Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Gandalf - The White

ie esta estranho e pc esta lerdo

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Gandalf - The White    0

Gandalf - The White
Postado

Fala ai pessoal alguém pode me ajudar a arrumar e remover as bagulhadas de trojans worms, spywares etc segue abaixo meu log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:23, on 29/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\FlashGet\FlashGet.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LeechGet 2007\LeechGet.exe

C:\Arquivos de programas\GetRight\getright.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Icecast2 Win32\icecastService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 89.248.161.70 www.filewarez.nl

O2 - BHO: Search Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Arquivos de programas\SearchBar\Search.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [sNM] C:\Arquivos de programas\SpyNoMore\SNM.exe /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LeechGet] "C:\Arquivos de programas\LeechGet 2007\LeechGet.exe" -intray

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Arquivos de programas\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Analisar com LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\Parser.html

O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\AddUrl.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - file:///C:/Documents%20and%20Settings/user/Desktop/smsx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161215906407

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Arquivos de programas\Icecast2 Win32\icecastService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 11622 bytes

 

IE ESTA ESTRANHO E PC ESTA LERDO... qualquer ajuda já esta valendo!

 

Agradeço desde já

 

Robson

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Gandalf - The White,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Gandalf - The White    0

Gandalf - The White
Postado

NOVO LOG DO hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:55:01, on 31/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Icecast2 Win32\icecastService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\FlashGet\FlashGet.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LeechGet 2007\LeechGet.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\GetRight\getright.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 89.248.161.70 www.filewarez.nl

O2 - BHO: Search Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Arquivos de programas\SearchBar\Search.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [sNM] C:\Arquivos de programas\SpyNoMore\SNM.exe /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LeechGet] "C:\Arquivos de programas\LeechGet 2007\LeechGet.exe" -intray

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Analisar com LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\Parser.html

O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://C:\Arquivos de programas\LeechGet 2007\\AddUrl.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - file:///C:/Documents%20and%20Settings/user/Desktop/smsx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161215906407

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Arquivos de programas\Icecast2 Win32\icecastService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 11105 bytes

 

LOG DO COMBOFIX:

 

ComboFix 08-01-31.4 - user 2008-01-31 8:37:40.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.316 [GMT -2:00]

Executando de: C:\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\user\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EKSGC5P2\www.broadcaster.com

C:\Documents and Settings\user\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EKSGC5P2\www.broadcaster.com\played_list.sol

C:\Documents and Settings\user\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EKSGC5P2\www.broadcaster.com\video_queue.sol

C:\Documents and Settings\user\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\user\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\WINDOWS\system32\Cache

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))

.

 

2008-01-31 08:34 . 2008-01-31 08:36 <DIR> d-------- C:\Arquivos de programas\SearchBar

2008-01-31 08:18 . 2008-01-31 08:18 93,696 --a------ C:\KillBox-Beta.exe

2008-01-31 08:12 . 2008-01-31 08:13 1,592,312 --a------ C:\ComboFix.exe

2008-01-25 16:54 . 2008-01-25 16:54 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2008-01-24 08:25 . 2008-01-30 18:14 <DIR> d-------- C:\Arquivos de programas\FlashGet

2008-01-22 08:10 . 2008-01-28 10:14 <DIR> d-------- C:\Arquivos de programas\Webserver Stress Tool 7

2008-01-18 13:56 . 2008-01-18 13:56 <DIR> d-------- C:\Arquivos de programas\Windows Defender

2008-01-16 11:48 . 2006-10-18 18:59 <DIR> d--h----- C:\Documents and Settings\Administrador.FINANCEIRO\Modelos

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> d-------- C:\Documents and Settings\Administrador.FINANCEIRO\Meus documentos

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> dr------- C:\Documents and Settings\Administrador.FINANCEIRO\Menu Iniciar

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> d-------- C:\Documents and Settings\Administrador.FINANCEIRO\Favoritos

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> dr-h----- C:\Documents and Settings\Administrador.FINANCEIRO\Dados de aplicativos

2008-01-16 11:48 . 2008-01-16 11:48 <DIR> d--h----- C:\Documents and Settings\Administrador.FINANCEIRO\Configurações locais

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> d--h----- C:\Documents and Settings\Administrador.FINANCEIRO\Ambiente de rede

2008-01-16 11:48 . 2006-10-18 16:51 <DIR> d--h----- C:\Documents and Settings\Administrador.FINANCEIRO\Ambiente de impressão

2008-01-15 18:24 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-01-15 18:24 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-01-14 08:12 . 2008-01-14 08:12 <DIR> d-------- C:\CloneDVDTemp2

2008-01-11 18:27 . 2008-01-11 18:27 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2008-01-10 10:44 . 2008-01-10 10:44 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\ImgBurn

2008-01-10 10:42 . 2008-01-10 10:42 <DIR> d-------- C:\Arquivos de programas\ImgBurn

2008-01-09 08:04 . 2008-01-10 16:52 <DIR> d-------- C:\Arquivos de programas\RapidCheck

2007-12-18 15:48 . 2007-12-18 15:42 3,728,493 --------- C:\ANDERSON.CURVELLO.TCC.pdf

2007-12-17 14:14 . 2007-12-17 14:14 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2007-12-17 11:15 . 2007-12-17 15:19 171 --a------ C:\WINDOWS\icecast2.ini

2007-12-17 11:13 . 2007-12-17 11:13 <DIR> d-------- C:\Arquivos de programas\Icecast2 Win32

2007-12-17 11:06 . 2007-12-17 11:06 <DIR> d-------- C:\Arquivos de programas\SpacialAudio

2007-12-17 07:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-17 07:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-12-17 07:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-15 13:56 . 2007-12-15 13:56 <DIR> d-------- C:\tunit345

2007-12-15 13:56 . 2007-12-15 14:07 4,056 --a------ C:\totnp233.dll

2007-12-15 13:48 . 2007-12-15 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-12-15 13:48 . 2007-12-15 13:58 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-12-15 13:48 . 2007-12-15 13:57 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-12-13 17:31 . 2007-12-13 17:31 <DIR> d-------- C:\Arquivos de programas\MP3 Splitter & Joiner Pro

2007-12-13 17:07 . 2007-12-13 17:07 19,571 --a------ C:\ATgAAAC9KGlTCwVRk4lKVOzjb4nrVl-k2wBPS8_P9Oj9pMwl2Nnwz0axKG7MAzMEvlovgylOCSzf3nk7nWwkmdBt2CYzAJtU9VA97sBwBhhfo_L

7EYmp6aHyZ1Y03Q.jpg

2007-12-13 09:22 . 2003-05-14 11:16 61,440 -ra------ C:\WINDOWS\system32\enclss32.dll

2007-12-12 18:32 . 2007-12-12 18:32 <DIR> d-------- C:\relatório_cris

2007-12-12 15:36 . 2007-12-12 15:36 <DIR> d-------- C:\Arquivos de programas\GPLGS

2007-12-12 15:25 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll

2007-12-12 15:24 . 2007-12-12 15:24 <DIR> d-------- C:\Arquivos de programas\Acro Software

2007-12-12 08:27 . 2007-12-12 08:27 <DIR> d-------- C:\Arquivos de programas\Kingdia Software

2007-12-12 08:27 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-12-12 08:27 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll

2007-12-10 17:06 . 2007-12-10 17:06 <DIR> d-------- C:\WINDOWS\Mozilla

2007-12-10 17:03 . 2007-12-10 17:11 <DIR> d-------- C:\Arquivos de programas\MediaCoder

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 16:22 --------- d-----w C:\Arquivos de programas\2DC++

2008-01-29 15:54 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\uTorrent

2008-01-29 15:18 --------- d-----w C:\Arquivos de programas\GetRight

2008-01-29 10:45 --------- d-----w C:\Arquivos de programas\eMule

2008-01-28 13:12 3,402 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-01-28 12:00 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-16 12:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-01-14 11:45 --------- d-----w C:\Arquivos de programas\Zpoc Brasil

2008-01-11 20:21 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-10 18:55 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGALCAJYWPP.SYS

2007-12-05 10:12 --------- d-----w C:\Arquivos de programas\URUSoft

2007-11-29 17:30 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Vso

2007-11-29 12:23 --------- d-----w C:\Arquivos de programas\mIRC

2007-11-29 09:47 --------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-11-23 10:37 505,208 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2007-11-13 10:55 1,024 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-01 12:00 298,104 ----a-w C:\WINDOWS\system32\imon.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 13:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-10 23:50 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-09-25 17:53 87,608 ----a-w C:\Documents and Settings\user\Dados de aplicativos\ezpinst.exe

2007-09-25 17:53 47,360 ----a-w C:\Documents and Settings\user\Dados de aplicativos\pcouffin.sys

2006-10-19 00:05 469 ----a-w C:\Arquivos de programas\INSTALL.LOG

2000-10-19 18:36 56 --sh--r C:\WINDOWS\system32\C52696FD58.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78F0212}]

2007-09-04 14:00 49152 --a------ C:\Arquivos de programas\SearchBar\Search.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"LeechGet"="C:\Arquivos de programas\LeechGet 2007\LeechGet.exe" [2007-05-31 10:33 742912]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [ ]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 05:00 81920 C:\WINDOWS\SOUNDMAN.EXE]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]

"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-08-11 22:43 86016 C:\WINDOWS\system32\nvmctray.dll]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 07:25 6731312]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-11-01 10:00 949376]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 08:48 157592]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Flashget"="C:\Arquivos de programas\FlashGet\FlashGet.exe" [2007-05-29 13:30 1986608]

"SNM"="C:\Arquivos de programas\SpyNoMore\SNM.exe" [ ]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

GetRight - Tray Icon.lnk - C:\Arquivos de programas\GetRight\getright.exe [2007-11-13 08:43:31 3436544]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2007-08-08 15:29 209224]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2007-08-09 16:39 207944]

"{00212521-4FEF-4AD3-B3AA-E05CDA254123}"= C:\WINDOWS\system32\search.dll [2007-09-05 13:47 95024]

 

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 15:31]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-24 22:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-01-31 10:33:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-01-31 10:10:41 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A19B5C0-8E69-485B-8335-9D1D4F7B646E}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 08:43:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-31 8:47:41

ComboFix-quarantined-files.txt 2008-01-31 10:47:34

.

2008-01-30 10:21:15 --- E O F ---

 

Se puder me ajudar esta valendo... eu naum consigo desistalar o SearchBar.dll q esta em negrito acima ele fica no ie como uma barra de busca...

 

att. Robson

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Gandalf - The White,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Arquivos de programas\SearchBar\Search.dll

C:\WINDOWS\system32\search.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 89.248.161.70 www.filewarez.nl

O2 - BHO: Search Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Arquivos de programas\SearchBar\Search.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Localize e delete a seguinte pasta:

 

C:\Arquivos de programas\SearchBar

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\windrv.sys

 

Retorne com o resultado, bem como novos logs do ComboFix e HijackThis.

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito