Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

deryckenes

[Arquivado]TROJAN trojan-spy.win32@mx

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

deryckenes    0

deryckenes
Postado

ESTOU COM ESSES DOIS VIRUZ networm-i.virus@fp E trojan-spy.win32@mx QUE NAO SAEM DO MEU COMPUTADOR

PRECISO DE AJUDA PARA TIRALOS NAO AGUENTO MAIS, TODA VEZ QUE ABRE MINHA AREA DE TRABALHO APARECE UM TRIANGULO COM O PONTO DE EXCLAMAÇAO (!) E A MENSAGEM DESSES 2 VIRUZ networm-i.virus@fp E trojan-spy.win32@mx. E ALEM DISSO FICA ABRINDO JANELAS DO EXPLORER SENDO QUE EU USO O MOZILA, E NESSAS PAGINAS DO EXPLORER PEDE PRA MIM BAIXAR UM ANTI VIRUZ PRA COMBATE ELES.

JA USEI O SmitfraudFix E TIREI UM BLACK DOOR MAIS AINDA CONTINUO COM ESSES 2 VIRUZ. SE ALGUEM PUDER ME AJUDAR AGRADEÇO.

 

 

O HijackThis DO MEU PC EH ESSE AI DE BAIXO

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:28:41, on 20/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

I:\AlienGUIse\wbload.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus\bm.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

I:\INCRED~1\bin\ImApp.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

I:\eMule\emule.exe

I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

H:\Arquivos de programas\MSN Messenger\msnmsgr.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe

H:\Arquivos de programas\Ahead\nero\nero.exe

H:\Arquivos de programas\Internet Explorer\iexplore.exe

H:\Documents and Settings\Usuario\Desktop\HijackThis.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

 

F3 - REG:win.ini: load=H:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - H:\WINDOWS\system32\wcujpivf.dll

O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AXIS TONS THE MP3] H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [salestart] "H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "H:\WINDOWS\system32\nsiktlpr.dll",sitypnow

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

O4 - HKCU\..\Run: [ManyCam] "H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [eMuleAutoStart] I:\eMule\emule.exe -AutoStart

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

 

 

 

 

 

QUEM PUDER ME AJUDAR EU AGRADEÇO, POIS NAO QUERO FORMATAR.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde deryckenes!

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix,não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em H:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

ESSE AI EH O DO VUNDO FIX (LOG)

 

 

 

 

 

VundoFix V6.5.10

 

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:13:56 22/10/2007

 

Listing files found while scanning....

 

H:\windows\system32\dmcwnyxh.ini

H:\windows\system32\hxynwcmd.dll

H:\WINDOWS\system32\imyxmplf.dll

H:\windows\system32\pngdhnkw.ini

H:\WINDOWS\system32\sdkhjqau.dll

H:\WINDOWS\system32\tkwuaxdl.dll

H:\WINDOWS\system32\urqnkji.dll

H:\windows\system32\wknhdgnp.dll

 

Beginning removal...

 

Attempting to delete H:\windows\system32\dmcwnyxh.ini

H:\windows\system32\dmcwnyxh.ini Has been deleted!

 

Attempting to delete H:\windows\system32\hxynwcmd.dll

H:\windows\system32\hxynwcmd.dll Has been deleted!

 

Attempting to delete H:\WINDOWS\system32\imyxmplf.dll

H:\WINDOWS\system32\imyxmplf.dll Could not be deleted.

 

Attempting to delete H:\windows\system32\pngdhnkw.ini

H:\windows\system32\pngdhnkw.ini Has been deleted!

 

Attempting to delete H:\WINDOWS\system32\sdkhjqau.dll

H:\WINDOWS\system32\sdkhjqau.dll Has been deleted!

 

Attempting to delete H:\WINDOWS\system32\tkwuaxdl.dll

H:\WINDOWS\system32\tkwuaxdl.dll Has been deleted!

 

Attempting to delete H:\windows\system32\wknhdgnp.dll

H:\windows\system32\wknhdgnp.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.10

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:19:07 22/10/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ESSE EH O DO HIJACKTHIS

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:28:56, on 22/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

I:\AlienGUIse\wbload.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

H:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus\bm.exe

H:\WINDOWS\system32\ctfmon.exe

H:\WINDOWS\System32\svchost.exe

I:\eMule\emule.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Arquivos de programas\MSN Messenger\msnmsgr.exe

H:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\WINDOWS\system32\rundll32.exe

H:\Documents and Settings\Usuario\Desktop\HijackThis.exe

 

F3 - REG:win.ini: load=H:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - H:\WINDOWS\system32\qtomiame.dll

O4 - HKLM\..\Run: [ccApp] &quot;H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe&quot;

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] &quot;H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe&quot;

O4 - HKLM\..\Run: [AXIS TONS THE MP3] H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [salestart] &quot;H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus\bm.exe&quot; dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

O4 - HKCU\..\Run: [ManyCam] &quot;H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe&quot;

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [eMuleAutoStart] I:\eMule\emule.exe -AutoStart

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O8 - Extra context menu item: E&amp;xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&amp;http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe&quot; /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe&quot; /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

 

 

 

agora ficou o networm-i.virus@fp

o trojan-spy.win32@mx saiu

 

retiro que disse os 2 viruz ainda estao no pc acho que tem um backdoor no meu pc naum eh possivel.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite deryckenes!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

ola valew mesmo as janelas sairam, e os viruz nao acho mais nenhum, mais ai , de vez em qnd minhas paginas da internet, começam a ir pra cima e pra baixo, na barra de rolagem, bem rapido o movimento. toda hora q vou colokar senha em algum lugar.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde deryckenes!

 

>@< Poste o Log do ComboFix e HijackThis,como pedido no post anterior.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

LOG DO COMBOFIX

 

 

 

ComboFix 07-10-23.2 - Usuario 2007-10-27 17:40:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.478 [GMT -3:00]

Executando de: H:\Documents and Settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus

H:\Arquivos de programas\Arquivos comuns\BestsellerAntivirus\bm.exe

H:\Arquivos de programas\BestsellerAntivirus

H:\Arquivos de programas\BestsellerAntivirus\Activate.exe

H:\Arquivos de programas\BestsellerAntivirus\Config\pgs.xml

H:\Arquivos de programas\BestsellerAntivirus\Dat\Activate.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\BkSites.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\bnlink.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\incmp.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\index.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\PGUpLst.dat

H:\Arquivos de programas\BestsellerAntivirus\Dat\pv.dat

H:\Arquivos de programas\BestsellerAntivirus\Engines\AWBase\database\enemies.dat

H:\Arquivos de programas\BestsellerAntivirus\Engines\AWBase\vbpv.dat

H:\Arquivos de programas\BestsellerAntivirus\Engines\PGBase\vbpv.dat

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\BORLNDMM.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANADWR.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANBCDR.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANDLDR.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANDOS1.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANEMUL.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANFUNC.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANMCR1.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANOTHR.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANSCR.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANTOOL.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANTROJ.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\SCANWIN1.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNACPU.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNADBX.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\unamscan.dll

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNMIME.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNPACK.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNPACKS.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNPACKS2.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UNPEPACK.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UpDate\UA27601.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UpDate\UA27602.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UpDate\UA27603.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UpDate\UA27604.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\UpDate\UADAILY.DLL

H:\Arquivos de programas\BestsellerAntivirus\Engines\plugins\vbpv.dat

H:\Arquivos de programas\BestsellerAntivirus\FMTR.sys

H:\Arquivos de programas\BestsellerAntivirus\fopnl.dll

H:\Arquivos de programas\BestsellerAntivirus\FWSettings.bin

H:\Arquivos de programas\BestsellerAntivirus\Graphics\cross.gif

H:\Arquivos de programas\BestsellerAntivirus\Graphics\ga6p.gif

H:\Arquivos de programas\BestsellerAntivirus\Graphics\kb.url

H:\Arquivos de programas\BestsellerAntivirus\Graphics\main.ico

H:\Arquivos de programas\BestsellerAntivirus\Graphics\mini.ico

H:\Arquivos de programas\BestsellerAntivirus\Graphics\Online.url

H:\Arquivos de programas\BestsellerAntivirus\Graphics\rm.url

H:\Arquivos de programas\BestsellerAntivirus\Graphics\support.ico

H:\Arquivos de programas\BestsellerAntivirus\Graphics\Support.url

H:\Arquivos de programas\BestsellerAntivirus\Graphics\uninstall.ico

H:\Arquivos de programas\BestsellerAntivirus\history.db

H:\Arquivos de programas\BestsellerAntivirus\LA\lapv.dat

H:\Arquivos de programas\BestsellerAntivirus\LA\License.rtf

H:\Arquivos de programas\BestsellerAntivirus\ResErrors.log

H:\Arquivos de programas\BestsellerAntivirus\Restart.exe

H:\Arquivos de programas\BestsellerAntivirus\rpt.dll

H:\Arquivos de programas\BestsellerAntivirus\RTasks.exe

H:\Arquivos de programas\BestsellerAntivirus\scnkrnl.dll

H:\Arquivos de programas\BestsellerAntivirus\settings.ini

H:\Arquivos de programas\BestsellerAntivirus\sqlite3.dll

H:\Arquivos de programas\BestsellerAntivirus\sr.log

H:\Arquivos de programas\BestsellerAntivirus\Tools\IEFWBHO.dll

H:\Arquivos de programas\BestsellerAntivirus\Tools\pg.dll

H:\Arquivos de programas\BestsellerAntivirus\unins000.dat

H:\Arquivos de programas\BestsellerAntivirus\unins000.exe

H:\Arquivos de programas\BestsellerAntivirus\Up\ASupdater.dat

H:\Arquivos de programas\BestsellerAntivirus\Up\gup.exe

H:\Arquivos de programas\BestsellerAntivirus\Up\PGupdater.dat

H:\Arquivos de programas\BestsellerAntivirus\Up\UBupdater.dat

H:\Arquivos de programas\BestsellerAntivirus\Up\up.dat

H:\Arquivos de programas\BestsellerAntivirus\Up\updater.dat

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus\avtasks.dat

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus\Logs\av.log

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus\Logs\ga6Support.log

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus\Logs\update.log

H:\Documents and Settings\Usuario\Dados de aplicativos\BestsellerAntivirus\PGE.dat

H:\Documents and Settings\Usuario\Desktop\Live Safety Center.lnk

H:\Documents and Settings\Usuario\Desktop\Online Security Guide.lnk

H:\Documents and Settings\Usuario\Favoritos\Online Security Guide.lnk

H:\Documents and Settings\Usuario\ResErrors.log

H:\UGA6P

H:\UGA6P\

H:\WINDOWS\cookies.ini

H:\WINDOWS\system32\awsuapml.dllbox

H:\WINDOWS\system32\awvvt.dll

H:\WINDOWS\system32\bgaxsktm.dllbox

H:\WINDOWS\system32\cgtadpqt.dllbox

H:\WINDOWS\system32\cvskgfyz.dllbox

H:\WINDOWS\system32\dltdokds.dllbox

H:\WINDOWS\system32\drivers\fmtr.sys

H:\WINDOWS\system32\dzmfktgj.dllbox

H:\WINDOWS\system32\ekhdhmoj.dll

H:\WINDOWS\system32\ezsoxlum.dllbox

H:\WINDOWS\system32\flpmxymi.ini

H:\WINDOWS\system32\fvtcnhvc.dllbox

H:\WINDOWS\system32\gismgwpg.ini

H:\WINDOWS\system32\gngaqosg.ini

H:\WINDOWS\system32\gpwgmsig.dll

H:\WINDOWS\system32\gsoqagng.dll

H:\WINDOWS\system32\hscbrbvc.dllbox

H:\WINDOWS\system32\hxrmoeqg.dllbox

H:\WINDOWS\system32\ieqkjpaz.dllbox

H:\WINDOWS\system32\imyxmplf.dll

H:\WINDOWS\system32\ioftfjbl.dllbox

H:\WINDOWS\system32\iwqzbgzi.dllbox

H:\WINDOWS\system32\iyukncdc.dll

H:\WINDOWS\system32\japgnavg.dllbox

H:\WINDOWS\system32\jgyqikhd.dllbox

H:\WINDOWS\system32\jomhdhke.ini

H:\WINDOWS\system32\khunyude.dllbox

H:\WINDOWS\system32\kmbixjhj.dllbox

H:\WINDOWS\system32\kpecffjc.dllbox

H:\WINDOWS\system32\kztxnbbk.dllbox

H:\WINDOWS\system32\lmnfxyxt.dllbox

H:\WINDOWS\system32\msozadxk.dllbox

H:\WINDOWS\system32\ncrfitvc.dllbox

H:\WINDOWS\system32\nnyrenyb.dllbox

H:\WINDOWS\system32\ntrlytou.dll

H:\WINDOWS\system32\ortwhign.dllbox

H:\WINDOWS\system32\ptrtcsnz.dllbox

H:\WINDOWS\system32\pucrlvuv.dll

H:\WINDOWS\system32\qfjzhwho.dllbox

H:\WINDOWS\system32\qtndmzvn.dllbox

H:\WINDOWS\system32\qtomiame.dllbox

H:\WINDOWS\system32\satnmbha.dllbox

H:\WINDOWS\system32\scjzlkrh.dllbox

H:\WINDOWS\system32\scsjvwoq.dllbox

H:\WINDOWS\system32\sdkhjqau.dllbox

H:\WINDOWS\system32\tvvwa.bak1

H:\WINDOWS\system32\tvvwa.bak2

H:\WINDOWS\system32\tvvwa.ini

H:\WINDOWS\system32\tvvwa.ini2

H:\WINDOWS\system32\tvvwa.tmp

H:\WINDOWS\system32\uazjkcim.dllbox

H:\WINDOWS\system32\unscjoep.dllbox

H:\WINDOWS\system32\uotylrtn.ini

H:\WINDOWS\system32\utdqaayb.dllbox

H:\WINDOWS\system32\uvohaqmb.dllbox

H:\WINDOWS\system32\viokqmpu.dllbox

H:\WINDOWS\system32\vnadrpin.dllbox

H:\WINDOWS\system32\vprrxypj.dllbox

H:\WINDOWS\system32\vuvlrcup.ini

H:\WINDOWS\system32\wcujpivf.dllbox

H:\WINDOWS\system32\xfnrbibd.dllbox

H:\WINDOWS\system32\xjzqhphk.dllbox

H:\WINDOWS\system32\yedqwkhx.dllbox

H:\WINDOWS\system32\ynnbcaqi.dllbox

H:\WINDOWS\system32\zkishpni.dllbox

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_FMTR

-------\fmtr

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))))

.

 

2007-10-27 17:38 51,200 --a------ H:\WINDOWS\NirCmd.exe

2007-10-27 16:57 86,592 --a------ H:\WINDOWS\system32\djvnkynr.dll

2007-10-27 00:49 388,674 --a------ H:\WINDOWS\system32\chlctjwq.exe

2007-10-26 22:57 &lt;DIR&gt; d-------- H:\Documents and Settings\Usuario\Dados de aplicativos\Motive

2007-10-26 22:56 &lt;DIR&gt; d-------- H:\Arquivos de programas\Arquivos comuns\Motive

2007-10-26 22:55 &lt;DIR&gt; d-------- H:\WINDOWS\Motive

2007-10-26 22:55 &lt;DIR&gt; d-------- H:\Arquivos de programas\Common Files

2007-10-26 22:54 &lt;DIR&gt; d-------- H:\Arquivos de programas\Motive

2007-10-26 22:54 &lt;DIR&gt; d-------- H:\Arquivos de programas\Assistente Tecnico Speedy

2007-10-26 22:43 &lt;DIR&gt; d-------- H:\Arquivos de programas\Telefonica

2007-10-26 22:43 45,056 --a------ H:\WINDOWS\system32\msxml4a.dll

2007-10-25 23:02 387,234 --a------ H:\WINDOWS\system32\chnahbul.exe

2007-10-25 22:44 84,544 --a------ H:\WINDOWS\system32\fcbhbgnr.dll

2007-10-25 10:09 84,544 --a------ H:\WINDOWS\system32\yrqcxapw.dll

2007-10-25 10:07 385,794 --a------ H:\WINDOWS\system32\whbxgouq.exe

2007-10-24 23:19 84,544 --a------ H:\WINDOWS\system32\rfcybouf.dll

2007-10-24 22:22 387,234 --a------ H:\WINDOWS\system32\vjpmkota.exe

2007-10-24 13:08 84,544 --a------ H:\WINDOWS\system32\tgxrlmij.dll

2007-10-23 22:39 84,544 --a------ H:\WINDOWS\system32\aebaylbb.dll

2007-10-23 21:45 84,544 --a------ H:\WINDOWS\system32\coxxegbq.dll

2007-10-22 19:13 &lt;DIR&gt; d-------- H:\VundoFix Backups

2007-10-20 02:26 2,882 --a------ H:\WINDOWS\system32\tmp.reg

2007-10-19 19:11 &lt;DIR&gt; d--h----- H:\Documents and Settings\Administrador\Modelos

2007-10-19 19:11 &lt;DIR&gt; d-------- H:\Documents and Settings\Administrador\Meus documentos

2007-10-19 19:11 &lt;DIR&gt; dr------- H:\Documents and Settings\Administrador\Menu Iniciar

2007-10-19 19:11 &lt;DIR&gt; d-------- H:\Documents and Settings\Administrador\Favoritos

2007-10-19 19:11 &lt;DIR&gt; dr-h----- H:\Documents and Settings\Administrador\Dados de aplicativos

2007-10-19 19:11 &lt;DIR&gt; d--h----- H:\Documents and Settings\Administrador\Configura‡äes locais

2007-10-19 19:11 &lt;DIR&gt; d--h----- H:\Documents and Settings\Administrador\Ambiente de rede

2007-10-19 19:11 &lt;DIR&gt; d--h----- H:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-10-19 16:14 &lt;DIR&gt; d-------- H:\Arquivos de programas\Del-Net Software

2007-10-19 09:00 89,088 --a------ H:\WINDOWS\system32\atl71.dll

2007-10-16 15:37 1,288 --a------ H:\WINDOWS\system32\nxfnyipa.exe

2007-10-10 17:04 &lt;DIR&gt; d-------- H:\WINDOWS\Downloaded Installations

2007-10-05 14:03 &lt;DIR&gt; d-------- H:\Arquivos de programas\Alwil Software

2007-10-05 14:03 801,144 --a------ H:\WINDOWS\system32\aswBoot.exe

2007-10-05 14:03 95,608 --a------ H:\WINDOWS\system32\AvastSS.scr

2007-10-05 14:03 94,416 --a------ H:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-05 14:03 92,848 --a------ H:\WINDOWS\system32\drivers\aswmon.sys

2007-10-05 14:03 42,912 --a------ H:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-05 14:03 26,624 --a------ H:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-05 14:03 23,152 --a------ H:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-04 13:00 3,082 --a------ H:\WINDOWS\system32\affv208325p1now.sys

2007-09-28 14:29 &lt;DIR&gt; d-------- H:\Arquivos de programas\Wizards

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-27 20:46 --------- d-----w H:\Arquivos de programas\Symantec AntiVirus

2007-10-24 01:13 --------- d--h--w H:\Arquivos de programas\InstallShield Installation Information

2007-10-24 01:13 --------- d-----w H:\Arquivos de programas\Arquivos comuns\Macromedia

2007-10-24 01:10 --------- d-----w H:\Arquivos de programas\Arquivos comuns\InstallShield

2007-10-18 02:53 --------- d-----w H:\Arquivos de programas\ManyCam 2.1

2007-10-11 21:07 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\Skype

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\Windows Media Connect 2

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\Web

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\QuickTime Alternative

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\NimoCodec Pack

2007-10-10 03:00 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\DivX

2007-10-05 17:15 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\Glue Body

2007-09-26 20:34 --------- d-----w H:\Arquivos de programas\Arquivos comuns\Opus Shared

2007-09-11 00:49 --------- d-----w H:\Arquivos de programas\Google

2007-09-02 19:39 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\Talkback

2007-09-02 19:37 --------- d-----w H:\Arquivos de programas\ActionXP V5.6

2007-09-02 19:36 --------- d-----w H:\Arquivos de programas\Mozilla Sunbird

2007-08-30 20:43 --------- d-----w H:\Arquivos de programas\Microsoft Games

2007-08-21 06:17 683,520 ----a-w H:\WINDOWS\system32\inetcomm.dll

2007-08-02 21:54 172,544 ----a-w H:\WINDOWS\system32\cncs32.dll

2007-07-30 22:19 92,504 ----a-w H:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w H:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w H:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w H:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w H:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w H:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w H:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w H:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w H:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w H:\WINDOWS\system32\wups.dll

2007-05-18 15:33 66,515 ----a-w H:\Arquivos de programas\Uninst.isu

2007-05-17 00:48 12,934,148 ----a-w H:\Arquivos de programas\quicktimealt181.exe

2002-10-28 15:27 2,051 ----a-w H:\Arquivos de programas\README.TXT

2002-10-21 19:01 3,615,856 ----a-w H:\Arquivos de programas\Creds.WAV

1999-04-07 21:01 9,532 ----a-w H:\Arquivos de programas\EngRead.txt

1999-04-07 21:01 11,248 ----a-w H:\Arquivos de programas\SpaRead.txt

1999-04-07 21:01 11,194 ----a-w H:\Arquivos de programas\GerRead.txt

1999-04-07 21:01 10,936 ----a-w H:\Arquivos de programas\FreRead.txt

1999-04-07 21:01 10,901 ----a-w H:\Arquivos de programas\ItaRead.txt

1999-04-07 21:01 10,804 ----a-w H:\Arquivos de programas\DutRead.txt

1999-04-07 21:01 10,541 ----a-w H:\Arquivos de programas\PorRead.txt

1999-03-03 09:20 1,463,636 ----a-w H:\Arquivos de programas\oAmb.WAV

1999-02-04 08:38 6,208,292 ----a-w H:\Arquivos de programas\THEME.WAV

1998-12-15 09:29 46,456,172 ----a-w H:\Arquivos de programas\mar.wav

1998-12-15 09:08 56,603,772 ----a-w H:\Arquivos de programas\ice.wav

1998-12-15 08:49 61,657,420 ----a-w H:\Arquivos de programas\des.wav

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias &amp; legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

&quot;ccApp&quot;=&quot;H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe&quot; [2004-06-09 20:31]

&quot;vptray&quot;=&quot;H:\ARQUIV~1\SYMANT~1\VPTray.exe&quot; [2004-08-02 19:36]

&quot;TotalRecorderScheduler&quot;=&quot;I:\Total Recorder\TotRecSched.exe&quot; [2002-07-13 11:00]

&quot;VX1000&quot;=&quot;H:\WINDOWS\vVX1000.exe&quot; [2006-10-13 17:04]

&quot;WinampAgent&quot;=&quot;H:\Arquivos de programas\Winamp\winampa.exe&quot; [2007-05-14 19:22]

&quot;Adobe Reader Speed Launcher&quot;=&quot;H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe&quot; [2007-05-11 03:06]

&quot;AXIS TONS THE MP3&quot;=&quot;H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe&quot; []

&quot;avast!&quot;=&quot;H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe&quot; [2007-09-06 07:06]

&quot;Cobian Backup 8 interface&quot;=&quot;I:\cbInterface.exe&quot; []

&quot;Motive SmartBridge&quot;=&quot;H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe&quot; [2005-04-15 15:46]

&quot;000000af&quot;=&quot;H:\WINDOWS\system32\djvnkynr.dll&quot; [2007-10-27 16:57]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

&quot;ctfmon.exe&quot;=&quot;H:\WINDOWS\system32\ctfmon.exe&quot; [2004-08-03 23:45]

&quot;fivebuild&quot;=&quot;H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe&quot; []

&quot;ManyCam&quot;=&quot;H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe&quot; [2007-04-24 04:08]

&quot;IncrediMail&quot;=&quot;I:\IncrediMail\bin\IncMail.exe&quot; [2007-08-21 11:44]

&quot;TrayHabil&quot;=&quot;I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe&quot; []

&quot;eMuleAutoStart&quot;=&quot;I:\eMule\emule.exe&quot; [2007-05-13 11:57]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

&quot;{E37CB5F0-51F5-4395-A808-5FA49E399007}&quot;= H:\WINDOWS\Downloaded Program Files\gbiehabn.dll [2007-01-10 14:08 222392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnkji]

urqnkji.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

I:\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 I:\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xjzqhphk]

xjzqhphk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

&quot;appinit_dlls&quot;=wbsys.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

&quot;Authentication Packages&quot;= msv1_0 H:\WINDOWS\system32\awvvt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=H:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=H:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=H:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

H:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

H:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

H:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

H:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

H:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

H:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

 

R1 oreans32;oreans32;\??\H:\WINDOWS\system32\drivers\oreans32.sys

R2 ppsio2;PPDevice;H:\WINDOWS\system32\drivers\ppsio2.sys

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;H:\WINDOWS\system32\DRIVERS\ManyCam.sys

R3 VX1000;VX-1000;H:\WINDOWS\system32\DRIVERS\VX1000.sys

S2 GbpSv;Gbp Service;H:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 MSCamSvc;MSCamSvc;&quot;H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe&quot;

S3 ASPI;Advanced SCSI Programming Interface Driver;\??\H:\WINDOWS\System32\DRIVERS\ASPI32.sys

S3 RTL8169;Realtek 8169 NT Driver;H:\WINDOWS\system32\DRIVERS\Rtlh86.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

&quot;2007-10-27 20:00:00 H:\WINDOWS\Tasks\AC85223B9196A1A3.job&quot;

- h:\docume~1\usuario\dadosd~1\gluebo~1\DartTrustFilm.exe

.

**************************************************************************

 

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-27 17:46:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-27 17:48:10 - machine was rebooted

.

--- E O F ---

 

 

LOG DO HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 18:06:28, on 27/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

I:\AlienGUIse\wbload.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

H:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

I:\INCRED~1\bin\ImApp.exe

I:\eMule\emule.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Documents and Settings\Usuario\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - H:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [ccApp] &quot;H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe&quot;

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] &quot;H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe&quot;

O4 - HKLM\..\Run: [AXIS TONS THE MP3] H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cobian Backup 8 interface] I:\cbInterface.exe -service

O4 - HKLM\..\Run: [Motive SmartBridge] &quot;H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe&quot; /restart

O4 - HKLM\..\Run: [000000af] rundll32.exe &quot;H:\WINDOWS\system32\djvnkynr.dll&quot;,b

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

O4 - HKCU\..\Run: [ManyCam] &quot;H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe&quot;

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [eMuleAutoStart] I:\eMule\emule.exe -AutoStart

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = H:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&amp;xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&amp;http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF803FD2-0C5E-416E-838C-099E79DEE1AE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: urqnkji - urqnkji.dll (file missing)

O20 - Winlogon Notify: WB - I:\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: xjzqhphk - xjzqhphk.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe&quot; /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe&quot; /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Cobian Backup 8 serviço (CobBMService) - Unknown owner - I:\cbService.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

Esses log que eu coloko aki, como você analisa elis

e ai o q devo fazer agora q postei os logs

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite deryckenes!

 

>@< Reinicie o computador,em Modo de Segurança!

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked!

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AXIS TONS THE MP3] H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\djvnkynr.dll",b

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

O20 - Winlogon Notify: urqnkji - urqnkji.dll (file missing)

O20 - Winlogon Notify: xjzqhphk - xjzqhphk.dll (file missing)

>@< Reinicie,em Modo Normal!

__________________

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

H:\WINDOWS\system32\djvnkynr.dll

H:\WINDOWS\system32\chlctjwq.exe

H:\WINDOWS\system32\chnahbul.exe

H:\WINDOWS\system32\fcbhbgnr.dll

H:\WINDOWS\system32\yrqcxapw.dll

H:\WINDOWS\system32\whbxgouq.exe

H:\WINDOWS\system32\rfcybouf.dll

H:\WINDOWS\system32\vjpmkota.exe

H:\WINDOWS\system32\tgxrlmij.dll

H:\WINDOWS\system32\aebaylbb.dll

H:\WINDOWS\system32\coxxegbq.dll

H:\WINDOWS\system32\nxfnyipa.exe

H:\WINDOWS\system32\affv208325p1now.sys

 

Folder::

H:\VundoFix Backups

H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons

H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

LOG DO COMBOFIX

 

 

 

ComboFix 07-10-23.2 - Usuario 2007-10-28 0:25:31.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.540 [GMT -3:00]

Executando de: H:\Documents and Settings\Usuario\Desktop\ComboFix.exe

Command switches used :: H:\Documents and Settings\Usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE::

H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\amok remote.exe

H:\WINDOWS\system32\aebaylbb.dll

H:\WINDOWS\system32\affv208325p1now.sys

H:\WINDOWS\system32\chlctjwq.exe

H:\WINDOWS\system32\chnahbul.exe

H:\WINDOWS\system32\coxxegbq.dll

H:\WINDOWS\system32\djvnkynr.dll

H:\WINDOWS\system32\fcbhbgnr.dll

H:\WINDOWS\system32\nxfnyipa.exe

H:\WINDOWS\system32\rfcybouf.dll

H:\WINDOWS\system32\tgxrlmij.dll

H:\WINDOWS\system32\vjpmkota.exe

H:\WINDOWS\system32\whbxgouq.exe

H:\WINDOWS\system32\yrqcxapw.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1

H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\0

H:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons

H:\VundoFix Backups

H:\VundoFix Backups\addmorefiles.txt

H:\VundoFix Backups\dgabddto.dll.bad

H:\VundoFix Backups\dmcwnyxh.ini.bad

H:\VundoFix Backups\hxynwcmd.dll.bad

H:\VundoFix Backups\imyxmplf.dll.bad

H:\VundoFix Backups\jybhwnbi.dll.bad

H:\VundoFix Backups\lmscjdrq.ini.bad

H:\VundoFix Backups\pmxiphor.dll.bad

H:\VundoFix Backups\pngdhnkw.ini.bad

H:\VundoFix Backups\qrdjcsml.dll.bad

H:\VundoFix Backups\rqlcaxbb.dll.bad

H:\VundoFix Backups\tkwuaxdl.dll.bad

H:\VundoFix Backups\wknhdgnp.dll.bad

H:\VundoFix Backups\yaqdmrjp.dll.bad

H:\WINDOWS\system32\aebaylbb.dll

H:\WINDOWS\system32\affv208325p1now.sys

H:\WINDOWS\system32\chlctjwq.exe

H:\WINDOWS\system32\chnahbul.exe

H:\WINDOWS\system32\coxxegbq.dll

H:\WINDOWS\system32\djvnkynr.dll

H:\WINDOWS\system32\fcbhbgnr.dll

H:\WINDOWS\system32\nxfnyipa.exe

H:\WINDOWS\system32\rfcybouf.dll

H:\WINDOWS\system32\tgxrlmij.dll

H:\WINDOWS\system32\vjpmkota.exe

H:\WINDOWS\system32\whbxgouq.exe

H:\WINDOWS\system32\yrqcxapw.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))))

.

 

2007-10-27 17:38 51,200 --a------ H:\WINDOWS\NirCmd.exe

2007-10-26 22:57 <DIR> d-------- H:\Documents and Settings\Usuario\Dados de aplicativos\Motive

2007-10-26 22:56 <DIR> d-------- H:\Arquivos de programas\Arquivos comuns\Motive

2007-10-26 22:55 <DIR> d-------- H:\WINDOWS\Motive

2007-10-26 22:55 <DIR> d-------- H:\Arquivos de programas\Common Files

2007-10-26 22:54 <DIR> d-------- H:\Arquivos de programas\Motive

2007-10-26 22:54 <DIR> d-------- H:\Arquivos de programas\Assistente Tecnico Speedy

2007-10-26 22:43 <DIR> d-------- H:\Arquivos de programas\Telefonica

2007-10-26 22:43 45,056 --a------ H:\WINDOWS\system32\msxml4a.dll

2007-10-20 02:26 2,882 --a------ H:\WINDOWS\system32\tmp.reg

2007-10-19 19:11 <DIR> d--h----- H:\Documents and Settings\Administrador\Modelos

2007-10-19 19:11 <DIR> d-------- H:\Documents and Settings\Administrador\Meus documentos

2007-10-19 19:11 <DIR> dr------- H:\Documents and Settings\Administrador\Menu Iniciar

2007-10-19 19:11 <DIR> d-------- H:\Documents and Settings\Administrador\Favoritos

2007-10-19 19:11 <DIR> dr-h----- H:\Documents and Settings\Administrador\Dados de aplicativos

2007-10-19 19:11 <DIR> d--h----- H:\Documents and Settings\Administrador\Configura‡äes locais

2007-10-19 19:11 <DIR> d--h----- H:\Documents and Settings\Administrador\Ambiente de rede

2007-10-19 19:11 <DIR> d--h----- H:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-10-19 16:14 <DIR> d-------- H:\Arquivos de programas\Del-Net Software

2007-10-19 09:00 89,088 --a------ H:\WINDOWS\system32\atl71.dll

2007-10-10 17:04 <DIR> d-------- H:\WINDOWS\Downloaded Installations

2007-10-05 14:03 <DIR> d-------- H:\Arquivos de programas\Alwil Software

2007-10-05 14:03 801,144 --a------ H:\WINDOWS\system32\aswBoot.exe

2007-10-05 14:03 95,608 --a------ H:\WINDOWS\system32\AvastSS.scr

2007-10-05 14:03 94,416 --a------ H:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-05 14:03 92,848 --a------ H:\WINDOWS\system32\drivers\aswmon.sys

2007-10-05 14:03 42,912 --a------ H:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-05 14:03 26,624 --a------ H:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-05 14:03 23,152 --a------ H:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-28 14:29 <DIR> d-------- H:\Arquivos de programas\Wizards

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-28 03:28 --------- d-----w H:\Arquivos de programas\Symantec AntiVirus

2007-10-24 01:13 --------- d--h--w H:\Arquivos de programas\InstallShield Installation Information

2007-10-24 01:13 --------- d-----w H:\Arquivos de programas\Arquivos comuns\Macromedia

2007-10-24 01:10 --------- d-----w H:\Arquivos de programas\Arquivos comuns\InstallShield

2007-10-18 02:53 --------- d-----w H:\Arquivos de programas\ManyCam 2.1

2007-10-11 21:07 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\Skype

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\Windows Media Connect 2

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\Web

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\QuickTime Alternative

2007-10-10 03:04 --------- d-----w H:\Arquivos de programas\NimoCodec Pack

2007-10-10 03:00 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\DivX

2007-09-26 20:34 --------- d-----w H:\Arquivos de programas\Arquivos comuns\Opus Shared

2007-09-11 00:49 --------- d-----w H:\Arquivos de programas\Google

2007-09-02 19:39 --------- d-----w H:\Documents and Settings\Usuario\Dados de aplicativos\Talkback

2007-09-02 19:37 --------- d-----w H:\Arquivos de programas\ActionXP V5.6

2007-09-02 19:36 --------- d-----w H:\Arquivos de programas\Mozilla Sunbird

2007-08-30 20:43 --------- d-----w H:\Arquivos de programas\Microsoft Games

2007-05-18 15:33 66,515 ----a-w H:\Arquivos de programas\Uninst.isu

2007-05-17 00:48 12,934,148 ----a-w H:\Arquivos de programas\quicktimealt181.exe

2002-10-28 15:27 2,051 ----a-w H:\Arquivos de programas\README.TXT

2002-10-21 19:01 3,615,856 ----a-w H:\Arquivos de programas\Creds.WAV

1999-04-07 21:01 9,532 ----a-w H:\Arquivos de programas\EngRead.txt

1999-04-07 21:01 11,248 ----a-w H:\Arquivos de programas\SpaRead.txt

1999-04-07 21:01 11,194 ----a-w H:\Arquivos de programas\GerRead.txt

1999-04-07 21:01 10,936 ----a-w H:\Arquivos de programas\FreRead.txt

1999-04-07 21:01 10,901 ----a-w H:\Arquivos de programas\ItaRead.txt

1999-04-07 21:01 10,804 ----a-w H:\Arquivos de programas\DutRead.txt

1999-04-07 21:01 10,541 ----a-w H:\Arquivos de programas\PorRead.txt

1999-03-03 09:20 1,463,636 ----a-w H:\Arquivos de programas\oAmb.WAV

1999-02-04 08:38 6,208,292 ----a-w H:\Arquivos de programas\THEME.WAV

1998-12-15 09:29 46,456,172 ----a-w H:\Arquivos de programas\mar.wav

1998-12-15 09:08 56,603,772 ----a-w H:\Arquivos de programas\ice.wav

1998-12-15 08:49 61,657,420 ----a-w H:\Arquivos de programas\des.wav

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2004-06-09 20:31]

"vptray"="H:\ARQUIV~1\SYMANT~1\VPTray.exe" [2004-08-02 19:36]

"TotalRecorderScheduler"="I:\Total Recorder\TotRecSched.exe" [2002-07-13 11:00]

"VX1000"="H:\WINDOWS\vVX1000.exe" [2006-10-13 17:04]

"WinampAgent"="H:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

"Adobe Reader Speed Launcher"="H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"avast!"="H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"Cobian Backup 8 interface"="I:\cbInterface.exe" []

"Motive SmartBridge"="H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"fivebuild"="H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe" []

"ManyCam"="H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe" [2007-04-24 04:08]

"IncrediMail"="I:\IncrediMail\bin\IncMail.exe" [2007-08-21 11:44]

"TrayHabil"="I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe" []

"eMuleAutoStart"="I:\eMule\emule.exe" [2007-05-13 11:57]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= H:\WINDOWS\Downloaded Program Files\gbiehabn.dll [2007-01-10 14:08 222392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

I:\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 I:\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=H:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=H:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=H:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=H:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

H:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

H:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

H:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

H:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

H:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

H:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

 

R1 oreans32;oreans32;\??\H:\WINDOWS\system32\drivers\oreans32.sys

R2 ppsio2;PPDevice;H:\WINDOWS\system32\drivers\ppsio2.sys

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;H:\WINDOWS\system32\DRIVERS\ManyCam.sys

R3 VX1000;VX-1000;H:\WINDOWS\system32\DRIVERS\VX1000.sys

S2 GbpSv;Gbp Service;H:\Arquivos de programas\GbPlugin\GbpSv.exe

S2 MSCamSvc;MSCamSvc;"H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe"

S3 ASPI;Advanced SCSI Programming Interface Driver;\??\H:\WINDOWS\System32\DRIVERS\ASPI32.sys

S3 RTL8169;Realtek 8169 NT Driver;H:\WINDOWS\system32\DRIVERS\Rtlh86.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-28 03:00:00 H:\WINDOWS\Tasks\AC85223B9196A1A3.job"

- h:\docume~1\usuario\dadosd~1\gluebo~1\DartTrustFilm.exe

.

**************************************************************************

 

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-28 00:29:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-28 0:30:18 - machine was rebooted

.

--- E O F ---

 

 

E O LOG DO HIJACKTHIS

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:32:25, on 28/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

I:\AlienGUIse\wbload.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

I:\INCRED~1\bin\ImApp.exe

H:\WINDOWS\system32\wuauclt.exe

I:\eMule\emule.exe

I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

H:\WINDOWS\system32\notepad.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Documents and Settings\Usuario\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - H:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cobian Backup 8 interface] I:\cbInterface.exe -service

O4 - HKLM\..\Run: [Motive SmartBridge] "H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

O4 - HKCU\..\Run: [ManyCam] "H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [eMuleAutoStart] I:\eMule\emule.exe -AutoStart

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = H:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF803FD2-0C5E-416E-838C-099E79DEE1AE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WB - I:\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Cobian Backup 8 serviço (CobBMService) - Unknown owner - I:\cbService.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia deryckenes!

 

>@< Faça o download do FindLop.

>@< Descompacte,o programa,e envie os arquivos para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

_______________________

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

>@< Ps: Caso utilize o Proxy,para acessar a Internet,não dê Fix.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!

>@< Digite os números e,confirme!

>@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

>@< Execute,agora,o findlop.bat

>@< Será gerado um relatório ( findlop.txt ) no Disco Local-C.

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório [ findlop.txt ] que está em C:\xxx..

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

olha eu sei q eu postei o hijackthis aki mais qnd fui dar o fix o quote

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

 

nao tava lah

intao soh dei fix no

 

O4 - HKCU\..\Run: [fivebuild] H:\DOCUME~1\Usuario\DADOSD~1\GLUEBO~1\File Idol.exe

 

e outra qnd fui executar o findlop.bat diz lah que o arquivo nao esta pronto

e abre uma janela do DOS e otra de bloco de notas.

 

 

o que devo fazer eu vou posta aki o ultimo hijackthis que eu fiz. depois do de cima.

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:09:55, on 28/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

I:\AlienGUIse\wbload.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

I:\eMule\emule.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

H:\WINDOWS\RTHDCPL.EXE

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Documents and Settings\Usuario\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - H:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cobian Backup 8 interface] I:\cbInterface.exe -service

O4 - HKLM\..\Run: [Motive SmartBridge] "H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [eMuleAutoStart] I:\eMule\emule.exe -AutoStart

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = H:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF803FD2-0C5E-416E-838C-099E79DEE1AE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WB - I:\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Cobian Backup 8 serviço (CobBMService) - Unknown owner - I:\cbService.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite deryckenes!

 

>@< Vá em Iniciar >> Painel de controle >> Tarefas agendadas.

>@< Exclua todas as tarefas agendadas!

__________________

 

>@< Apague a pasta: H:\QooBox

__________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

a-squared Free - Versão 3.0

Last update: 30/10/2007 08:45:31

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, H:\, I:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 30/10/2007 08:48:07

 

h:\documents and settings\usuario\desktop\uninstall.exe detectado: Trace.File.EXactAdvertisingCashback

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro detectado: Trace.Directory.BSplayer

h:\documents and settings\usuario\menu iniciar\programas\webteh detectado: Trace.Directory.BSplayer

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro\bsplayer.xml detectado: Trace.File.BSplayer

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro\eq.xml detectado: Trace.File.BSplayer

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppPath detectado: Trace.Registry.BSplayer

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppVer detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival --> BSplayerCDDA detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Action detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> DefaultIcon detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeProgID detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeVerb detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Provider detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detectado: Trace.Registry.BSplayer

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus detectado: Trace.Directory.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\bestsellerantivirus.lnk detectado: Trace.File.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\contact customer support.lnk detectado: Trace.File.BestsellerAntivirus

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> Changed detectado: Trace.Registry.BestsellerAntivirus

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> SlowInfoCache detectado: Trace.Registry.BestsellerAntivirus

H:\Documents and Settings\Usuario\Cookies\usuario@2o7[1].txt detectado: Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt detectado: Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@linksynergy[1].txt detectado: Trace.TrackingCookie

H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt:20 detectado: Trace.TrackingCookie

H:\Documents and Settings\Usuario\Desktop\Area de Trabalho\Atalhos não utilizados da área de trabalho\SmitfraudFix\Process.exe detectado: Riskware.RiskTool.Win32.Processor.20

H:\Documents and Settings\Usuario\Desktop\Area de Trabalho\Atalhos não utilizados da área de trabalho\SmitfraudFix\Reboot.exe detectado: Riskware.RiskTool.Win32.Reboot.f

H:\Documents and Settings\Usuario\Desktop\SmitfraudFix\Process.exe detectado: Riskware.RiskTool.Win32.Processor.20

H:\Documents and Settings\Usuario\Desktop\SmitfraudFix\Reboot.exe detectado: Riskware.RiskTool.Win32.Reboot.f

 

Analisado

 

Arquivos: 134450

Objetos: 147134

Cookies: 88

Processos: 10

 

Encontrado

 

Arquivos: 4

Objetos: 20

Cookies: 4

Processos: 0

Chaves do registro: 0

 

Fim da análise: 30/10/2007 09:56:01

Duração da análise: 01:07:54

 

H:\Documents and Settings\Usuario\Desktop\Area de Trabalho\Atalhos não utilizados da área de trabalho\SmitfraudFix\Reboot.exe Em quarentena Riskware.RiskTool.Win32.Reboot.f

H:\Documents and Settings\Usuario\Desktop\SmitfraudFix\Reboot.exe Em quarentena Riskware.RiskTool.Win32.Reboot.f

H:\Documents and Settings\Usuario\Desktop\Area de Trabalho\Atalhos não utilizados da área de trabalho\SmitfraudFix\Process.exe Em quarentena Riskware.RiskTool.Win32.Processor.20

H:\Documents and Settings\Usuario\Desktop\SmitfraudFix\Process.exe Em quarentena Riskware.RiskTool.Win32.Processor.20

H:\Documents and Settings\Usuario\Cookies\usuario@2o7[1].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@linksynergy[1].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt:20 Em quarentena Trace.TrackingCookie

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> Changed Em quarentena Trace.Registry.BestsellerAntivirus

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> SlowInfoCache Em quarentena Trace.Registry.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\bestsellerantivirus.lnk Em quarentena Trace.File.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\contact customer support.lnk Em quarentena Trace.File.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus Em quarentena Trace.Directory.BestsellerAntivirus

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppPath Em quarentena Trace.Registry.BSplayer

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppVer Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival --> BSplayerCDDA Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Action Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> DefaultIcon Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeProgID Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeVerb Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Provider Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName Em quarentena Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString Em quarentena Trace.Registry.BSplayer

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro\bsplayer.xml Em quarentena Trace.File.BSplayer

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro\eq.xml Em quarentena Trace.File.BSplayer

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro Em quarentena Trace.Directory.BSplayer

h:\documents and settings\usuario\menu iniciar\programas\webteh Em quarentena Trace.Directory.BSplayer

h:\documents and settings\usuario\desktop\uninstall.exe Em quarentena Trace.File.EXactAdvertisingCashback

 

Em quarentena

 

Arquivos: 4

Objetos: 20

Cookies: 4

 

 

 

 

 

 

***************************************************************

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:08:11, on 30/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

I:\AlienGUIse\wbload.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

H:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

I:\a-squared Free\a2service.exe

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

I:\INCRED~1\bin\ImApp.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

I:\BitComet\BitComet.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Arquivos de programas\MSN Messenger\msnmsgr.exe

H:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\Documents and Settings\Usuario\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - H:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cobian Backup 8 interface] I:\cbInterface.exe -service

O4 - HKLM\..\Run: [Motive SmartBridge] "H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RemoteControl] I:\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] I:\Language\Language.exe

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [incrediMail] I:\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [bitComet] "I:\BitComet\BitComet.exe" /tray

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = H:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://I:\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://I:\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://I:\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - I:\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF803FD2-0C5E-416E-838C-099E79DEE1AE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WB - I:\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Cobian Backup 8 serviço (CobBMService) - Unknown owner - I:\cbService.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia deryckenes!

 

>@< O a-squared detectou arquivos maliciosos,no seu visualizador. ( BS Player )

>@< Isso,sòmente,ocorre na versão Free,aonde ocorre a inclusão de adwares.

>@< Como,para um perfeito funcionamento,o utilitário pode requerer os componentes,sugiro a inclusão dos mesmo ao computador.

 

H:\Documents and Settings\Usuario\Cookies\usuario@2o7[1].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Cookies\usuario@linksynergy[1].txt Em quarentena Trace.TrackingCookie

H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt:20 Em quarentena Trace.TrackingCookie

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> Changed Em quarentena Trace.Registry.BestsellerAntivirus

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UAVIEN_is1 --> SlowInfoCache Em quarentena Trace.Registry.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\bestsellerantivirus.lnk Em quarentena Trace.File.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus\contact customer support.lnk Em quarentena Trace.File.BestsellerAntivirus

h:\documents and settings\all users\menu iniciar\programas\bestsellerantivirus Em quarentena Trace.Directory.BestsellerAntivirus

h:\documents and settings\usuario\desktop\uninstall.exe Em quarentena Trace.File.EXactAdvertisingCashback

>@< Vá à quarentena do a-squared,selecione apenas os componentes,logo àcima,e clique em Excluir.

____________________

 

>@< Caso goste do programa,e queira uma versão limpa,baixe o BS Player Pro.

>@< Ps: Ao fazer a mudança,para a versão Pro,limpe antes o computador da contaminação da versão Free.

____________________

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

OLA DIGRAM VALEW POR CONTINUA ME AJUDANDO MAIS AI DE UMA OLHADA NAS COISAS QUE O SCAN LAH DO PANDA ACHO.......

PRIMEIRO VAI O HIJACKTHIS

beleza

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:04:48, on 31/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

I:\AlienGUIse\wbload.exe

H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

H:\ARQUIV~1\SYMANT~1\VPTray.exe

I:\Total Recorder\TotRecSched.exe

H:\WINDOWS\vVX1000.exe

H:\Arquivos de programas\Winamp\winampa.exe

H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

H:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

H:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

I:\a-squared Free\a2service.exe

H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

I:\BitComet\BitComet.exe

H:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

I:\DreMule\emule.exe

H:\Arquivos de programas\Messenger\msmsgs.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Documents and Settings\Usuario\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - H:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [ccApp] "H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] H:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] I:\Total Recorder\TotRecSched.exe

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [WinampAgent] H:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] H:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cobian Backup 8 interface] I:\cbInterface.exe -service

O4 - HKLM\..\Run: [Motive SmartBridge] "H:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RemoteControl] "H:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "H:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "H:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [TrayHabil] I:\PROGRAMAS INUTEIS\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [bitComet] "I:\BitComet\BitComet.exe" /tray

O4 - Startup: Backup.lnk = I:\PROGRAMAS INUTEIS\Suninfor\Backup.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = H:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://I:\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://I:\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://I:\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - I:\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB88AC-00C7-4AB9-A5A6-526C002DB757}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF803FD2-0C5E-416E-838C-099E79DEE1AE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WB - I:\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Cobian Backup 8 serviço (CobBMService) - Unknown owner - I:\cbService.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - H:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSCamSvc - Unknown owner - H:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - H:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - H:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

 

 

 

 

 

 

 

 

*****************************************************

 

 

 

 

 

 

AGORA DO ACTIVESCAN

 

 

 

 

 

Incidência Estado Localização

 

Spyware:Cookie/2o7 Não desinfectado H:\Documents and Settings\Usuario\Cookies\usuario@2o7[1].txt

Spyware:Cookie/myaffiliateprogram Não desinfectado H:\Documents and Settings\Usuario\Cookies\usuario@www.myaffiliateprogram[2].txt

Spyware:Cookie/Com.com Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/Comclick Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/Com.com Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.acesso.uol.com.br/]

Spyware:Cookie/Doubleclick Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/YieldManager Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/FastClick Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Tribalfusion Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Atlas DMT Não desinfectado H:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\jd78haxi.default\cookies.txt[.atdmt.com/]

Ferramenta potencialmente indesejada:Application/SuperFast Não desinfectado H:\Documents and Settings\Usuario\Desktop\Area de Trabalho\Atalhos não utilizados da área de trabalho\SmitfraudFix\restart.exe

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado H:\Documents and Settings\Usuario\Desktop\ComboFix.exe[nircmd.exe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado H:\Documents and Settings\Usuario\Desktop\ComboFix.exe[nircmd.cfexe]

Ferramenta potencialmente indesejada:Application/SuperFast Não desinfectado H:\Documents and Settings\Usuario\Desktop\SmitfraudFix\restart.exe

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado H:\WINDOWS\NirCmd.exe

Virus:Generic Malware Desinfectado I:\Programas\PLUGINS DIVERSOS\Cylonix 18 Channel Vocoder v2.0\patch.exe

Virus:Generic Malware Desinfectado I:\vcd\gordian\GordianKnot\GordianKnot.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde deryckenes!

 

>@< O relatório do Panda,não está crítico,apresenta,apenas,cookies e falsos positivos sobre as tools.

___________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

___________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< Algum problema,ainda,com o computador?

>@< Pois o Log está Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

deryckenes    0

deryckenes
Postado

INTAO DIGRAM, O MEU PC QND EU ENTRO EM QUALQUER SITE BARRA DE ROLAGEM FICA INDO PRA CIMA E PARA BAIXO, NESSE MOMENTO ELA ESTA ASSIM SOH Q NAUM EH MUITO POREM O SUFICIENTE PRA MIM FICAR ZONZO.

AJUDE-ME........ NAO CONSIGUI BAIXAR O ARQUIVO ALI DE CIMA..................

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia deryckenes!

 

>@< Procure,antes de substituir o Mouse,ajustar a rolagem.

>@< Vá em Painel de controle >> Mouse >> Clique na guia: Roda.

>@< Em rolagem,marque o botão: Número de linhas de cada vez.

>@< Coloque o número 3.

>@< Clique em Aplicar >> Ok.

>@< Caso não funcione,busque substituir o Mouse por um USB.

__________________________

 

>@< Boa Sorte! :thumbsup:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
O que você pediu pra mim fazer ja tava lah como padrao, porem meu mouse tbm eh de usb

e a barra de rolagem ainda continua, do mesmo jeito.

@@@@@@@@@@@@@@@@@@@@

Boa Noite deryckenes!

 

>@< Este problema ocorre,também,utilizando outro navegador?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito