dilp 0 Denunciar post Postado Fevereiro 28, 2008 olá... preciso de ajuda para remover um virus que está deixando meu cpu com 100% de uso mesmo sem nenhum programa aberto. Quando o cpu chega a 100% tudo começa a ficar lerdo e travando. Quando reinicio ou desligo o pc aparece uma janela pedindo para finalizar tarefa de 29a5ea88. Essa janela aparece umas 4 vezes pra depois aparecer tambem uma com o nome de MCI. gostaria de saber se é realmente um virus. ai está o log do HijackThis. Logfile of HijackThis v1.99.1 Scan saved at 13:19:59, on 28/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\FixCamera.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\malware\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [GetTube Update] C:\Arquivos de programas\GetTube\liveupdate.exe /m O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing) O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 29, 2008 Bom Dia dilp! >@< Faça o download do NoLop. >@< Salve-o no Desktop! >@< Mas não rode-o ainda! ________________________ >@< Configure o Windows,para que mostre os arquivos ocultos do SO. >1< Abra: Meu Computador. >2< Clique em Ferramentas >> Opções de Pasta. >3< Selecione a aba: Modo de Exibição. >4< Selecione o botão < Mostrar pastas e arquivos ocultos > >5< Desmarque a caixa: <Ocultar arquivos protegidos do SO ( Recomendado ) > >6< Clique em Ok. ________________________ >@< Reinicie o computador,em Modo de Segurança. >@< Execute o NoLop,com um duplo clique em NoLop.exe. >@< Clique no botão Search and Destroy. >@< O computador será escaneado pela ferramenta.Aguarde! >@< Caso encontre alguma infecção,clique em Ok >> Clique em Reboot. >@< Caso não encontre infecções,saia do programa clicando em Ok. >@< Reinicie em Modo Normal! >@< Poste o relatório,que estará em < C:\NoLop.log >,na sua resposta + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
dilp 0 Denunciar post Postado Março 3, 2008 ok.. baixei o programa... LOG DO NoLop NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\user\Desktop [3/3/2008] [10:42:20] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- LOG DO HJT Logfile of HijackThis v1.99.1 Scan saved at 10:46:16, on 3/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\FixCamera.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\malware\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe VLW!!! aguardando resposta! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 3, 2008 Boa Tarde dilp! >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e execute a ferramenta! >@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado. >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! _________________________ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
dilp 0 Denunciar post Postado Março 5, 2008 oi... ta ai o relatorio do combofix... espero q consiga resolver o problema ComboFix 08-03-05.1 - user 2008-03-05 13:27:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.617 [GMT -3:00] Executando de: C:\Documents and Settings\user\Desktop\ComboFix.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((( Ficheiros criados de 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))) . 2008-03-04 17:02 . 2008-03-04 17:02 268 --ah----- C:\sqmdata07.sqm 2008-03-04 17:02 . 2008-03-04 17:02 244 --ah----- C:\sqmnoopt07.sqm 2008-03-04 11:21 . 2008-03-04 11:21 <DIR> d-------- C:\Documents and Settings\outros\Contacts 2008-03-04 11:17 . 2008-03-04 11:17 <DIR> d-------- C:\Documents and Settings\outros\Dados de aplicativos\Nero 2008-03-04 11:16 . 2007-12-26 08:26 <DIR> d--h----- C:\Documents and Settings\outros\Modelos 2008-03-04 11:16 . 2008-03-04 11:23 <DIR> dr------- C:\Documents and Settings\outros\Meus documentos 2008-03-04 11:16 . 2002-01-27 03:20 <DIR> dr------- C:\Documents and Settings\outros\Menu Iniciar 2008-03-04 11:16 . 2008-03-04 11:16 <DIR> dr------- C:\Documents and Settings\outros\Favoritos 2008-03-04 11:16 . 2008-03-04 11:17 <DIR> dr-h----- C:\Documents and Settings\outros\Dados de aplicativos 2008-03-04 11:16 . 2008-03-04 11:16 <DIR> d--h----- C:\Documents and Settings\outros\Configurações locais 2008-03-04 11:16 . 2002-01-27 03:20 <DIR> d--h----- C:\Documents and Settings\outros\Ambiente de rede 2008-03-04 11:16 . 2002-01-27 03:20 <DIR> d--h----- C:\Documents and Settings\outros\Ambiente de impressão 2008-03-03 10:42 . 2008-03-03 10:42 106 --a------ C:\delete.bat 2008-03-01 10:51 . 2008-03-01 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink 2008-03-01 10:50 . 2008-03-01 10:50 <DIR> d-------- C:\Arquivos de programas\CyberLink 2008-03-01 10:50 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2008-02-29 21:27 . 2008-02-29 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-02-29 21:01 . 2008-02-29 21:01 1,887 --a------ C:\WINDOWS\diagwrn.xml 2008-02-29 21:01 . 2008-02-29 21:01 1,887 --a------ C:\WINDOWS\diagerr.xml 2008-02-26 16:19 . 2008-03-03 10:46 <DIR> d-------- C:\malware 2008-02-24 19:23 . 2008-02-24 19:23 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Nero 2008-02-24 19:17 . 2008-02-24 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero 2008-02-24 19:17 . 2008-02-24 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero 2008-02-23 21:34 . 2008-02-29 20:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-23 21:34 . 2008-02-23 21:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-23 21:33 . 2008-02-23 21:34 <DIR> d-------- C:\Arquivos de programas\iTunes 2008-02-23 21:33 . 2008-02-23 21:33 <DIR> d-------- C:\Arquivos de programas\iPod 2008-02-23 21:32 . 2008-02-23 21:32 <DIR> d-------- C:\Arquivos de programas\QuickTime 2008-02-23 21:31 . 2008-02-23 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-02-23 21:31 . 2008-02-23 21:31 <DIR> d-------- C:\Arquivos de programas\Apple Software Update 2008-02-23 21:30 . 2008-02-23 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2008-02-23 21:30 . 2008-02-23 21:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple 2008-02-22 17:11 . 2008-02-22 18:05 <DIR> d-------- C:\Ptyes 2008-02-20 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-20 15:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-20 15:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-19 22:01 . 2008-02-24 00:10 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar 2008-02-19 22:01 . 2008-02-19 22:01 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites 2008-02-19 21:42 . 2008-02-19 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-02-19 21:42 . 2008-02-19 21:59 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-02-19 21:42 . 2008-02-19 21:58 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-02-16 13:51 . 2002-02-16 13:54 <DIR> d-------- C:\Arquivos de programas\Elaborate Bytes 2008-02-16 13:49 . 2008-02-29 20:55 <DIR> d-------- C:\WINDOWS\system32\lib 2008-02-16 13:48 . 2007-02-16 14:02 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft 2008-02-16 13:48 . 2008-02-24 19:56 223,128 --a--c--- C:\WINDOWS\system32\drivers\vaxscsi.sys 2008-02-16 13:46 . 2008-02-16 13:46 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-02-16 13:46 . 2008-02-23 22:40 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6397.sys 2008-02-15 20:51 . 2008-02-15 20:51 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Leadertech 2008-02-15 20:51 . 2008-02-15 20:51 <DIR> d-------- C:\Arquivos de programas\GameSpy Arcade 2008-02-15 20:39 . 2008-02-15 20:39 <DIR> d-------- C:\NeverwinterNights 2008-02-15 18:35 . 2008-02-29 21:30 <DIR> d-------- C:\Arquivos de programas\eMule 2008-02-09 23:32 . 2008-02-09 23:32 <DIR> d-------- C:\CoolSMS 2008-02-07 21:05 . 2008-02-07 21:05 268 --ah----- C:\sqmdata04.sqm 2008-02-07 21:05 . 2008-02-07 21:05 244 --ah----- C:\sqmnoopt04.sqm 2008-02-06 19:33 . 2008-02-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG 2008-02-06 19:30 . 2008-02-06 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant 2008-02-06 19:30 . 2008-02-06 19:30 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard 2008-02-06 19:29 . 2007-03-08 01:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-06 19:29 . 2007-03-08 01:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-06 19:29 . 2007-03-08 01:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-06 19:28 . 2007-03-17 13:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll 2008-02-06 19:28 . 2007-03-17 13:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll 2008-02-06 19:28 . 2007-03-08 01:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll 2008-02-06 19:28 . 2007-03-17 13:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll 2008-02-06 19:28 . 2004-08-03 21:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-06 19:28 . 2004-08-03 21:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-06 19:21 . 2008-02-06 19:33 152,198 --a--c--- C:\WINDOWS\hpoins14.dat 2008-02-06 19:21 . 2007-06-05 20:07 2,000 -----c--- C:\WINDOWS\hpomdl14.dat 2008-02-06 18:18 . 2008-02-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard 2008-02-06 18:17 . 2007-03-30 12:07 267,864 -ra--c--- C:\WINDOWS\system32\hpzids01.dll 2008-02-06 18:17 . 2007-03-28 13:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 16:27 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-03-05 16:19 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\uTorrent 2008-03-05 15:20 --------- d-----w C:\Arquivos de programas\Intel 2008-03-03 15:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-03-01 13:50 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-03-01 00:30 --------- d-----w C:\Arquivos de programas\GetTube 2008-03-01 00:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator 2008-03-01 00:02 --------- d-----w C:\Arquivos de programas\Spyware Terminator 2008-02-26 15:48 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Spyware Terminator 2008-02-24 22:17 --------- d-----w C:\Arquivos de programas\Nero 2008-02-24 01:42 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\LimeWire 2008-02-24 00:33 --------- d-----w C:\Arquivos de programas\Bonjour 2008-02-06 22:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP 2008-02-06 22:12 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-01-30 14:08 --------- d-----w C:\Arquivos de programas\Google 2008-01-30 03:52 --------- d-----w C:\Arquivos de programas\MikesGames 2008-01-23 14:56 --------- d-----w C:\Arquivos de programas\USBToolbox 2008-01-23 14:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-01-23 14:36 --------- d-----w C:\Arquivos de programas\NCSoft 2008-01-16 14:40 --------- d-----w C:\Arquivos de programas\Eudemons_Pt 2008-01-15 20:16 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\HP 2008-01-11 03:46 --------- d-----w C:\Arquivos de programas\DAP 2008-01-09 17:00 --------- d-----w C:\Arquivos de programas\ONGAME 2008-01-08 17:48 --------- d-----w C:\Arquivos de programas\speedbit_br 2008-01-08 17:45 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2008-01-07 22:40 --------- d-----w C:\Arquivos de programas\uTorrent 2008-01-07 22:31 2,887,680 -c--a-w C:\WINDOWS\system32\VagalumePluginWMP.dll 2008-01-07 22:19 --------- d-----w C:\Arquivos de programas\Java 2008-01-07 21:35 --------- d-----w C:\Arquivos de programas\MSXML 4.0 2008-01-07 18:42 --------- d-----w C:\Arquivos de programas\LimeWire 2008-01-07 18:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java 2007-12-26 11:51 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-12-13 22:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0211842-8b43-4cc4-a532-e16afba388b2}] 2007-07-31 15:33 1391640 --a------ C:\Arquivos de programas\speedbit_br\tbspee.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0211842-8B43-4CC4-A532-E16AFBA388B2} {4B3803EA-5230-4DC3-A7FC-33638F3D3542} {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_CLASSES_ROOT\clsid\{e0211842-8b43-4cc4-a532-e16afba388b2}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{E0211842-8B43-4CC4-A532-E16AFBA388B2}"= C:\Arquivos de programas\speedbit_br\tbspee.dll [2007-07-31 15:33 1391640] [HKEY_CLASSES_ROOT\clsid\{e0211842-8b43-4cc4-a532-e16afba388b2}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360] "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 13:50 20480] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-22 14:01 346536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-22 14:01 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2008-01-08 14:45 4376328 C:\Arquivos de programas\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetTube Update] --a------ 2008-02-29 00:17 29184 C:\Arquivos de programas\GetTube\liveupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -ra------ 2006-10-05 10:13 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-03-11 20:34 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -ra------ 2006-10-05 10:11 98304 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Arquivos de programas\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] -ra------ 2006-10-05 10:10 94208 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Arquivos de programas\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325] --a------ 2007-05-10 12:18 835584 C:\WINDOWS\vsnp325.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325] --a------ 2007-04-21 08:36 270336 C:\WINDOWS\tsnp325.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "C:\\Arquivos de programas\\DAP\\DAP.exe"= "C:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-02-17 13:06] R2 RPCHED;Remote Procedure CallD (RPCE);C:\Arquivos de programas\Intel\Intell.exe [2002-02-16 13:54] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-24 17:06] S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' "2008-03-01 00:28:12 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Arquivos de programas\TuneUp Utilities 2004\SystemOptimizer.exe "2008-02-24 00:31:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe "2008-03-05 15:54:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job" - C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 13:29:22 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-03-05 13:30:20 ComboFix-quarantined-files.txt 2008-03-05 16:30:17 . 2008-02-20 17:36:09 --- E O F --- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 5, 2008 Boa Tarde dilp! >@< Configure o Windows,para que mostre pastas e arquivos ocultos! _______________________ >@< Vá em Iniciar >> Painel de controle >> Opções de pasta. >@< Clique na aba: Modo de exibição >@< Nas Configurações avançadas,vá em Pastas e arquivos ocultos. >@< Clique em Aplicar >> Ok. _______________________ >@< Vá em Iniciar >> Pesquisar. >@< Clique em: Todos os arquivos e pasta >@< No campo de pesquisa,coloque: svchost >> Clique em Pesquisar. >@< Dê preferencia à pesquisa avançada,aonde teremos mais ficheiros,sendo relacionados. >@< Dos arquivos encontrados,atente para os que estão fora do diretório System32. >@< Procure remove-los...mas,faça antes uma cópia de segurança! >@< Se forem para a lixeira,podem ou não,serem restaurados. _______________________ >@< Abra o Gerenciador de tarefas do Windows. >@< Na aba Processos,verifique os svchost cujo Nome de usuário, estão como NETWORK SERVICE ou LOCAL SERVICE. >@< Dos que estão fora da pasta System32,coloque-os como prioridade Baixa. >@< Desconfie dos que possuírem valores àcima de 14Kb,mesmo estando no diretório System32. >@< Faça um por vez!Observe qual processo liberou a memória de uso excessivo,para posteriormente,finalizá-lo e/ou deletá-lo. _______________________ >@< Muito cuidado nestas operações,para não ocorrer no erro de alterar ou finalizar processos do sistema. Aguardo retorno! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
dilp 0 Denunciar post Postado Março 8, 2008 olá fiz o q você falou mais nao encontrei nenhum dos arquivos fora do system32, só encontrei um dentro dele que tinha 14kb. No grenciador de tarefas todos os arquivos que você falo estavam uso 00 do cpu. o q estava usando 52% era o iexplore.exe, 47% era o msn e 1% era o tempo ocioso de sistema. Quando eu finalizo o msn pro exemplo, os 47% vao para o iexplore e quando eu finalizao o iexplore vai tudo para o tempo ocioso de sistema e o cpu volta a usar 1 ou 2% e fica tudo normal de novo. Mas com certeza isso nao deve ser normal e as janelas de finalizar MIC e 29a5ea88 continuam aparecendo quando vou desligar ou reiniciar. obrigado por estar me qajudando. aguardo resposta! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 9, 2008 Boa Noite dilp! >@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório. >@< Clique em BitDefender ( Scan OnLine ). <!> Leia o Tutorial. >@< Abrirá a página: < BitDefender OnLine Scanner > >@< Clique em I Agree. >@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan. ________________________ >@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado. >@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
dilp 0 Denunciar post Postado Março 10, 2008 oi.. t ai o log q você pediu [General] App = "BitDefender Online Scanner v8" Date = 10:03:2008 Time = 02:55:32 Scan Path = A:\;C:\;D:\; [Engines Info] Virus Definitions = 986304 Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)" Scan plugins = 16 Archive plugins = 41 Unpack plugins = 7 E-mail plugins = 6 System plugins = 5 [scan Statistics] Folders = 9485 Files = 434703 Archives = 2277 Packed files = 40853 Identified viruses = 4 Infected files = 4 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 3 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 6912 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000008 = "C:\Arquivos de programas\Intel\Intell.exe Infected with: Generic.Graybird.83F97D9A" Line00000007 = "C:\Arquivos de programas\Intel\Intell.exe Disinfection failed" Line00000006 = "C:\Arquivos de programas\Intel\Intell.exe Delete failed" Line00000005 = "C:\Documents and Settings\user\Meus documentos\Diego\instalações\1964_099.exe Infected with: Trojan.Generic.79287" Line00000004 = "C:\Documents and Settings\user\Meus documentos\Diego\instalações\1964_099.exe Deleted" Line00000003 = "C:\heap41a\reproduce.txt Infected with: Win32.Offring.A" Line00000002 = "C:\heap41a\reproduce.txt Deleted" Line00000001 = "C:\heap41a\script1.txt Infected with: Trojan.Autohk.A" Line00000000 = "C:\heap41a\script1.txt Deleted" E O DO HJT Logfile of HijackThis v1.99.1 Scan saved at 06:21:41, on 10/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\FixCamera.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\malware\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 10, 2008 Bom Dia dilp! >@< Digite no Executar: services.msc >@< Localize o serviço: Remote Procedure CallD >@< Dê um duplo clique e,em "Tipo de inicialização",selecione Desativado. >@< Clique,também,em Parar. ___________________________ Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. ___________________________ >@< Desabilite proteções residentes,de antivírus e antispywares. ___________________________ >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\Arquivos de programas\Intel\Intell.exe C:\Arquivos de programas\Intel\Intell.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Folder:: C:\Arquivos de programas\Intel C:\heap41a Driver:: "RPCHED" >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites