ComboFix2.txt ... 2007-08-06 14:34

 

--- E O F ---

[jgarcia 1]

Opa slyp,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.