Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Pablo3322

[Resolvido!] IE não fecha!

Recommended Posts

Mesmo finalizando o IE no ctrl+alt+del, ele volta!!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:00 PABLO, on 8/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: Class - {FC9BCC0B-5745-21E7-F5A2-5A6E55758E50} - C:\WINDOWS\axybn1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\draw bash.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...rInstall_br.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Pablo3322! O log mostra várias infecções, com malwares que redirecionam o IE, como o ADSTechnology e o adware Lop, que foi instalado junto com o Messenger Plus, ao aceitar o patrocínio. Mesmo desinstalando o Plus, o Lop pode permanecer. Baixe:

 

KillBox

FindLop > Extraia os arquivos para uma pasta própria mas não use ainda.

 

Salve ou imprima estas instruções:

 

ETAPA 1

 

Faça o download do Lop Uninstaller

http://lop.com/new_uninstall.exe

 

Se ao tentar efetuar o Download, aparecer alguma mensagem de restrição, siga os seguintes passos:

  • Abra o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiaveis e em seguida clique em Sites, no campo Adicionar este site à zona coloque:
    http://lop.com e clique em Adicionar
     
  • Desmarque a opção: Exigir Verificação do Servidor(https)
     
  • Clique em Ok em todas as janelas e tente realizar o download novamente.

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

 

Desabilite seu antivírus e qualquer antispyware. Rode-o. Coloque os números e confirme.

  • Abra novamente o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiaveis em seguida clique em Sites.
     
  • Clique em: http://lop.com e clique em Remover.
     
  • Clique em Ok em todas as janelas.

 

ETAPA 2

 

Rode o KillBox, marque Delete on Reboot e depois Unregister .dll Before Deleting. Coloque em Full Path of File to Delete:

 

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

 

Clique no botão killbox.png. Responda Sim à pergunta.

 

Haverá uma contagem regressiva e o PC irá reiniciar.

 

Após carregar novamente o SO, faça um scan com o HijackThis e salve o log.

 

Rode o findlop.bat e depois localize o findlop.txt em C:\

 

Ative novamente o anti vírus e os anti spywares.

 

Poste:

 

Log do HijackThis

findlop.txt

 

OBS: ainda teremos outra etapa após ter o resultado destes logs que pedi.

 

.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam, muito obrigado pela ajuda!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:28 PABLO, on 8/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll (file missing)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: Class - {FC9BCC0B-5745-21E7-F5A2-5A6E55758E50} - C:\WINDOWS\axybn1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\draw bash.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...rInstall_br.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'MP Scheduled Scan.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\Windows Defender\MpCmdRun.exe'

Parameters: 'Scan -RestrictPrivileges'

WorkingDirectory: ''

Comment: 'Scheduled Scan'

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 03/08/2008 2:14:00

NextRun: 03/09/2008 2:14:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 1

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 12/31/2001

EndDate: 00/00/0000

StartTime: 02:14

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'A944EF35918B66A5.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\windows\applic~1\signtw~1\Roamheck16.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Particular'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 03/08/2008 9:00:00

NextRun: 03/08/2008 10:00:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 10/06/2001

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, copie e salve no Bloco de notas este texto em azul:

 

C:\WINDOWS\Tasks\A944EF35918B66A5.job

C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

C:\WINDOWS\APPLIC~1\SIGNTW~1\Roamheck16.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\draw bash.exe

 

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

Depois clique no botão All Files.

 

Clique no botão killbox.png. Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Abra o HijackThis e clique em Do a system scan only. Aguarde o exame acabar.

 

Cada entrada tem uma caixa do lado esquerdo. Marque apenas as caixas das entradas abaixo, que ainda encontrar:

 

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll (file missing)

 

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

 

O2 - BHO: Class - {FC9BCC0B-5745-21E7-F5A2-5A6E55758E50} - C:\WINDOWS\axybn1.dll (file missing)

 

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\draw bash.exe

 

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

 

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

 

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...rInstall_br.cab

 

Ficará com um sinal V dentro de cada caixa.

 

Clique então em ht-fix.png. Dê o Ok para a pergunta e depois feche o HijackThis.

 

3 - Para o log ser analisado, não pode haver ítens desabilitados da inicialização, pois não aparecem. Siga estas instruções:

 

Vá em Iniciar > Executar > digite msconfig

 

Na aba Geral marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços.

 

Aplicar > Ok

 

Reinicie o PC em modo normal, gere um novo log e poste.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 23:37 PABLO, on 9/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [YMSF Agent] C:\WINDOWS\system32\28463\YMSF.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\Send This.exe

O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\csrss.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ddns_agent] C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Administrador de servicios.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, apareceram mais entradas que não tinha antes depois que habilitou todos os ítens. Preciso que faça uma análise de alguns arquivos:

 

Acesse http://virusscan.jotti.org/

 

No site, na caixa Procurar, cole esta linha abaixo:

 

C:\WINDOWS\system32\28463\YMSF.exe

 

Clique em Submit, aguarde o resultado da análise aparecer e salve.

 

Faça o mesmo com esse:

 

C:\WINDOWS\csrss.exe

 

Poste os resultados das análises, para podermos prosseguir.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam, nos dois deus essa mensagen:

 

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Compartilhar este post


Link para o post
Compartilhar em outros sites

Houve algum problema ao usar o KillBox, pois entradas que não deveriam mais estar no log continuam?

 

Se não acertou usar, explique o que houve para podermos resolver.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam,

fiz tudo como você escreveu acima, mas quando coloquei estas linhas no site, apareceu esta mensagem que te falei.

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

 

Tentei repetir o processo anterior, mas não consigo mais entrar no modo seguro!

 

Abração!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, não é sobre a análise e sim os arquivos que pedi para deletar com o KillBox. Houve algum problema ou não acertou usar o KillBox?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam, obrigado pela resposta, e desculpe-me pela demora.

 

Bom, eu não vi nenhum erro..

Eu tava vendo , e parece que o IE fechou, pois ele não está mais aparecendo nos processos do gerenciador de tarefas!

Será que o problema foi resolvido?

 

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 08:34 PABLO, on 1/1/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {12A6AB00-7C8C-46AA-8426-8825F3F0927C} - C:\WINDOWS\system32\geedd.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\gebxyyx.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [YMSF Agent] C:\WINDOWS\system32\28463\YMSF.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\Send This.exe

O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\csrss.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ddns_agent] C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Administrador de servicios.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: gebxyyx - gebxyyx.dll (file missing)

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, para o log ser analisado, não pode haver ítens desabilitados da inicialização, pois não aparecem. Siga estas instruções:

 

Vá em Iniciar > Executar > digite msconfig

 

Na aba Geral marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços.

 

Aplicar > Ok

 

Reinicie o PC, gere um novo log e poste.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 01:26 PABLO, on 1/1/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [YMSF Agent] C:\WINDOWS\system32\28463\YMSF.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\Send This.exe

O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\csrss.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [0d6b155d] rundll32.exe "C:\WINDOWS\system32\bfuqwxvw.dll",b

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [bM0e5826c1] Rundll32.exe "C:\WINDOWS\system32\pwwcufgk.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ddns_agent] C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Administrador de servicios.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, seu log mostra uma infecção nova pelo trojan Vundo (adware Virtumonde), malware de difícil remoção. Baixe: ComboFix > salve na área de trabalho

  • Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  • Poste um novo log do HijackThis.
  • Selecione, copie e cole o conteúdo doComboFix.txt na sua próxima resposta.
     
    OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam, muito obrigado!

 

ComboFix 08-04-14.2 - Particular 2008-04-15 2:23:56.3 - FAT32x86

Executando de: C:\Documents and Settings\Particular\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aijenglm.dll

C:\WINDOWS\system32\budvjudu.dll

C:\WINDOWS\SYSTEM32\DKjPonmp.ini

C:\WINDOWS\SYSTEM32\DKjPonmp.ini2

C:\WINDOWS\system32\gaenuppo.dll

C:\WINDOWS\system32\iifcBqOh.dll

C:\WINDOWS\SYSTEM32\oppuneag.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))

.

 

2008-04-15 02:16 . 2008-04-15 02:16 3,648 --a------ C:\WINDOWS\SYSTEM32\inotcmeu.dll

2008-04-15 02:14 . 2008-04-15 02:14 3,648 --a------ C:\WINDOWS\SYSTEM32\odyfbajn.dll

2008-04-15 01:40 . 2008-04-15 01:40 3,648 --a------ C:\WINDOWS\SYSTEM32\agkfjoef.dll

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\config\systemprofile\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\Particular\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-04-11 23:03 . 2008-04-11 23:03 <DIR> d-------- C:\Arquivos de programas\Opera

2008-04-11 22:39 . 2002-01-01 00:04 708,714 ---hs---- C:\WINDOWS\SYSTEM32\iqqmhasy.ini

2008-04-11 22:33 . 2008-04-11 22:33 3,648 --a------ C:\WINDOWS\SYSTEM32\roneprhh.dll

2008-04-05 23:01 . 2002-01-01 00:03 720,831 ---hs---- C:\WINDOWS\SYSTEM32\rsxexkue.ini

2008-04-05 22:55 . 2008-04-05 22:55 3,648 --a------ C:\WINDOWS\SYSTEM32\ohdvqdyi.dll

2008-04-02 23:04 . 2008-04-02 23:04 <DIR> d--hs---- C:\FOUND.002

2008-03-25 04:35 . 2008-03-25 04:35 1,434,504 ---hs---- C:\WINDOWS\SYSTEM32\xyfiebcl.ini

2008-03-24 19:24 . 2008-03-25 04:35 1,343,480 ---hs---- C:\WINDOWS\SYSTEM32\hmrowbpc.ini

2008-03-22 00:11 . 2002-01-01 00:04 1,253,150 ---hs---- C:\WINDOWS\SYSTEM32\kjpsmukh.ini

2008-03-21 23:44 . 2008-03-21 23:44 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI

2008-03-20 20:44 . 2002-01-01 00:04 1,255,686 ---hs---- C:\WINDOWS\SYSTEM32\dahnpbbq.ini

2008-03-19 19:34 . 2002-01-01 00:08 1,389,816 ---hs---- C:\WINDOWS\SYSTEM32\iytggvqa.ini

2008-03-18 19:48 . 2002-01-01 00:03 1,321,257 ---hs---- C:\WINDOWS\SYSTEM32\qjqtnaib.ini

2008-03-17 20:54 . 2008-03-18 18:39 2,105,720 ---hs---- C:\WINDOWS\SYSTEM32\qnkfloue.ini

2008-03-17 20:45 . 2008-03-17 20:54 1,359,967 ---hs---- C:\WINDOWS\SYSTEM32\txjuawxw.ini

2008-03-16 23:38 . 2002-01-01 00:06 1,355,340 ---hs---- C:\WINDOWS\SYSTEM32\ksuukrhv.ini

2008-03-15 14:35 . 2008-03-15 14:35 33,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oreans32.sys

2008-03-15 13:03 . 2001-01-01 00:05 1,367,163 ---hs---- C:\WINDOWS\SYSTEM32\rsdtpdjn.ini

2008-03-15 00:21 . 2002-01-01 00:04 1,366,983 ---hs---- C:\WINDOWS\SYSTEM32\wubgcppt.ini

2008-03-14 23:51 . 2008-03-14 23:52 1,366,863 ---hs---- C:\WINDOWS\SYSTEM32\mgihrvqu.ini

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-29 18:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr

2008-03-11 15:01 --------- d-----w C:\WINDOWS\Application Data\ADPHONE

2008-03-11 15:01 --------- d-----w C:\Arquivos de programas\ADPHONE3

2008-03-10 14:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-03-10 14:14 37,888 ----a-w C:\WINDOWS\SYSTEM32\rar.exe

2008-03-10 14:03 --------- d-----w C:\Arquivos de programas\Bonjour

2008-03-10 13:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-03-07 18:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-26 16:30 --------- d-----w C:\Arquivos de programas\ArtMoney

2008-02-21 22:15 --------- d-sh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-15 17:54 90,112 ----a-w C:\WINDOWS\Cuninst.exe

2008-02-11 11:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-11 11:05 311,296 ------w C:\WINDOWS\Setup1.exe

2008-01-17 17:33 42,128 ----a-w C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

2007-10-08 19:53 87,608 ----a-w C:\WINDOWS\Application Data\inst.exe

2007-10-08 19:53 47,360 ----a-w C:\WINDOWS\Application Data\pcouffin.sys

2007-08-08 19:11 169 ----a-w C:\Documents and Settings\Particular\lixeira.reg

2006-04-22 15:06 12 ----a-w C:\Documents and Settings\Particular\aruivo.bat

2005-05-07 19:16 2,376 ----a-w C:\Arquivos de programas\musica.MTP

2004-07-23 10:42 266 --sh--w C:\Arquivos de programas\desktop.ini

2004-07-23 10:42 11,280 ---h--w C:\Arquivos de programas\folder.htt

2002-01-01 10:03 901 ----a-w C:\Documents and Settings\Particular\restore.reg

2006-05-24 12:38 233,472 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-18 13:00 204,895 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 10:41 77,824 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctframeplayerobject.dll

2006-05-18 12:59 426,081 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 08:19 458,752 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\imagickrt.dll

2006-04-10 14:35 139,264 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 07:10 204,800 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 07:42 106,496 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 07:22 212,992 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 07:21 167,936 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLVoiceUnpacker.dll

2005-05-01 07:19 14 --sh--w C:\WINDOWS\dpwtpdxp.dll

2005-05-08 15:53 19 --sh--w C:\WINDOWS\dpwtddxp.dll

2005-02-11 07:44 56 --sh--r C:\WINDOWS\SYSTEM32\08E6EFE77D.sys

2005-07-25 17:51 12 --sh--w C:\WINDOWS\SYSTEM32\spwtpaxp.dll

2005-05-01 07:19 14 --sh--w C:\WINDOWS\SYSTEM32\dpwtpaxp.dll

2005-05-01 07:19 19 --sh--w C:\WINDOWS\SYSTEM32\dpwtdaxp.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-15_ 1.30.10.87 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-14 21:04:44 11,368 ----a-w C:\WINDOWS\Application Data\Mozilla\Firefox\pluginreg.dat

+ 2008-04-14 22:17:02 11,368 ----a-w C:\WINDOWS\Application Data\Mozilla\Firefox\pluginreg.dat

- 2008-04-14 21:19:44 72,004 ----a-w C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\lnzl9y3d.default\history.dat

+ 2008-04-14 22:31:04 64,724 ----a-w C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\lnzl9y3d.default\history.dat

- 2008-04-14 21:21:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 22:32:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 22:32:48 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_608.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12A6AB00-7C8C-46AA-8426-8825F3F0927C}]

C:\WINDOWS\system32\geedd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

2002-01-01 00:03 36864 --a------ C:\WINDOWS\system32\awtsPHYp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96408F4-C4C1-46E3-BAA2-21D5D69AD1D0}]

2002-01-01 00:09 269824 --a------ C:\WINDOWS\system32\pmnoPjKD.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

 

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 20:43 8489984 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

"Windows Registry Repair Pro"="C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [ ]

"TerraVOIP"="C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe" [ ]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 21:09 68856]

"STYLEXP"="C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 22:31 1372160]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [ ]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [ ]

"ddns_agent"="C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe" [2005-06-03 09:21 631296]

"CopyBat"="C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe" [ ]

"ADPHONE"="C:\Arquivos de programas\ADPHONE3\ADPHONE.exe" [2008-03-06 13:28 1261568]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]

"YMSF Agent"="C:\WINDOWS\system32\28463\YMSF.exe" [ ]

"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]

"file wave user bat"="C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\Send This.exe" [ ]

"csrss.exe"="C:\WINDOWS\csrss.exe" [ ]

"WinVNC"="C:\Arquivos de programas\UltraVNC\WinVNC.exe" [2006-06-18 14:56 712704]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-04-03 18:12 777424]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2005-11-12 13:46 155648]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-02 03:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\WINDOWS\Menu Iniciar\Programas\Iniciar\

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2007-09-17 23:01:34 PABLO 619048]

 

C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 PABLO 83360]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2004-07-23 16:51:24 PABLO 106560]

Administrador de servicios.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-06-19 20:19:08 PABLO 69632]

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-01-01 12:02:34 PABLO 124400]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"Shell"= c:explorer1.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"RestrictRun"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"= WinSpooler.exe

"WinUpdating"= WinUpdating.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"RestrictRun"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2006-03-27 10:52 201256]

"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\awtsPHYp.dll [2002-01-01 00:03 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPHYp]

awtsPHYp.dll 2002-01-01 00:03 36864 C:\WINDOWS\SYSTEM32\awtsPHYp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxyyx]

gebxyyx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\FASTLOAD.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\Arquivos de programas\\Windows Media Player\\WMPLAYER.EXE"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\jlgsolera\\OnLineLiveSetup\\OnLineLive.exe"=

"C:\\Sierra\\Counter-Strike\\cstrike.exe"=

"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"\\\\10.1.1.20\\c\\Muserver1\\CS\\CS.exe"=

"C:\\Arquivos de programas\\Winco\\Cliente DDNS\\wizard.exe"=

"\\\\10.1.1.20\\Sharing Folders\\pbbinho@hotmail.com\\LieroX v0.56 Pack 1.9\\LieroX.exe"=

"\\\\10.1.1.20\\c\\Muserver\\GameServer\\GameServer.exe"=

"C:\\Arquivos de programas\\RealVNC\\VNC4\\winvnc4.exe"=

"D:\\MuServer\\GameServer\\GameServer.exe"=

"D:\\MuServer\\DataServer1\\Dataserver.exe"=

"D:\\MuServer\\DataServer2\\Dataserver.exe"=

"D:\\MuServer\\CS\\CS.exe"=

"D:\\MuServer\\JoinServer\\JoinServer.exe"=

"D:\\MuServer\\RankingServer\\DevilSqure_EventServer.exe"=

"D:\\MuServer\\ExDB\\Exdb.exe"=

"D:\\MuServer\\MU2003_EVENT_SERVER\\WZ_MU2003_EVENT_SERVER.exe"=

"C:\\Muserver\\JoinServer\\JoinServer.exe"=

"C:\\Muserver\\CS\\CS.EXE"=

"C:\\Muserver\\DataServer1\\Dataserver.exe"=

"C:\\Muserver\\DataServer2\\Dataserver.exe"=

"C:\\MuServer99b+\\DataServer1\\Dataserver.exe"=

"C:\\MuServer99b+\\DataServer2\\Dataserver.exe"=

"C:\\MuServer99b+\\cs\\cs.exe"=

"C:\\MuServer99b+\\JoinServer\\JoinServer.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Darkeden\\darkeden.exe"=

"C:\\Documents and Settings\\Particular\\Desktop\\Dark Eden\\dk2.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"C:\\Documents and Settings\\Particular\\Desktop\\Nova pasta (4)\\Dark Eden\\dk2.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 22:31]

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 03:14]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-15 14:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 22:35]

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]

S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]

S3 SPCA508A;11043 Ver1.3;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Pablo#pablo ©]

\Shell\AutoRun\command - setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

\Shell\AutoRun\command - setup.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]

rundll32.exeadvpack.dll

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-04-14 22:14:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 02:36:34

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

-> C:\WINDOWS\system32\awtsPHYp.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\byXRHyvw.dll

.

------------------------ Other Running Processes ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\TGTSOFT\STYLEXP\STYLEXPSERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\ARQUIVOS DE PROGRAMAS\BONJOUR\MDNSRESPONDER.EXE

C:\ARQUIVOS DE PROGRAMAS\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-15 2:43:15 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-14 22:42:42

ComboFix2.txt 2008-04-14 21:32:58

 

Pre-Run: 6,011,387,904 bytes disponíveis

Post-Run: 5,989,924,864 bytes dispon¡veis

.

2001-12-31 21:49:06 --- E O F ---

 

 

________________________________________________________________________________

____________________________________

________________________________________________________________________________

____________________________________

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:26 PABLO, on 1/1/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [YMSF Agent] C:\WINDOWS\system32\28463\YMSF.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\Send This.exe

O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\csrss.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [bM0e5826c1] Rundll32.exe "C:\WINDOWS\system32\goojlbks.dll",s

O4 - HKLM\..\Run: [0d6b155d] rundll32.exe "C:\WINDOWS\system32\vwdqlmfa.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ddns_agent] C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Administrador de servicios.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix -> C:\combofix.txt

 

2 - Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

3 - Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\SYSTEM32\inotcmeu.dll

C:\WINDOWS\SYSTEM32\odyfbajn.dll

C:\WINDOWS\SYSTEM32\agkfjoef.dll

C:\WINDOWS\SYSTEM32\iqqmhasy.ini

C:\WINDOWS\SYSTEM32\roneprhh.dll

C:\WINDOWS\SYSTEM32\rsxexkue.ini

C:\WINDOWS\SYSTEM32\ohdvqdyi.dll

C:\WINDOWS\SYSTEM32\xyfiebcl.ini

C:\WINDOWS\SYSTEM32\hmrowbpc.ini

C:\WINDOWS\SYSTEM32\kjpsmukh.ini

C:\WINDOWS\SYSTEM32\dahnpbbq.ini

C:\WINDOWS\SYSTEM32\iytggvqa.ini

C:\WINDOWS\SYSTEM32\qjqtnaib.ini

C:\WINDOWS\SYSTEM32\qnkfloue.ini

C:\WINDOWS\SYSTEM32\txjuawxw.ini

C:\WINDOWS\SYSTEM32\ksuukrhv.ini

C:\WINDOWS\SYSTEM32\rsdtpdjn.ini

C:\WINDOWS\SYSTEM32\wubgcppt.ini

C:\WINDOWS\SYSTEM32\mgihrvqu.ini

C:\WINDOWS\system32\geedd.dll

C:\WINDOWS\system32\awtsPHYp.dll

C:\WINDOWS\system32\pmnoPjKD.dll

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinUpdating.exe

C:\WINDOWS\system32\byXRHyvw.dll

C:\WINDOWS\system32\goojlbks.dll

C:\WINDOWS\system32\vwdqlmfa.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12A6AB00-7C8C-46AA-8426-8825F3F0927C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96408F4-C4C1-46E3-BAA2-21D5D69AD1D0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

CopyBat"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YMSF Agent"=-

"file wave user bat"=-

"csrss.exe"=-

"BM0e5826c1"=-

"0d6b155d"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"Shell"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"=-

"WinUpdating"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPHYp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxyyx]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Pablo#pablo ©]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

4 - Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

5 - Acesse http://virusscan.jotti.org/

 

No site, na caixa Procurar, cole esta linha abaixo:

 

C:\WINDOWS\system32\tsd32.dll

 

Clique em Submit, aguarde o resultado da análise aparecer e salve.

 

6 - Poste um novo log do HijackThis. Selecione, copie e cole o conteúdo doComboFix.txt na sua próxima resposta. Poste também o resultado do Jotti.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam, desculpe pela demora!

Logfile of HijackThis v1.99.1

Scan saved at 20:01 PABLO, on 29/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\K-Meleon\k-meleon.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ddns_agent] C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe

O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Administrador de servicios.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_45.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

 

 

 

________________________________________________________________________________

___________________________________

 

 

 

 

ComboFix 08-04-28.2 - Particular 2008-04-29 18:09:21.5 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.57 [GMT 4:00]

Executando de: C:\Documents and Settings\Particular\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Particular\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\SYSTEM32\agkfjoef.dll

C:\WINDOWS\system32\awtsPHYp.dll

C:\WINDOWS\system32\byXRHyvw.dll

C:\WINDOWS\SYSTEM32\dahnpbbq.ini

C:\WINDOWS\system32\geedd.dll

C:\WINDOWS\system32\goojlbks.dll

C:\WINDOWS\SYSTEM32\hmrowbpc.ini

C:\WINDOWS\SYSTEM32\inotcmeu.dll

C:\WINDOWS\SYSTEM32\iqqmhasy.ini

C:\WINDOWS\SYSTEM32\iytggvqa.ini

C:\WINDOWS\SYSTEM32\kjpsmukh.ini

C:\WINDOWS\SYSTEM32\ksuukrhv.ini

C:\WINDOWS\SYSTEM32\mgihrvqu.ini

C:\WINDOWS\SYSTEM32\odyfbajn.dll

C:\WINDOWS\SYSTEM32\ohdvqdyi.dll

C:\WINDOWS\system32\pmnoPjKD.dll

C:\WINDOWS\SYSTEM32\qjqtnaib.ini

C:\WINDOWS\SYSTEM32\qnkfloue.ini

C:\WINDOWS\SYSTEM32\roneprhh.dll

C:\WINDOWS\SYSTEM32\rsdtpdjn.ini

C:\WINDOWS\SYSTEM32\rsxexkue.ini

C:\WINDOWS\SYSTEM32\txjuawxw.ini

C:\WINDOWS\system32\vwdqlmfa.dll

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinUpdating.exe

C:\WINDOWS\SYSTEM32\wubgcppt.ini

C:\WINDOWS\SYSTEM32\xyfiebcl.ini

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))

.

 

2008-07-31 10:00 . 2008-07-31 10:00 <DIR> d--hs---- C:\FOUND.000

2008-04-18 01:05 . 2008-04-18 01:05 <DIR> d-------- C:\WINDOWS\Application Data\K-Meleon

2008-04-18 01:04 . 2008-04-18 01:04 <DIR> d-------- C:\Arquivos de programas\K-Meleon

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\config\systemprofile\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\Particular\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-04-15 01:33 . 2008-04-15 01:33 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-04-11 23:03 . 2008-04-11 23:03 <DIR> d-------- C:\Arquivos de programas\Opera

2008-04-02 23:04 . 2008-04-02 23:04 <DIR> d--hs---- C:\FOUND.002

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys

2008-03-15 10:35 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys

2008-03-11 15:01 --------- d-----w C:\WINDOWS\Application Data\ADPHONE

2008-03-11 15:01 --------- d-----w C:\Arquivos de programas\ADPHONE3

2008-03-10 14:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-03-10 14:14 37,888 ----a-w C:\WINDOWS\SYSTEM32\rar.exe

2008-03-10 14:03 --------- d-----w C:\Arquivos de programas\Bonjour

2008-03-10 13:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-03-07 18:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll

2008-02-16 22:33 3,080,704 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll

2008-02-15 17:54 90,112 ----a-w C:\WINDOWS\Cuninst.exe

2008-02-15 09:23 18,432 ------w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe

2008-02-11 11:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-11 11:05 311,296 ------w C:\WINDOWS\Setup1.exe

2008-01-17 17:33 42,128 ----a-w C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

2007-10-08 19:53 87,608 ----a-w C:\WINDOWS\Application Data\inst.exe

2007-10-08 19:53 47,360 ----a-w C:\WINDOWS\Application Data\pcouffin.sys

2007-08-08 19:11 169 ----a-w C:\Documents and Settings\Particular\lixeira.reg

2006-04-22 15:06 12 ----a-w C:\Documents and Settings\Particular\aruivo.bat

2005-05-07 19:16 2,376 ----a-w C:\Arquivos de programas\musica.MTP

2004-07-23 10:42 266 --sh--w C:\Arquivos de programas\desktop.ini

2004-07-23 10:42 11,280 ---h--w C:\Arquivos de programas\folder.htt

2002-01-01 10:03 901 ----a-w C:\Documents and Settings\Particular\restore.reg

2006-05-24 12:38 233,472 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-18 13:00 204,895 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 10:41 77,824 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctframeplayerobject.dll

2006-05-18 12:59 426,081 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 08:19 458,752 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\imagickrt.dll

2006-04-10 14:35 139,264 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 07:10 204,800 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 07:42 106,496 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 07:22 212,992 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 07:21 167,936 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\RLVoiceUnpacker.dll

2005-05-01 07:19 14 --sh--w C:\WINDOWS\dpwtpdxp.dll

2005-05-08 15:53 19 --sh--w C:\WINDOWS\dpwtddxp.dll

2005-02-11 07:44 56 --sh--r C:\WINDOWS\SYSTEM32\08E6EFE77D.sys

2005-07-25 17:51 12 --sh--w C:\WINDOWS\SYSTEM32\spwtpaxp.dll

2005-05-01 07:19 14 --sh--w C:\WINDOWS\SYSTEM32\dpwtpaxp.dll

2005-05-01 07:19 19 --sh--w C:\WINDOWS\SYSTEM32\dpwtdaxp.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

 

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 20:43 8489984 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"ADPHONE"="C:\Arquivos de programas\ADPHONE3\ADPHONE.exe" [2008-03-06 13:28 1261568]

"Windows Registry Repair Pro"="C:\Arquivos de programas\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [ ]

"TerraVOIP"="C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe" [ ]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 21:09 68856]

"STYLEXP"="C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 22:31 1372160]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [ ]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [ ]

"ddns_agent"="C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe" [2005-06-03 09:21 631296]

"CopyBat"="C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]

"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]

"WinVNC"="C:\Arquivos de programas\UltraVNC\WinVNC.exe" [2006-06-18 14:56 712704]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-04-03 18:12 777424]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2005-11-12 13:46 155648]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-02 03:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\WINDOWS\Menu Iniciar\Programas\Iniciar\

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2007-09-17 23:01:34 PABLO 619048]

 

C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 PABLO 83360]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2004-07-23 16:51:24 PABLO 106560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"RestrictRun"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"RestrictRun"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2006-03-27 10:52 201256]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\FASTLOAD.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.MSNAUDIO"= msnaudio.acm

"vidc.yv12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\Arquivos de programas\\Windows Media Player\\WMPLAYER.EXE"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\jlgsolera\\OnLineLiveSetup\\OnLineLive.exe"=

"C:\\Sierra\\Counter-Strike\\cstrike.exe"=

"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"\\\\10.1.1.20\\c\\Muserver1\\CS\\CS.exe"=

"C:\\Arquivos de programas\\Winco\\Cliente DDNS\\wizard.exe"=

"\\\\10.1.1.20\\Sharing Folders\\pbbinho@hotmail.com\\LieroX v0.56 Pack 1.9\\LieroX.exe"=

"\\\\10.1.1.20\\c\\Muserver\\GameServer\\GameServer.exe"=

"C:\\Arquivos de programas\\RealVNC\\VNC4\\winvnc4.exe"=

"D:\\MuServer\\GameServer\\GameServer.exe"=

"D:\\MuServer\\DataServer1\\Dataserver.exe"=

"D:\\MuServer\\DataServer2\\Dataserver.exe"=

"D:\\MuServer\\CS\\CS.exe"=

"D:\\MuServer\\JoinServer\\JoinServer.exe"=

"D:\\MuServer\\RankingServer\\DevilSqure_EventServer.exe"=

"D:\\MuServer\\ExDB\\Exdb.exe"=

"D:\\MuServer\\MU2003_EVENT_SERVER\\WZ_MU2003_EVENT_SERVER.exe"=

"C:\\Muserver\\JoinServer\\JoinServer.exe"=

"C:\\Muserver\\CS\\CS.EXE"=

"C:\\Muserver\\DataServer1\\Dataserver.exe"=

"C:\\Muserver\\DataServer2\\Dataserver.exe"=

"C:\\MuServer99b+\\DataServer1\\Dataserver.exe"=

"C:\\MuServer99b+\\DataServer2\\Dataserver.exe"=

"C:\\MuServer99b+\\cs\\cs.exe"=

"C:\\MuServer99b+\\JoinServer\\JoinServer.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Darkeden\\darkeden.exe"=

"C:\\Documents and Settings\\Particular\\Desktop\\Dark Eden\\dk2.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"C:\\Documents and Settings\\Particular\\Desktop\\Nova pasta (4)\\Dark Eden\\dk2.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 22:31]

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 03:14]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-15 14:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 22:35]

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]

S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]

S3 SPCA508A;11043 Ver1.3;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Pablo#pablo ©]

\Shell\AutoRun\command - setup.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]

rundll32.exeadvpack.dll

.

Conte£do da pasta 'Tarefas Agendadas'

"2001-12-31 22:14:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-29 18:20:24

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

------------------------ Other Running Processes ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\TGTSOFT\STYLEXP\STYLEXPSERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\ARQUIVOS DE PROGRAMAS\BONJOUR\MDNSRESPONDER.EXE

C:\ARQUIVOS DE PROGRAMAS\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-29 18:24:54 - machine was rebooted [Particular]

ComboFix-quarantined-files.txt 2008-04-29 14:24:40

 

Pre-Run: 5,678,301,184 bytes disponíveis

Post-Run: 5,651,365,888 bytes dispon¡veis

 

248 --- E O F --- 2008-04-16 21:39:39

 

 

 

________________________________________________________________________________

___________________________________

 

Scanner results

Scan taken on 29 Apr 2008 22:49:32 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga estas instruções:

 

  • Abra o HijackThis e clique em Do a system scan only
    Aguarde o exame acabar.
    Cada entrada tem uma caixa do lado esquerdo.
    Marque apenas a caixa da entrada abaixo:
     
    O4 - HKCU\..\Run: [CopyBat] C:\WINDOWS\APPLIC~1\SIGNTW~1\biasmail.exe
     
    Ficará com um sinal V dentro da caixa.
     
    Clique então em ht-fix.png. Dê o Ok para a pergunta e depois gere um novo log com o HijackThis e poste.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.