[Arquivado] Internet explorer abre sozinha

EduardoLBC · Março 16, 2008

A Internet Explorer aqui de casa recentemente anda abrindo na pagina da caixa sozinha, mas eu tentei entrar em outro site pelo que abre sozinho e ele só carrega a pagina da caixa.Acho que pode ser um vírus, se alguém puder me ajudar a resolver esse problema me ajudaria muito, pois eu já passei os anti-vírus aqui de casa e não tirou isso ainda.

Logfile of HijackThis v1.99.1

Scan saved at 11:51:46, on 16/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\explorer.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [pkvlnt] C:\WINDOWS\mtnoup.exe

O4 - HKLM\..\Run: [internet Pro] C:\WINDOWS\system32\internetXP.exe

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\Explorer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LOVE THAT] C:\DOCUME~1\EDUARD~1.WIN\DADOSD~1\OPENRO~1\CASH INSIDE.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - Global Startup: altg.exe

O4 - Global Startup: wcktts.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFCA300F-272A-45FD-A8E6-F6E71A7DC9FF}: NameServer = 200.221.11.100,200.221.11.101

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Aqui está o log do hijackthis.

Lucasg3 · Março 16, 2008

:!: Desative seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by SUBs)

Salve-o na sua área de trabalho.

1. Feche todas as janelas e programas. Rode o ComboFix.

2. Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix.

3. É um pouco demorado, por favor seja paciente.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Cole o arquivo C:\ComboFix.txt na sua próxima resposta, juntamente com um novo log do HijackThis.

Importante:
É preciso estar logado no sistema com privilégios de administrador.
Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
Nesse caso, apague também as pastas C:\Combofix e C:\Qoobox, caso as encontre.
Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

EduardoLBC · Março 16, 2008

ComboFix

ComboFix 08-03-14.4 - Eduardo 2008-03-16 14:01:00.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.232 [GMT -3:00]

Executando de: C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))

.

2008-03-16 11:51 . 2007-01-01 23:51 218,112 --a------ C:\HijackThis.exe

2008-03-16 10:14 . 2008-03-16 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-16 10:14 . 2008-03-16 10:14 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-16 01:14 . 2008-03-16 01:27 <DIR> d-------- C:\Documents and Settings\Diogo_2\Dados de aplicativos\BitTorrent

2008-03-15 16:13 . 2008-03-15 16:13 <DIR> d-------- C:\Arquivos de programas\Open Roam

2008-03-11 16:49 . 2008-03-16 13:49 <DIR> d-------- C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\BitTorrent

2008-03-11 16:48 . 2008-03-16 13:54 <DIR> d-------- C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\DNA

2008-03-11 16:48 . 2008-03-11 16:48 <DIR> d-------- C:\Arquivos de programas\DNA

2008-03-11 16:48 . 2008-03-11 16:49 <DIR> d-------- C:\Arquivos de programas\BitTorrent

2008-03-11 12:48 . 2008-03-11 12:48 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2008-03-08 18:52 . 2008-03-08 18:52 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-03 11:55 . 2008-03-03 11:55 <DIR> d-------- C:\Documents and Settings\win\Dados de aplicativos\Lavasoft

2008-02-28 08:54 . 2008-02-28 08:54 <DIR> d-------- C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Phone Browser

2008-02-27 22:50 . 2008-02-27 22:50 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-27 22:49 . 2008-02-27 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-27 20:35 . 2008-03-05 07:49 3 --a------ C:\WINDOWS\inf.jpg

2008-02-27 12:53 . 2008-02-27 20:35 298 --a------ C:\WINDOWS\system32\autent.jpg

2008-02-27 06:51 . 2008-02-27 06:51 <DIR> d-------- C:\WINDOWS\Sun

2008-02-25 18:27 . 2004-02-23 20:42 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL

2008-02-25 18:27 . 2004-03-09 16:45 1,081,616 --a------ C:\WINDOWS\system32\Mscomctl.ocx

2008-02-25 18:27 . 2003-05-14 15:51 318,464 --a------ C:\WINDOWS\system32\jmail.dll

2008-02-25 18:27 . 2004-08-04 00:45 151,552 --a------ C:\WINDOWS\system32\scrrun.dll

2008-02-25 18:27 . 2004-08-04 00:45 151,552 --a--c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-02-25 18:27 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-02-25 18:27 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-02-25 18:27 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-02-25 16:46 . 2008-03-04 15:05 <DIR> d-------- C:\Arquivos de programas\World of Warcraft

2008-02-25 16:46 . 2008-02-25 16:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment

2008-02-21 19:49 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\Administrador.WIN-DA7CE07108F\Dados de aplicativos\Open Roam

2008-02-21 18:01 . 2008-02-23 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-02-21 17:24 . 2008-03-11 12:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-15 19:14 --------- d-----w C:\Documents and Settings\Diogo_2\Dados de aplicativos\Open Roam

2008-03-15 19:12 --------- d-----w C:\Arquivos de programas\eMule

2008-03-11 22:29 --------- d-----w C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\AdobeUM

2008-03-11 15:50 --------- d-----w C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\Open Roam

2008-03-11 15:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Peak ooze date army

2008-03-11 15:48 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-07 00:06 --------- d-----w C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\uTorrent

2008-02-27 15:52 349,752 --sh--w C:\WINDOWS\system32\kork.exe

2008-02-25 17:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-21 18:32 --------- d-----w C:\Documents and Settings\Diogo_2\Dados de aplicativos\AdobeUM

2008-02-21 17:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-21 16:59 --------- d-----w C:\Documents and Settings\win\Dados de aplicativos\Orbit

2008-02-15 15:21 --------- d-----w C:\Documents and Settings\Eduardo.WIN-DA7CE07108F\Dados de aplicativos\Orbit

2008-02-14 13:59 --------- d-----w C:\Documents and Settings\win\Dados de aplicativos\Open Roam

2008-02-14 13:20 --------- d-----w C:\Arquivos de programas\Phenomedia AG

2008-02-13 19:23 850,044 --sh--w C:\WINDOWS\system32\internetXP.exe

2008-01-28 03:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-28 03:18 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-27 14:08 --------- d-----w C:\Documents and Settings\Diogo_2\Dados de aplicativos\Microsoft Web Folders

2008-01-27 14:07 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-01-27 04:22 --------- d-----w C:\Documents and Settings\Diogo_2\Dados de aplicativos\Orbit

2008-01-26 17:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-01-25 18:50 61,180 ----a-w C:\WINDOWS\Media\messenger.exe

2008-01-25 18:50 101,688 ----a-w C:\WINDOWS\Media\wsnctfy.exe

2008-01-25 13:19 27,371 ----a-w C:\WINDOWS\mtnoup.exe

2008-01-24 18:22 --------- d-----w C:\Documents and Settings\win\Dados de aplicativos\Image Zone Express

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"LOVE THAT"="C:\DOCUME~1\EDUARD~1.WIN\DADOSD~1\OPENRO~1\CASH INSIDE.exe" [2008-03-11 12:48 428544]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-03-11 16:48 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"pkvlnt"="C:\WINDOWS\mtnoup.exe" [2008-01-25 10:19 27371]

"Internet Pro"="C:\WINDOWS\system32\internetXP.exe" [2008-02-13 16:23 850044]

"Windows Explorer"="C:\WINDOWS\system32\Explorer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2006-02-20 16:25 566984]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

altg.exe [2008-01-25 10:19:49 27371]

wcktts.exe [2008-01-25 10:19:47 27371]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 14:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 14:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32528:TCP"= 32528:TCP:Torrent

S3 Boonty Games;Boonty Games;"C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe" [2007-05-03 18:35]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2004-07-08 12:40]

S3 usb2vcom;DKU-5 Connectivity Adapter Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 00:06]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-16 17:00:00 C:\WINDOWS\Tasks\AFCECDB6918D7E66.job"

- c:\docume~1\win\dadosd~1\openro~1\Bat Program Manager.exe

"2008-03-16 17:00:00 C:\WINDOWS\Tasks\B35429329257DB66.job"

- c:\docume~1\eduard~1.win\dadosd~1\openro~1\Bat Program Manager.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-16 14:01:50

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-16 14:02:31

.

2008-03-12 04:21:56 --- E O F ---

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 14:02:53, on 16/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\explorer.exe