[Resolvido!]Análise de Log

[Torch 0]

Fala galera, minha micro anda estranho, esses dias passando o spybot vi que tinha alguns spys e os removi, porém se eu reiniciar a máquina e passar de novo eles voltam a aparecer.

 

Segue o log do HijackThis para vossa análise.

 

Logfile of HijackThis v1.99.1

Scan saved at 09:25:26, on 12/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\bin\Apache2\bin\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\bin\Apache2\bin\Apache.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\bin\Apache2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O1 - Hosts: 89.248.161.70 www.filewarez.nl

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bM43636319] Rundll32.exe "C:\WINDOWS\system32\afpglaij.dll",s

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\bin\Apache2\bin\ApacheMonitor.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

Valeu :thumbsup:

[DigRam 144]

Bom Dia Torch!

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

[Torch 0]

Bom dia DigRam, blzinha??

 

Seguinte cara, o VundoFix diz que não encontrou nada. Sei que está infectado pq hj pela manhã ao ligar a máquina o AVG tentou remover um vírus, mas não consegui anotar o nome.

 

Segue novo Log do HijackThis.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:16:57, on 13/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\bin\Apache2\bin\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\bin\Apache2\bin\Apache.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\bin\Apache2\bin\ApacheMonitor.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O1 - Hosts: 89.248.161.70 www.filewarez.nl

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - C:\WINDOWS\system32\ddcawuv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [bM43636319] Rundll32.exe "C:\WINDOWS\system32\phkmeqsb.dll",s

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\bin\Apache2\bin\ApacheMonitor.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O20 - Winlogon Notify: ddcawuv - C:\WINDOWS\SYSTEM32\ddcawuv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

:thumbsup:

[DigRam 144]

Boa Tarde! Torch

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite: Firewall,antivírus e antispyware.

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

____________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Torch 0]

Fla DigRam, beleza??

 

Seguinte cara, ao rodar o ComboFix.exe me aparece uma tela azul com a mensagem que o sistema operacional é imcompátivel que o combofix só roda em windows 2000 ou XP, sendo que meu windows é o XP.

[DigRam 144]

Fla DigRam, beleza??

 

Seguinte cara, ao rodar o ComboFix.exe me aparece uma tela azul com a mensagem que o sistema operacional é imcompátivel que o combofix só roda em windows 2000 ou XP, sendo que meu windows é o XP.

__________________

 

Opa! Torch

Boa Noite!

 

>@< Delete:ComboFix.exe e C:\Qoobox

>@< Baixe,novamente,o ComboFix diretamente para o Disco Local-C.

>@< Reinicie o computador,em Modo de Segurança e esteja logado como administrador.

>@< Execute a ferramenta e poste o seu relatório: C:\ComboFix.txt <!>

__________________

 

>@< Caso continue o problema,executaremos outros procedimentos.

 

Abraços!

[Torch 0]

Fala DigRam, tranquilo??

 

Então cara, mesmo com essa instruções que você passou a parada não roda, Continua o mesmo erro.

 

Abraço :thumbsup:

[DigRam 144]

Bom Dia Torch!

 

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Disco Local-C e crie uma pasta para a ferramenta,estabelecendo um caminho para o Desktop! ( Atalho. )

>@< Faça o download do ELINOTIF.DLL.

>@< Salve-o no interior da pasta criada para EliStarA!

>@< Faça o download do EliTriIP.

>@< Baixe-a para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique ao pé da página,no botão Descargar Eli....

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!

>@< Aceite as condições propostas e aguarde o término do scan.

>@< Aguarde!Pois vai demorar um pouco para concluir a varredura do PC.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

________________________________

 

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ).

>@< Poste,também,um nôvo Log do HijackThis,feito em Modo Normal.

 

Abraços!

[Torch 0]

Bom dia DigRam,

 

Segue o log InfoSat.txt

 

 

Fri Mar 14 09:39:34 2008

EliStartPage v15.86 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\DDCAWUV] -> C:\WINDOWS\SYSTEM32\ddcawuv.dll

Entrada Eliminada [HKLM\...\Run] "BM43636319"="Rundll32.exe "C:\WINDOWS\system32\fsevjwum.dll",s" (Vundo)

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

[WinLogon\Notify\DDCAWUV]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\DDCAWUV.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\DDCAWUV.DLL.Muestra EliStartPage v15.86

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DDCAWUV.DLL --> Acceso Denegado.

Por favor, envienos una muestra del fichero

C:\Muestras\FSEVJWUM.DLL.Muestra EliStartPage v15.86

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\FSEVJWUM.DLL --> Eliminado

D:\DESKTOP.INI --> Eliminado (Fichero Complementario).

C:\WINDOWS\PSKT.INI --> Eliminado (Fichero Complementario).

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

 

Fri Mar 14 09:40:23 2008

EliStartPage v15.86 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\htdocs\atenaext\ext\docs\output\ARRAYREADER.JSS.HTML --> Eliminado, MalWare.Celular

C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

 

Nº Total de Directorios: 20797

Nº Total de Ficheros: 241101

Nº de Ficheros Analizados: 53331

Nº de Ficheros Infectados: 3

Nº de Ficheros Limpiados: 3

Sistema Infectado por el Downloader.ConHook

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

Fri Mar 14 10:02:34 2008

EliTriIP v4.50 ©2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

 

Fri Mar 14 10:02:36 2008

EliTriIP v4.50 ©2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 20796

Nº Total de Ficheros: 241098

Nº de Ficheros Analizados: 50113

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Detectado DownLoader.ConHook

C:\WINDOWS\SYSTEM32\ddcawuv.dll -> Eliminado.

Elininada KEY "Winlogon\Notify\DDCAWUV"

Detectado Vundo9

Elininada Class {B140B04D-95B3-490B-A28D-FE78DC296EB3}

Elininado BHO {B140B04D-95B3-490B-A28D-FE78DC296EB3}

Desinstalado EliNotif.dll

 

Fri Mar 14 10:23:13 2008

EliStartPage v15.86 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.86

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{0CF8B40D-D0BA-41E6-AE76-B8B23E76EE02}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

 

Agora o log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:24:54, on 14/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\bin\Apache2\bin\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Elistar\ELISTARA.BC%D8CB%D8%D8H.EXE

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

No aguardo de novas instruções.

Abraço, :thumbsup:

[DigRam 144]

Boa Tarde! Torch

 

DELETE:

 

C:\infoSAT.txt << Importante deletar!

 

C:\Muestras << Delete esta pasta!

 

C:\Elistar << Delete esta versão! ( v15.86 )

________________________

 

>@< Abra o HijackThis e,com todos os programa fechados,dê Fix nesta entrada:

 

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Elistar\ELISTARA.BC%D8CB%D8%D8H.EXE

>@< Baixe uma nova versão: < EliStartPage v15.87 >

>@< Execute-a em uma pasta própria,junto com a utilidade ELINOTIF.DLL

>@< Execute-a em Modo de Segurança e,não esqueça de desabilitar os programas de proteção.

>@< Terminando,reinicie em Modo Normal.

________________________

 

>@< Faça o download do UnHook.

>@< Baixe-o para o Desktop!

>@< Vá em Iniciar >> Executar >> Digite: regedit >> Ok.

>@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

>@< Clique com o lado direito,do Mouse. >> Clique em Instalar.

>@< Reinicie o computador!

________________________

 

>@< Faça um escaneamento de desinfecção em < > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

 

<!> Leia o Tutorial: < Link >

 

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

________________________

 

>@< Poste,então: Relatório do BitDefender + infoSat.txt + HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[Torch 0]

Bom dia DigRam,

Tive uns problemas com a internet esse final de semana e consegui terminar de realizar os passos da última instruções só agora:

 

BitDefender Online Scanner:

BitDefender Online Scanner

 

Scan report generated at: Mon, Mar 17, 2008 - 12:59:45

 

Scan path: C:\;D:\;E:\;F:\;

Statistics

Time

03:33:28

Files

1595237

Folders

20841

Boot Sectors

3

Archives

17256

Packed Files

141343

 

Results

 

Identified Viruses

10

Infected Files

15

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

15

Engines Info

Virus Definitions

1004651

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

 

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

 

Scanned FileStatus

 

C:\D\p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rar=>VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez\Crack\ConvertXtoDvd.exeInfected with: Backdoor.Pcclient.GV

C:\D\p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rar=>VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez\Crack\ConvertXtoDvd.exeDeleted

C:\D\p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rar=>VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez\Crack\ConvertXtoDvd.exeInfected with: Backdoor.Pcclient.GV

C:\D\p4_arquivos.rar=>p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rar=>VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez\Crack\ConvertXtoDvd.exeDeleted

C:\D\p4_arquivos.rar=>p4_arquivos\VSO.Software.ConvertXtoDVD.v2.0.5.107.WinALL.Cracked-CzW.upload.by.kain.filewarez.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zendenc5.exeDetected with: Application.Crack.PCV

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zendenc5.exeDisinfection failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zendenc5.exeDeleted

C:\D\p4_arquivos.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zend_gui.exeDetected with: Application.Crack.PCV

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zend_gui.exeDisinfection failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\patch_zend_gui.exeDeleted

C:\D\p4_arquivos.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zendenc5.exeDetected with: Application.Crack.PCV

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zendenc5.exeDisinfection failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zendenc5.exeDeleted

C:\D\p4_arquivos.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zend_gui.exeDetected with: Application.Crack.PCV

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zend_gui.exeDisinfection failed

C:\D\p4_arquivos.rar=>p4_arquivos\Zend\3\patch_zend_gui.exeDeleted

C:\D\p4_arquivos.rarUpdate failed

C:\D\p4_arquivos.rar=>p4_arquivos\PHP.Designer.2007.Professional.v5.3.Incl.Keymaker-CORE.rar=>phpdesigner2007_setup.exe=>(CAB Sfx r)=>pwMang.exeInfected with: Backdoor.Bifrose.ADZ

C:\D\p4_arquivos.rar=>p4_arquivos\PHP.Designer.2007.Professional.v5.3.Incl.Keymaker-CORE.rar=>phpdesigner2007_setup.exe=>(CAB Sfx r)=>pwMang.exeDeleted

C:\D\p4_arquivos.rar=>p4_arquivos\PHP.Designer.2007.Professional.v5.3.Incl.Keymaker-CORE.rar=>phpdesigner2007_setup.exe=>(CAB Sfx r)Update failed

C:\D\WGA_Patcher_keznews.com_(1).rar=>keyfinder.exeDetected with: Application.Findkeyxp.G

C:\D\WGA_Patcher_keznews.com_(1).rar=>keyfinder.exeDisinfection failed

C:\D\WGA_Patcher_keznews.com_(1).rar=>keyfinder.exeDeleted

C:\D\WGA_Patcher_keznews.com_(1).rarUpdate failed

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.iso=>MPT/Patch/0B01/Q252795_W2k_sp3_x86.exeInfected with: Trojan.Generic.94713

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.iso=>MPT/Patch/0B01/Q252795_W2k_sp3_x86.exeDeleted

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.isoUpdate failed

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.iso=>MPT/Patch/1602/Q252795_W2k_sp3_x86.exeInfected with: Trojan.Generic.96750

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.iso=>MPT/Patch/1602/Q252795_W2k_sp3_x86.exeDeleted

C:\Documents and Settings\Administrador\Meus documentos\My ISO Files\MPT.isoUpdate failed

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0018Detected with: Application.Flashget.B

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0018Disinfection failed

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0018Deleted

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exeUpdate failed

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0063Detected with: Adware.Flashget.C

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0063Deleted

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exeUpdate failed

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0068Detected with: Application.Flashget.H

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0068Disinfection failed

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exe=>wise0068Deleted

C:\Downloads\FlashGetbypalmas2.rar=>FlashGet\fgf160a.exeUpdate failed

C:\Downloads\Flash_Banner_Creator.rar=>Flash Banner Creator\patch\Patch.exeInfected with: Virtool.125

C:\Downloads\Flash_Banner_Creator.rar=>Flash Banner Creator\patch\Patch.exeDeleted

C:\Downloads\Flash_Banner_Creator.rarUpdate failed

C:\Downloads\Microsoft_Genuine_Advantage_Diagnostic_Tool_up_by_Hell58.rar=>keyfinder v1.5.1.exeDetected with: Application.Findkeyxp.G

C:\Downloads\Microsoft_Genuine_Advantage_Diagnostic_Tool_up_by_Hell58.rar=>keyfinder v1.5.1.exeDisinfection failed

C:\Downloads\Microsoft_Genuine_Advantage_Diagnostic_Tool_up_by_Hell58.rar=>keyfinder v1.5.1.exeDeleted

C:\Downloads\Microsoft_Genuine_Advantage_Diagnostic_Tool_up_by_Hell58.rarUpdate failed

 

 

 

InfoSat.txt

Fri Mar 14 14:22:38 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{4E76BFD8-C959-4A44-B0F2-622B4723B3B4}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

 

Fri Mar 14 14:23:00 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 20841

Nº Total de Ficheros: 241431

Nº de Ficheros Analizados: 53446

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Detectado Vundo9

Elininada Class {8FE5BD12-C87D-4596-8205-71AC08E5307C}

Elininado BHO {8FE5BD12-C87D-4596-8205-71AC08E5307C}

Desinstalado EliNotif.dll

 

Fri Mar 14 14:58:44 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{FE7582B6-C752-4F71-9D08-717EB74B0EF9}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Detectado Vundo9

Elininada Class {CC5BBB24-52EB-4EB5-80D3-53AA449C5778}

Elininado BHO {CC5BBB24-52EB-4EB5-80D3-53AA449C5778}

Desinstalado EliNotif.dll

 

Fri Mar 14 15:03:23 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{D27A7DA9-A6A3-4452-83CB-D4C55C590EEE}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

Fri Mar 14 15:04:31 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{D27A7DA9-A6A3-4452-83CB-D4C55C590EEE}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Detectado Vundo9

Elininada Class {D009C347-9F18-4679-9DFD-93F83E8C3E66}

Elininado BHO {D009C347-9F18-4679-9DFD-93F83E8C3E66}

Desinstalado EliNotif.dll

 

Fri Mar 14 15:09:08 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{8A6EAB91-92D2-4913-8D51-8FDB5C34E5DB}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Detectado Vundo9

Elininada Class {B9118423-468C-48F0-A3DC-F2E4BF39B7B5}

Elininado BHO {B9118423-468C-48F0-A3DC-F2E4BF39B7B5}

Desinstalado EliNotif.dll

 

Fri Mar 14 19:24:31 2008

EliStartPage v15.87 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\ GBPLUGINBB]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\GBIEH.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SSQRP.DLL.Muestra EliStartPage v15.87

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SSQRP.DLL --> Acceso Denegado.

Eliminada Class, "{A7738D51-FF07-4501-A5DF-7BA759F6C0E7}" -> C:\WINDOWS\system32\ssqrp.dll

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\SSQRP.DLL)

Instalada Utilidad "ELINOTIF.DLL" (Reinicie de Nuevo para Completar la Limpieza)

 

EliNotify v1.8.02.21 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones:

Desinstalado EliNotif.dll

 

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 13:10:35, on 17/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\bin\Apache2\bin\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bM43636319] Rundll32.exe "C:\WINDOWS\system32\gisiqkca.dll",s

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Boa Noite! Torch

 

>@< BAIXE: < SysProtect Remover >

__________________________

 

>@< Salve-o no Desktop!

>@< Reinicie o computador em Modo de Segurança.

>@< Dê um duplo clique em: SysProtect Remover.exe

>@< Clique em Remove Now >> Clique em Sim.

>@< Na mensagem,dê o Ok. Aguarde!

>@< Terminando,feche a ferramenta e reinicie em Modo Normal.

___________________________

 

>@< Rode,novamente,o VundoFix e poste o relatório. Delete o antigo!

___________________________

 

>@< Vá em Iniciar >> Executar >> Digite: combofix.exe /u >> Clique Ok.

>@< Na mensagem,escolha o dois. ( 2 )

___________________________

 

>@< Baixe uma nova ferramenta! ( ComboFix.exe )

>@< Execute-a e poste o relatório: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Torch 0]

Bom dia DigRam, beleza??

 

Segue log do VundoFix:

 

VundoFix V7.0.3

 

Scan started at 22:32:11 17/3/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

 

Segue Relatório do ComboFix:

 

ComboFix 08-03-17.1 - Administrador 2008-03-17 22:50:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.529 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM43636319.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\gisiqkca.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\prqss.ini

C:\WINDOWS\system32\prqss.ini2

C:\WINDOWS\system32\ssqrp.dll

C:\WINDOWS\system32\urpbdvmn.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))

.

 

2008-03-17 22:57 . 2008-03-17 22:57 <DIR> d-------- C:\Temp\nsv3.tmp

2008-03-17 22:32 . 2008-03-17 22:32 <DIR> d-------- C:\VundoFix Backups

2008-03-17 22:28 . 2008-03-17 22:09 147,456 --a------ C:\VundoFix.exe

2008-03-17 22:14 . 2008-03-17 22:14 <DIR> d-------- C:\Temp\nsz2.tmp

2008-03-15 13:28 . 2008-03-15 13:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-14 15:12 . 2008-03-17 13:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-14 14:22 . 2008-03-14 14:22 <DIR> d-------- C:\Muestras

2008-03-14 14:18 . 2008-03-14 14:19 <DIR> d-------- C:\ElistartPage

2008-03-14 10:55 . 2008-03-14 10:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-14 10:55 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-03-14 10:55 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-03-14 10:55 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-03-14 10:55 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-03-14 10:55 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-03-14 10:55 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-03-14 10:55 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-03-14 10:55 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-03-14 09:39 . 2008-03-14 09:39 <DIR> d-------- C:\WinLogon

2008-03-13 12:51 . 2008-03-13 12:51 <DIR> d-------- C:\WINDOWS\ERUNT

2008-03-13 12:40 . 2008-03-13 12:40 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-12 17:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-03-12 17:04 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\lcsvjvsvodns.sys

2008-03-12 16:38 . 2008-03-12 16:38 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-12 16:38 . 2008-03-12 16:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-12 16:38 . 2008-03-12 16:38 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-12 16:37 . 2008-03-12 17:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-12 12:21 . 2008-03-12 12:21 0 --a------ C:\WINDOWS\Irremote.ini

2008-03-12 09:21 . 2008-03-17 13:10 <DIR> d-------- C:\hijackthis

2008-03-12 09:04 . 2008-03-12 09:04 2,335,270 --a------ C:\WINDOWS\system32\5ee2C.mht

2008-03-12 09:04 . 2004-08-03 23:45 723,968 --a------ C:\WINDOWS\system32\ce72E.tmp

2008-03-12 09:04 . 2008-03-12 09:04 128,352 --a------ C:\WINDOWS\system32\55a2D.dll

2008-03-12 09:04 . 2008-03-12 09:04 54,624 --a------ C:\WINDOWS\system32\55a2D.sys

2008-03-11 16:49 . 2008-03-11 16:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Nero

2008-03-11 16:49 . 2008-03-11 16:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-02-28 15:15 . 2008-02-28 15:16 <DIR> d-------- C:\Arquivos de programas\IE7

2008-02-25 08:26 . 2008-02-25 08:26 <DIR> d-------- C:\Documents and Settings\LocalService\Meus documentos

2008-02-25 08:26 . 2008-02-25 08:26 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-02-25 08:26 . 2008-03-11 16:49 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos

2008-02-25 08:26 . 2008-02-25 08:26 <DIR> d--h----- C:\Documents and Settings\LocalService\Ambiente de rede

2008-02-21 16:22 . 2006-05-04 10:15 200,704 --a------ C:\WINDOWS\system32\ssleay32.dll

2008-02-21 16:21 . 2006-05-04 10:15 1,089,536 --a------ C:\WINDOWS\system32\libeay32.dll

2008-02-21 16:21 . 2006-05-04 10:15 166,912 --a------ C:\WINDOWS\system32\libmcrypt.dll

2008-02-21 16:21 . 2006-05-04 10:15 165,643 --a------ C:\WINDOWS\system32\libmhash.dll

2008-02-21 10:29 . 2008-02-21 10:29 <DIR> d-------- C:\Documents and Settings\Administrador\dwhelper

2008-02-21 10:29 . 2008-03-17 22:57 <DIR> d-------- C:\Arquivos de programas\RSSoft

2008-02-20 15:53 . 2008-02-20 15:53 <DIR> d-------- C:\Arquivos de programas\MSECache

2008-02-19 08:30 . 2008-02-19 08:26 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-19 08:30 . 2008-02-19 08:30 3,452 --a------ C:\WINDOWS\unins000.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 17:22 --------- d-----w C:\Arquivos de programas\ClienteCobranca

2008-03-17 16:46 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird

2008-03-14 18:56 --------- d-----w C:\Arquivos de programas\Flash Banner Creator

2008-03-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-14 13:55 --------- d-----w C:\Arquivos de programas\Ahead

2008-03-13 13:51 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2008-03-12 20:49 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-12 20:47 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-12 20:42 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-12 20:39 --------- d-----w C:\Arquivos de programas\Bonjour

2008-03-12 15:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-12 15:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-27 02:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-02-15 13:36 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2008-02-15 13:22 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-15 13:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-02-15 13:07 --------- d-----w C:\Arquivos de programas\Corel

2008-02-15 05:00 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-13 23:44 --------- d-----w C:\Arquivos de programas\Desafio Sebrae - O Aprendiz

2008-02-13 16:02 --------- d-----w C:\Arquivos de programas\MySQL-Front

2008-02-13 11:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-12 19:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-02-12 16:47 --------- d-----w C:\Arquivos de programas\Opera

2008-02-12 10:07 --------- d-----w C:\Arquivos de programas\FLV Player

2008-02-06 19:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-02 11:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-31 10:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-01-29 17:37 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Nero

2008-01-29 17:33 --------- d-----w C:\Arquivos de programas\Nero

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540011}]

2007-12-17 17:51 336832 --a------ C:\Arquivos de programas\GbPlugin\gbiehscd.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [ ]

"Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-02-26 22:30 62436]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58 7581696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 19:58 86016]

"nwiz"="nwiz.exe" [2006-07-20 19:58 1519616 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 13:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"QlbCtrl"="C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 13:51 774233]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 07:38 579072]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-10-19 19:16 286720]

"amd_dc_opt"="C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 10:06 77824]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-11-08 08:15 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= C:\Arquivos de programas\GbPlugin\gbiehscd.dll [2007-12-17 17:51 336832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]

C:\Arquivos de programas\GbPlugin\gbiehscd.dll 2007-12-17 17:51 336832 C:\Arquivos de programas\GbPlugin\gbiehscd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginScd]

C:\Arquivos de programas\GbPlugin\gbiehscd.dll 2007-12-17 17:51 336832 C:\Arquivos de programas\GbPlugin\gbiehscd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

C:\Arquivos de programas\AdVantage\AdVantage.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

 

R1 HFSYS;HFSYS;C:\WINDOWS\system32\drivers\HFSYS.SYS [2003-03-12 09:49]

R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 13:15]

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 22:49]

S3 55a2D;55a2D;C:\WINDOWS\system32\55a2D.sys [2008-03-12 09:04]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b1c84dc-d036-11dc-97ec-001b2430d4c4}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-17 22:57:00

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="C:\bin\mysql\bin\mysqld-nt MySQL"

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\bin\Apache2\bin\Apache.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-17 23:04:09 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-18 02:04:06

.

2008-01-09 19:46:23 --- E O F ---

 

 

 

 

Segue Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:07:53, on 17/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

Abraço, :thumbsup:

[DigRam 144]

Boa Tarde! Torch

 

>@< Faça uma pesquisa,pelo Jotti,aos arquivos:

 

55a2D.dll

 

5ee2C.mht

 

>@< Em File to upload,coloque os caminhos:

 

C:\WINDOWS\system32\55a2D.dll

 

C:\WINDOWS\system32\5ee2C.mht

 

>@< Faça um por vez!

>@< Em seguida,clique em Submit.

>@< Copie e poste,o relatório destas análises.

_____________________________

 

>@< Faça o download do SDFix.

>@< Salve-o no Disco Local-C e,descompacte-o aì mesmo.

>@< Reinicie o computador em Modo de Segurança.

>@< Dê um duplo clique em: < runThis.bat >

>@< Aperte o Y.

>@< Aguarde a conclusão!

>@< Terminando,aperte Enter.( ...ou,qualquer tecla!)

>@< O computador será reiniciado!

>@< Aguarde,ainda,a conclusão da limpeza.

______________________________

 

>@< Poste o relatório:Report.txt,na sua resposta + análises do Jotti + HJT,atualizado.

 

Abraços!

[Torch 0]

Boa tarde DigRam.

 

Seguem os resultados:

 

Análise do arquivo 55a2D.dll:

File: 55a2D.dll

Status:OK

MD5: 1382c758d86fb3012bdf922f1917ca16

Packers detected: -

Bit9 reports: Not analyzed yet

 

 

A-Squared:Found nothing

AntiVir:Found nothing

ArcaVir: Found nothing

Avast: Found nothing

AVG Antivirus: Found nothing

BitDefender: Found nothing

ClamAV: Found nothing

CPsecure: Found nothing

Dr.Web: Found nothing

F-Prot Antivirus: Found nothing

F-Secure Anti-Virus: Found nothing

Fortinet: Found nothing

Ikarus: Found nothing

Kaspersky Anti-Virus: Found nothing

NOD32: Found nothing

Norman Virus Control: Found nothing

Panda Antivirus: Found nothing

Rising Antivirus: Found nothing

Sophos Antivirus: Found nothing

VirusBuster: Found nothing

VBA32: Found nothing

 

/* ----------------------------- */

 

Análise do arquivo 5ee2C.mht:

File: 5ee2C.mht

Status:OK

MD5: 00e7d2d63341b809bbbc01006e78e059

Packers detected:

-

Bit9 reports: File not found

 

Scan taken on 18 Mar 2008 18:14:39 (GMT)

A-Squared: Found nothing

AntiVir: Found nothing

ArcaVir: Found nothing

Avast: Found nothing

AVG Antivirus: Found nothing

BitDefender: Found nothing

ClamAV:Found nothing

CPsecure: Found nothing

Dr.Web: Found nothing

F-Prot Antivirus: Found nothing

F-Secure Anti-Virus:Found nothing

Fortinet: Found nothing

Ikarus:Found nothing

Kaspersky Anti-Virus: Found nothing

NOD32: Found nothing

Norman Virus Control: Found nothing

Panda Antivirus: Found nothing

Rising Antivirus: Found nothing

Sophos Antivirus: Found nothing

VirusBuster: Found nothing

VBA32:Found nothing

 

 

 

/* ------------------------------------------- */

Log do SDFix:

SDFix: Version 1.159

 

Run by Administrador on ter 18/03/2008 at 18:03

 

Microsoft Windows XP [versão 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 18:13:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\4\Shell]

"WFla\x201a\17"=dword:00000000

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\

authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:

Enabled:avgcc.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\

authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Mon 30 Jun 2003 110,080 A..H. --- "C:\D\arquivos\OFFICE2003\Bonus\CDIMAGE.EXE"

Wed 18 Oct 2006 68,608 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL0096.tmp"

Wed 18 Oct 2006 68,608 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL1105.tmp"

Wed 18 Oct 2006 67,584 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL1128.tmp"

Wed 18 Oct 2006 68,096 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL2247.tmp"

Wed 18 Oct 2006 68,096 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL2530.tmp"

Wed 18 Oct 2006 63,488 A..H. --- "C:\D\Faculdade\2006_2\TCC2\~WRL3037.tmp"

Sun 17 Jun 2007 82 A..H. --- "C:\htdocs\p4\Nova pasta\icones\._iconworkshop.exe"

Wed 5 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\958f6198e7b74c8bd1180a14e6def2c1\BIT7.tmp"

Thu 30 Jun 2005 112,128 A..H. --- "C:\D\arquivos\levar\SEG\trabalho_IDS\~WRL0532.tmp"

Thu 30 Jun 2005 112,640 A..H. --- "C:\D\arquivos\levar\SEG\trabalho_IDS\~WRL1555.tmp"

 

Finished!

 

 

/* ---------------------------------------- */

 

Logfile of HijackThis v1.99.1

Scan saved at 18:23:01, on 18/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\bin\Apache2\bin\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\bin\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\bin\Apache2\bin\Apache.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginScd - C:\Arquivos de programas\GbPlugin\gbiehscd.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\bin\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

Abraço e obrigado pela paciência :thumbsup:

[DigRam 144]

Boa Noite! Torch

 

>@< Delete as pastas:

 

C:\VundoFix Backups

C:\Muestras

_______________________

 

>@< Para a limpeza de cookies e temporários,baixe: < CCleaner 2.05.555 >

_______________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O Log está limpo! :thumbsup:

 

Abraços!

[Torch 0]

Fala DigRam,

 

Brigadão ae pelas dicas e pela paciência.

 

Abraço :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.