[Arquivado]C:\WINDOWS\system32\7628y8S6.exe

Hiro · Agosto 23, 2007

Por favor, me ajudem, meu norton ta acusando os trojans C:\WINDOWS\WebAssist.dll e C:\WINDOWS\system32\7628y8S6.exe sendo que este último pipoaca no nortn direto e essa porcaria não consegue reparar nenhum deles. Aí vai meu log:Logfile of HijackThis v1.99.1Scan saved at 01:38:51, on 23/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Norton AntiVirus\navapsvc.exeC:\Arquivos de programas\Norton AntiVirus\SAVScan.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\PV92Tray.exeC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exeC:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exeC:\Arquivos de programas\Discador iBest\discador.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\winmds.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\winmds.exeC:\Documents and Settings\Mauro\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\UltraDiscador iBest\bho.dll (file missing)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\UltraDiscador iBest\ibestbar.dll (file missing)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [ultraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{2115EC7C-1724-4DCA-81F5-3E230FE694D7}: NameServer = 200.222.0.34 200.202.193.75O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exeO23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

DigRam · Agosto 23, 2007

Boa Tarde Hiro!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Hiro · Agosto 26, 2007

ComboFix 07-08-25.2 - "Mauro" 2007-08-26 20:25:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.77 [GMT -3:00]

* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

2007-08-26 20:24 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-25 02:59 356,159 -ra------ C:\WINDOWS\system32\drivers\ptserial.sys

2007-08-25 02:59 323,584 --a------ C:\WINDOWS\system32\PV92Tray.exe

2007-08-25 02:59 125,440 -ra------ C:\WINDOWS\system32\runpct.exe

2007-08-25 02:59 1,536 --a------ C:\WINDOWS\system32\TrueSoft.dat

2007-08-25 02:54 <DIR> d-------- C:\WINDOWS\PCTEL

2007-08-25 02:35 532,480 --a------ C:\WINDOWS\system32\DeleteFiles.exe

2007-08-25 02:35 387,584 --a------ C:\WINDOWS\system32\LostRun.exe

2007-08-25 02:35 382,464 --a------ C:\WINDOWS\system32\Restart.exe

2007-08-25 02:35 374,784 --a------ C:\WINDOWS\system32\RunAP.exe

2007-08-25 02:35 351,232 --a------ C:\WINDOWS\system32\CheckPath.exe

2007-08-25 02:35 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-08-25 02:34 327,168 --a------ C:\WINDOWS\IsUn0816.exe

2007-08-24 15:45 <DIR> d-------- C:\Arquivos de programas\Oi Internet

2007-08-23 02:06 <DIR> d-------- C:\VundoFix Backups

2007-08-22 19:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-22 00:54 <DIR> d-------- C:\Arquivos de programas\Enem2007

2007-08-22 00:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-08-21 20:24 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2007-08-21 17:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2007-08-21 17:54 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-08-21 17:54 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-08-21 17:54 <DIR> d-------- C:\DOCUME~1\Mauro\DADOSD~1\Symantec

2007-08-21 17:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-08-21 17:54 <DIR> d-------- C:\Arquivos de programas\Symantec

2007-08-21 17:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-08-20 00:32 11,342 --a------ C:\WINDOWS\system32\winmds.exe

2007-08-18 17:07 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-08-18 15:18 <DIR> d-------- C:\Arquivos de programas\eMule

2007-08-18 14:28 <DIR> d-------- C:\MUSICAS And STUFFS

2007-08-16 07:39 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-16 07:39 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-08-16 01:10 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-15 20:39 <DIR> d---s---- C:\DOCUME~1\Mauro\UserData

2007-08-14 14:43 <DIR> d-------- C:\DOCUME~1\Mauro\DADOSD~1\Ahead

2007-08-14 14:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

2007-08-14 14:38 <DIR> d-------- C:\Arquivos de programas\Nero

2007-08-14 14:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-08-14 14:36 <DIR> d-------- C:\WINDOWS\RegisteredPackages

2007-08-14 14:24 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-08-14 13:07 <DIR> d-------- C:\Arquivos de programas\Avanquest update

2007-08-14 13:06 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-08-14 13:05 24,192 --a------ C:\DOCUME~1\Mauro\usbsermptxp.sys

2007-08-14 13:05 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-08-14 13:05 22,768 --a------ C:\DOCUME~1\Mauro\usbsermpt.sys

2007-08-14 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-08-14 13:05 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools

2007-08-14 13:00 <DIR> d-------- C:\DOCUME~1\Mauro\DADOSD~1\Apple Computer

2007-08-14 12:59 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-14 12:59 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-08-14 12:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-08-14 12:58 <DIR> d-------- C:\Arquivos de programas\iTunes

2007-08-14 12:58 <DIR> d-------- C:\Arquivos de programas\iPod

2007-08-14 12:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-14 12:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-08-14 01:27 <DIR> d-------- C:\DOCUME~1\Mauro\DADOSD~1\uTorrent

2007-08-14 01:27 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-08-14 01:25 <DIR> d-------- C:\Downloads

2007-08-14 01:20 <DIR> d-------- C:\WINDOWS\system32\ajuda

2007-08-14 01:18 <DIR> d-------- C:\Arquivos de programas\FlashGet

2007-08-14 01:17 <DIR> d-------- C:\Arquivos de programas\Discador iBest

2007-08-14 01:12 <DIR> d--hs---- C:\RECYCLER

2007-08-13 23:59 <DIR> d-------- C:\Arquivos de programas\Click21

2007-08-13 23:54 175,104 --a------ C:\WINDOWS\system32\csamsp.dll

2007-08-13 23:54 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2007-08-13 23:53 801,778 -ra------ C:\WINDOWS\system32\drivers\vpctcom.sys

2007-08-13 23:53 703,673 -ra------ C:\WINDOWS\system32\drivers\vmodem.sys

2007-08-13 23:53 70,320 -ra------ C:\WINDOWS\system32\drivers\vvoice.sys

2007-08-13 23:53 50,040 --------- C:\WINDOWS\system32\ptPTT.dat

2007-08-13 23:53 308 --a------ C:\WINDOWS\system32\pthsp.dat

2007-08-13 23:53 180,224 -ra------ C:\WINDOWS\system32\pctspk.exe

2007-08-13 23:53 155,648 -ra------ C:\WINDOWS\system32\ptsetup.dll

2007-08-13 23:53 131,072 -ra------ C:\WINDOWS\system32\ptuninst.exe

2007-08-13 23:50 2,097,152 --ah----- C:\DOCUME~1\Mauro\NTUSER.DAT

2007-08-13 23:50 <DIR> dr-h----- C:\DOCUME~1\Mauro\Dados de aplicativos

2007-08-13 23:50 <DIR> dr------- C:\DOCUME~1\Mauro\Meus documentos

2007-08-13 23:50 <DIR> dr------- C:\DOCUME~1\Mauro\Menu Iniciar

2007-08-13 23:50 <DIR> dr------- C:\DOCUME~1\Mauro\Favoritos

2007-08-13 23:50 <DIR> d--h----- C:\DOCUME~1\Mauro\Modelos

2007-08-13 23:50 <DIR> d--h----- C:\DOCUME~1\Mauro\Configura‡äes locais

2007-08-13 23:50 <DIR> d--h----- C:\DOCUME~1\Mauro\Ambiente de rede

2007-08-13 23:50 <DIR> d--h----- C:\DOCUME~1\Mauro\Ambiente de impressÆo

2007-08-13 23:48 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT

2007-08-13 23:48 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT

2007-08-13 23:48 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configura‡äes locais

2007-08-13 23:48 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configura‡äes locais

2007-08-13 23:48 <DIR> d-------- C:\WINDOWS\SoftwareDistribution

2007-08-13 23:48 <DIR> d-------- C:\WINDOWS\Prefetch

2007-08-13 23:48 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos

2007-08-13 23:48 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos

2007-08-13 23:44 10,240 --a------ C:\WINDOWS\system32\change.exe

2007-08-13 23:42 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT

2007-08-13 23:42 0 -rahs---- C:\MSDOS.SYS

2007-08-13 23:42 0 -rahs---- C:\IO.SYS

2007-08-13 23:42 0 --a------ C:\CONFIG.SYS

2007-08-13 23:42 0 --a------ C:\AUTOEXEC.BAT

2007-08-13 23:42 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-08-13 23:42 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-13 23:41 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

2007-08-13 23:40 <DIR> dr------- C:\WINDOWS\Offline Web Pages

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-22 00:42 1386496 --a------ C:\WINDOWS\system32\msvbvm60.dll

2007-08-14 23:54 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin

2007-08-14 23:52 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-08-14 12:59]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2003-08-19 16:23]

"Symantec NetDriver Monitor"="C:\ARQUIV~1\SYMNET~1\SNDMon.exe" [2007-08-21 20:24]

"PCTVOICE"="pctspk.exe" [2003-10-30 09:12 C:\WINDOWS\system32\pctspk.exe]

"PV92TRAY"="PV92Tray.exe" [2003-10-30 13:09 C:\WINDOWS\system32\PV92Tray.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UltraDiscador iBest"="C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe" []

"iBest.baloon"="C:\Arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 21:14]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

R3 SiS300i;SiS300i;C:\WINDOWS\system32\DRIVERS\sis300ip.sys

R3 SiS7018;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\ac97sis.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder

2007-08-23 03:01:04 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-24 15:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 16:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 17:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 18:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 19:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 20:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 21:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-25 04:00:00 C:\WINDOWS\Tasks\At2.job

2007-08-26 22:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-21 23:01:03 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-25 02:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-23 11:25:13 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 04:39:06 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 05:47:43 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 06:42:25 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 17:50:35 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 05:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-23 11:25:13 C:\WINDOWS\Tasks\At30.job

2007-08-23 11:25:13 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-08-23 11:25:13 C:\WINDOWS\Tasks\At32.job

2007-08-20 03:32:35 C:\WINDOWS\Tasks\At33.job

2007-08-20 03:32:35 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 03:32:35 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 03:32:35 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 17:39:14 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 21:03:05 C:\WINDOWS\Tasks\At38.job

2007-08-26 21:03:06 C:\WINDOWS\Tasks\At39.job

2007-08-25 06:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-26 21:03:06 C:\WINDOWS\Tasks\At40.job

2007-08-26 21:03:06 C:\WINDOWS\Tasks\At41.job

2007-08-26 20:00:00 C:\WINDOWS\Tasks\At42.job

2007-08-26 21:00:00 C:\WINDOWS\Tasks\At43.job

2007-08-26 22:24:54 C:\WINDOWS\Tasks\At44.job

2007-08-21 23:30:22 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 03:32:36 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 03:32:36 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 03:56:57 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:00:01 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-23 08:00:01 C:\WINDOWS\Tasks\At6.job

2007-08-23 09:00:02 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-23 10:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-20 03:21:12 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\7628y8S6.exe

2007-08-21 22:00:23 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador.job - C:\ARQUIV~1\NORTON~1\Navw32.exe

2007-08-26 23:20:39 C:\WINDOWS\Tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 20:27:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-26 20:28:56

--- E O F ---

Ai o do HJT atualizado:

Logfile of HijackThis v1.99.1

Scan saved at 20:30:39, on 26/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Discador iBest\baloon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Mauro\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\UltraDiscador iBest\bho.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\UltraDiscador iBest\ibestbar.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKCU\..\Run: [ultraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Reboot.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

Ai Dig obrigado pela ajuda e desculpe pela demora é que meu modem tava com um problema de drive!

Abraço

DigRam · Agosto 28, 2007

Bom Dia Hiro!

>@< Faça o download do Clean.zip.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( clean.cmd ),para o Desktop. ( Atalho! )

>@< Mas não rode-o ainda!

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

Files to delete:
C:\WINDOWS\system32\7628y8S6.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Aproveite êste reboot e entre em Modo de Segurança.

>@< Execute,agora,a ferramenta de limpeza profunda Clean.

>@< Dê um duplo clique em clean.cmd.

>@< Abrir-se-á um Prompt com três opções: Escolha o dois ( 2 )!

>@< Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

>@< Aperte Enter,novamente!

>@< Surgirá um relatório ( rapport_clean ),que voçê deverá copiar e postar para análise.

>@< Reinicie,normalmente,o computador!

>@< Poste,na sua resposta,um nôvo Log do HijackThis + rapport_clean + Avenger.txt