[Arquivado] web foldder\ibm00001.exe

[ademir_gomes 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:48, on 20/1/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Safe mode

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunServices: [Microsft Conf 32] msaconf.exe

O4 - HKCU\..\Run: [Microsft Conf 32] msaconf.exe

O4 - HKCU\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\System32\shdocvw.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{581CABE5-5BCA-40F9-9250-94DACB87FCC8}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F9B40E9-136C-4FBC-A239-62CD3D4738ED}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O20 - Winlogon Notify: lanH32 - C:\WINNT\SYSTEM32\lanH32.dll

O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\f22mlcf11f2.dll (file missing)

O20 - Winlogon Notify: Unimodem - C:\WINNT\system32\fpls0337e.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Gizmo Project\mDNSResponder.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

--

End of file - 7177 bytes

[jgarcia 1]

Opa ademir_gomes,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[ademir_gomes 0]

obrigado pela dica vou tentar depois posto aki o resultado .

 

valeu.

[ademir_gomes 0]

oka

 

aí estão os log's

 

ComboFix 08-01-20.1 - Home2 20/01/2008 17:47:53.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1046.18.140 [GMT -3:00]

Executando de: C:\Documents and Settings\Home2\Meus documentos\remover virus\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\Hotbar

C:\Arquivos de programas\MyWebSearch

C:\Arquivos de programas\MyWebSearch\bar\History\search2

C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat

C:\WINNT\dh.ini

C:\WINNT\svchost.exe

C:\WINNT\system32\guard.tmp

C:\WINNT\system32\kernel32.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_WINDOWS_MANAGEMENT_SERVICE

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))

.

 

2008-01-20 17:52 . 08-01-20 17:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1fc.dat

2008-01-20 17:47 . 00-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe

2008-01-20 12:39 . 08-01-20 13:19 158,208 --a------ C:\WINNT\msconfig.exe

2008-01-20 10:34 . 08-01-20 10:34 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-01-19 21:47 . 08-01-19 21:47 <DIR> d--h----- C:\Documents and Settings\TEMP.WL3W42\Configura‡äes locais

2008-01-18 18:35 . 08-01-18 22:09 <DIR> d--h----- C:\Documents and Settings\TEMP\Configura‡äes locais

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 15:58 --------- d-----w C:\Arquivos de programas\Kazaa Lite K++

2008-01-20 13:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-20 01:22 --------- d-----w C:\Documents and Settings\Home2\Dados de aplicativos\Skype

2008-01-18 21:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-01-04 23:49 --------- d-----w C:\Arquivos de programas\Google

2007-12-04 14:56 93,264 ----a-w C:\WINNT\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINNT\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINNT\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINNT\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINNT\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINNT\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINNT\system32\AVASTSS.scr

2007-12-01 19:35 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2007-11-25 19:23 --------- d-----w C:\Arquivos de programas\MessengerPlus! 3

2007-11-25 14:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-11-25 14:43 --------- d-----w C:\Arquivos de programas\Adverts

2007-10-20 10:40 23,040 ----a-w C:\Arquivos de programas\Pasta1.xls

2007-06-20 23:31 92,064 ----a-w C:\Documents and Settings\Home2\mqdmmdm.sys

2007-06-20 23:31 9,232 ----a-w C:\Documents and Settings\Home2\mqdmmdfl.sys

2007-06-20 23:31 79,328 ----a-w C:\Documents and Settings\Home2\mqdmserd.sys

2007-06-20 23:31 66,656 ----a-w C:\Documents and Settings\Home2\mqdmbus.sys

2007-06-20 23:31 6,208 ----a-w C:\Documents and Settings\Home2\mqdmcmnt.sys

2007-06-20 23:31 5,936 ----a-w C:\Documents and Settings\Home2\mqdmwhnt.sys

2007-06-20 23:31 4,048 ----a-w C:\Documents and Settings\Home2\mqdmcr.sys

2007-06-20 23:31 25,600 ----a-w C:\Documents and Settings\Home2\usbsermptxp.sys

2007-06-20 23:31 22,768 ----a-w C:\Documents and Settings\Home2\usbsermpt.sys

2006-11-19 22:00 615,331 ----a-w C:\Arquivos de programas\photoed.zip

2006-03-28 22:48 271 ---h--w C:\Arquivos de programas\desktop.ini

2006-03-28 22:48 22,040 ---h--w C:\Arquivos de programas\folder.htt

2000-01-24 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys

1997-04-22 02:00 93,529 ----a-w C:\Arquivos de programas\Photoed.hlp

1997-04-22 02:00 92,160 ----a-w C:\Arquivos de programas\Stainedg.dll

1997-04-22 02:00 9,902 ----a-w C:\Arquivos de programas\Photoed.srg

1997-04-22 02:00 87,040 ----a-w C:\Arquivos de programas\Watercol.dll

1997-04-22 02:00 803,844 ----a-w C:\Arquivos de programas\Photoed.exe

1997-04-22 02:00 78,336 ----a-w C:\Arquivos de programas\Stamp.dll

1997-04-22 02:00 4,271 ----a-w C:\Arquivos de programas\Photoed.cnt

1997-04-22 02:00 160,768 ----a-w C:\Arquivos de programas\Texturiz.dll

2007-04-25 02:02 88 --sh--r C:\WINNT\system32\BEE0D65209.sys

2007-04-25 02:02 5,018 --sha-w C:\WINNT\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GenericHostW32"="C:\WINNT\SVCHOST.exe" [ ]

"GenericMidiaMSW"="C:\WINNT\SVCHOST.exe" [ ]

"Microsft Conf 32"="msaconf.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [03-06-19 16:05 111888 C:\WINNT\system32\mobsync.exe]

"C-Media Mixer"="Mixer.exe" [02-10-15 18:00 1818624 C:\WINNT\mixer.exe]

"LoadQM"="loadqm.exe" [00-05-03 17:23 7536 C:\WINNT\loadqm.exe]

"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 155648]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [06-05-30 13:34 282624]

"GenericHostW32"="C:\WINNT\SVCHOST.exe" [ ]

"GenericMidiaMSW"="C:\WINNT\SVCHOST.exe" [ ]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe" [06-07-26 02:03 49263]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [07-12-04 10:00 79224]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [05-02-16 16:15 221184]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [07-11-25 11:42 190024]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [07-01-01 19:54 3735552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsft Conf 32"="msaconf.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [00-01-23 21:00 20752 C:\WINNT\system32\internat.exe]

"GenericHostW32"="C:\WINNT\SVCHOST.exe" [ ]

"GenericMidiaMSW"="C:\WINNT\SVCHOST.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="" []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:05:56 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Arquivos de programas\GbPlugin\gbiehuni.dll [07-10-09 09:43 336800]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lanH32]

lanH32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lanH32.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lanH64.sys]

@="Driver"

 

R1 lanH64;LAN MSFW adapter;C:\WINNT\System32\lanH64.sys [00-01-23 21:00 ]

R1 oreans32;oreans32;C:\WINNT\system32\drivers\oreans32.sys [06-04-05 21:07 ]

R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07-12-04 11:56 ]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [07-10-09 09:43 ]

R3 IP100;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINNT\system32\DRIVERS\ipfnd5.sys [05-04-06 11:31 ]

R3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [00-01-22 21:45 ]

S2 lanH32;LAN FW adapter;C:\WINNT\System32\lanH64.sys [00-01-23 21:00 ]

S3 motmodem;Motorola USB CDC ACM Driver;C:\WINNT\system32\DRIVERS\motmodem.sys [07-02-27 14:31 ]

S3 vmfilter303;vmfilter303;C:\WINNT\system32\drivers\vmfilter303.sys [06-04-25 10:57 ]

S3 ZSMC303;USB PC Camera (Vimicro301 Neptune);C:\WINNT\system32\Drivers\usbVM303.sys [06-08-31 10:30 ]

 

*Newly Created Service* - IPNAT

*Newly Created Service* - RASAUTO

*Newly Created Service* - SHAREDACCESS

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 17:53:22

Windows 5.0.2195 Service Pack 4 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

C:\WINNT\system32\klgcptini.dat 0 bytes

C:\WINNT\system32\maskstt.a3d 2688 bytes

C:\WINNT\system32\qz.dll 44090 bytes executable

C:\WINNT\system32\redir2.a3d 2326 bytes

C:\WINNT\system32\stt82.ini 320 bytes

C:\WINNT\system32\lanH64.sys 21824 bytes executable

 

Varredura completada com sucesso

Ficheiros ocultos: 6

 

**************************************************************************

.

Tempo para conclusão: 2008-01-20 17:55:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-20 20:55:30

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57:31, on 20/1/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Gizmo Project\mDNSResponder.exe

C:\WINNT\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunServices: [Microsft Conf 32] msaconf.exe

O4 - HKCU\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [Microsft Conf 32] msaconf.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\System32\shdocvw.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{581CABE5-5BCA-40F9-9250-94DACB87FCC8}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F9B40E9-136C-4FBC-A239-62CD3D4738ED}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{0A795382-6A30-41DA-AC7A-FC6D3FF36678}: NameServer = 85.255.116.98,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.123

O20 - Winlogon Notify: lanH32 - lanH32.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Gizmo Project\mDNSResponder.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

--

End of file - 7231 bytes

 

 

sera que agora ficou limpo ???????

[ademir_gomes 0]

olá pessoal gostaria de deixar meus sinceros agradecimentos a pessoa que me deu as dicas para poder solucionar meu problema , realmente aquela maldita web folders sumiu , acho que agora estou livre desta praga .

 

 

muito obrigado .

 

jgarcia - valeu mesmo pela ajuda . abraço.

 

 

 

ademir gomes - Ctba - PR

[jgarcia 1]

Opa ademir_gomes,

 

Ainda há muito o que fazer, então vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o SafeBootKeyRepair.

 

Rode a ferramenta e aguarde, pois ela demora algum tempo para finalizar o processo.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINNT\SVCHOST.exe

C:\WINNT\system32\msaconf.exe

C:\WINNT\system32\klgcptini.dat

C:\WINNT\system32\maskstt.a3d

C:\WINNT\system32\qz.dll

C:\WINNT\system32\redir2.a3d

C:\WINNT\system32\stt82.ini

C:\WINNT\system32\lanH64.sys

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O4 - HKLM\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKLM\..\RunServices: [Microsft Conf 32] msaconf.exe

O4 - HKCU\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1

O4 - HKCU\..\Run: [Microsft Conf 32] msaconf.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericHostW32] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [GenericMidiaMSW] C:\WINNT\SVCHOST.EXE %1 (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O20 - Winlogon Notify: lanH32 - lanH32.dll (file missing)

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Retorne com novos logs do ComboFix e HijackThis.

 

Um abraço.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.