Leocarlos 0 Denunciar post Postado Abril 12, 2008 Olá, Como eu faço para excluir os malwares Tavo e Kavo do meu pc? Meu LOG é: Logfile of HijackThis v1.99.1 Scan saved at 17:57:33, on 12/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.18.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Valeu! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 14, 2008 Bom Dia! Leocarlos >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: antivírus,antispywares e Firewall. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! ------------------------------------- >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Leocarlos 0 Denunciar post Postado Abril 15, 2008 Fiz o que você disse e não deu certo. O programa roda normalmente, porém ao invés de criar um arquivo chamado ComboFix.txt no meu c:\ ele criou duas pastas com os nomes de QooBox e ComboFix. Dentro da pasta ComboFix até tem uma arquivo chamado ComboFix.txt, porém o log que aparece lá é esse: ComboFix 08-04-13.3 - Leocarlos Cosendey 2008-04-14 18:53:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.599 [GMT -3:00] Executando de: C:\Documents and Settings\Leocarlos Cosendey\Desktop\Kombo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . e nada mais. O que está acontecendo? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 15, 2008 Fiz o que você disse e não deu certo. O programa roda normalmente, porém ao invés de criar um arquivo chamado ComboFix.txt no meu c:\ ele criou duas pastas com os nomes de QooBox e ComboFix. Dentro da pasta ComboFix até tem uma arquivo chamado ComboFix.txt, porém o log que aparece lá é esse: ComboFix 08-04-13.3 - Leocarlos Cosendey 2008-04-14 18:53:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.599 [GMT -3:00] Executando de: C:\Documents and Settings\Leocarlos Cosendey\Desktop\Kombo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . e nada mais. O que está acontecendo? --------------------------------------- Opa! Leocarlos >@< Delete: C:\Qoobox --------------------------------------- >@< Mova o ComboFix.exe,para o Disco Local-C. >> Eis o caminho: C:\ComboFix.exe >@< Reinicie o computador,em Modo de Segurança. >@< Execute o ComboFix.exe,e poste o relatório. ( ComboFix.txt ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Leocarlos 0 Denunciar post Postado Abril 16, 2008 Consegui. O Log é o seguinte: ComboFix 08-04-15.1 - Leocarlos Cosendey 2008-04-15 21:50:07.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.808 [GMT -3:00] Executando de: C:\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\kavo.exe C:\WINDOWS\system32\kavo1.dll C:\WINDOWS\system32\tavo.exe C:\WINDOWS\system32\tavo0.dll C:\WINDOWS\system32\tavo1.dll . ((((((((((((((((((((((( Ficheiros criados de 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))) . 2008-04-15 21:37 . 2008-04-15 21:37 1,770,165 --a------ C:\ComboFix.exe 2008-04-15 21:12 . 2008-04-15 21:43 117,642 -r-hs---- C:\c.com 2008-04-12 01:03 . 2008-04-13 22:47 <DIR> d-------- C:\Hijackthis 2008-04-12 00:40 . 2008-04-13 21:01 118,971 -r-hs---- C:\30ed3.exe 2008-04-11 19:38 . 2008-04-09 09:00 117,637 -r-hs---- C:\i.bat 2008-04-10 23:51 . 2008-04-10 23:51 <DIR> d-------- C:\Arquivos de programas\Programas RFB 2008-04-05 18:14 . 2008-04-06 10:58 42 --a------ C:\WINDOWS\webica.ini 2008-04-05 14:39 . 2008-04-05 14:39 <DIR> d-------- C:\WINDOWS\system32\Resource 2008-04-05 14:38 . 2008-04-05 14:38 <DIR> d-------- C:\Arquivos de programas\Citrix 2008-04-05 13:27 . 2008-04-05 13:35 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center 2008-04-04 17:09 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-04 17:09 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-03 20:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-03 20:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-03 20:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Citrix 2008-04-02 21:11 . 2008-04-05 14:40 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\ICAClient 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-04-02 20:11 . 2008-04-02 20:12 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-03-30 14:31 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-30 14:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-30 14:31 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-20 05:09 . 2008-03-20 05:09 1,845,376 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 00:46 148,100 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-16 00:46 12,603,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-16 00:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-04-16 00:40 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-04-13 02:05 --------- d-----w C:\Arquivos de programas\eMule 2008-04-06 04:55 --------- d-----w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Skype 2008-04-02 23:13 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-11 23:29 --------- d-----w C:\Arquivos de programas\Unity 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-20 12:49 1,916,416 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-01-03 23:19 1,897,984 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-11-14 02:01 618,496 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-10-11 16:44 20,794,624 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_08_12_07_10_full.dmp.zip 2007-10-07 07:56 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-10-07 07:51 1,769,472 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-10-01 23:55 2,751,966 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-05-01 05:30 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-05-01 05:27 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-04-03 21:21 61,376 ----a-w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-12-20 19:36 262144 --a------ C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-20 19:36 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-20 19:36 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288] "updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 15:05 919016] "SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-05-06 18:49 98304] "SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-05-06 18:49 536576] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "SMSERIAL"="sm56hlpr.exe" [2005-12-01 12:16 557056 C:\WINDOWS\sm56hlpr.exe] "Silent Mode"="C:\Arquivos de programas\Silent Mode\SilentMode.exe" [2006-04-20 10:50 151552] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 07:49 15691264 C:\WINDOWS\RTHDCPL.EXE] "RoxioDragToDisc"="C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 00:37 1691648] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208] "LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152] "IntelZeroConfig"="C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 11:39 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824] "EOUApp"="C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "AVGINST"="C:\sw_util\avg70\instala.exe" [2004-12-16 14:51 24576] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224] "Apoint"="C:\Arquivos de programas\Apoint2K\Apoint.exe" [2003-12-03 19:22 159744] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 21:59:07 113664] Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-03-05 03:43:54 11000] Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-03-31 14:01 367016] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-13 09:22] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8ab0f0-bea1-11dc-905e-001302442ea4}] \Shell\AutoRun\command - E:\EXPLORER.EXE \Shell\explore\Command - E:\EXPLORER.EXE \Shell\open\Command - E:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2b3f06-0815-11dd-90e1-001302442ea4}] \Shell\AutoRun\command - E:\i.bat \Shell\explore\Command - E:\i.bat \Shell\open\Command - E:\i.bat *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-15 22:00:27 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-04-15 22:01:42 ComboFix-quarantined-files.txt 2008-04-16 01:01:37 Pre-Run: 36,244,930,560 bytes disponíveis Post-Run: 38,388,948,992 bytes disponíveis . 2008-04-12 17:24:27 --- E O F --- Abraços, Consegui. O Log criado foi: ComboFix 08-04-15.1 - Leocarlos Cosendey 2008-04-15 21:50:07.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.808 [GMT -3:00] Executando de: C:\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\kavo.exe C:\WINDOWS\system32\kavo1.dll C:\WINDOWS\system32\tavo.exe C:\WINDOWS\system32\tavo0.dll C:\WINDOWS\system32\tavo1.dll . ((((((((((((((((((((((( Ficheiros criados de 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))) . 2008-04-15 21:37 . 2008-04-15 21:37 1,770,165 --a------ C:\ComboFix.exe 2008-04-15 21:12 . 2008-04-15 21:43 117,642 -r-hs---- C:\c.com 2008-04-12 01:03 . 2008-04-13 22:47 <DIR> d-------- C:\Hijackthis 2008-04-12 00:40 . 2008-04-13 21:01 118,971 -r-hs---- C:\30ed3.exe 2008-04-11 19:38 . 2008-04-09 09:00 117,637 -r-hs---- C:\i.bat 2008-04-10 23:51 . 2008-04-10 23:51 <DIR> d-------- C:\Arquivos de programas\Programas RFB 2008-04-05 18:14 . 2008-04-06 10:58 42 --a------ C:\WINDOWS\webica.ini 2008-04-05 14:39 . 2008-04-05 14:39 <DIR> d-------- C:\WINDOWS\system32\Resource 2008-04-05 14:38 . 2008-04-05 14:38 <DIR> d-------- C:\Arquivos de programas\Citrix 2008-04-05 13:27 . 2008-04-05 13:35 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center 2008-04-04 17:09 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-04 17:09 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-03 20:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-03 20:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-03 20:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Citrix 2008-04-02 21:11 . 2008-04-05 14:40 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\ICAClient 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-04-02 20:11 . 2008-04-02 20:12 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-03-30 14:31 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-30 14:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-30 14:31 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-20 05:09 . 2008-03-20 05:09 1,845,376 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 00:46 148,100 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-16 00:46 12,603,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-16 00:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-04-16 00:40 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-04-13 02:05 --------- d-----w C:\Arquivos de programas\eMule 2008-04-06 04:55 --------- d-----w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Skype 2008-04-02 23:13 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-11 23:29 --------- d-----w C:\Arquivos de programas\Unity 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-20 12:49 1,916,416 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-01-03 23:19 1,897,984 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-11-14 02:01 618,496 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-10-11 16:44 20,794,624 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_08_12_07_10_full.dmp.zip 2007-10-07 07:56 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-10-07 07:51 1,769,472 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-10-01 23:55 2,751,966 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-05-01 05:30 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-05-01 05:27 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-04-03 21:21 61,376 ----a-w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-12-20 19:36 262144 --a------ C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-20 19:36 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-20 19:36 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288] "updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 15:05 919016] "SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-05-06 18:49 98304] "SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-05-06 18:49 536576] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "SMSERIAL"="sm56hlpr.exe" [2005-12-01 12:16 557056 C:\WINDOWS\sm56hlpr.exe] "Silent Mode"="C:\Arquivos de programas\Silent Mode\SilentMode.exe" [2006-04-20 10:50 151552] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 07:49 15691264 C:\WINDOWS\RTHDCPL.EXE] "RoxioDragToDisc"="C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 00:37 1691648] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208] "LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152] "IntelZeroConfig"="C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 11:39 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824] "EOUApp"="C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "AVGINST"="C:\sw_util\avg70\instala.exe" [2004-12-16 14:51 24576] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224] "Apoint"="C:\Arquivos de programas\Apoint2K\Apoint.exe" [2003-12-03 19:22 159744] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 21:59:07 113664] Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-03-05 03:43:54 11000] Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-03-31 14:01 367016] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-13 09:22] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8ab0f0-bea1-11dc-905e-001302442ea4}] \Shell\AutoRun\command - E:\EXPLORER.EXE \Shell\explore\Command - E:\EXPLORER.EXE \Shell\open\Command - E:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2b3f06-0815-11dd-90e1-001302442ea4}] \Shell\AutoRun\command - E:\i.bat \Shell\explore\Command - E:\i.bat \Shell\open\Command - E:\i.bat *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-15 22:00:27 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-04-15 22:01:42 ComboFix-quarantined-files.txt 2008-04-16 01:01:37 Pre-Run: 36,244,930,560 bytes disponíveis Post-Run: 38,388,948,992 bytes disponíveis . 2008-04-12 17:24:27 --- E O F --- O novo log do HJT é: Logfile of HijackThis v1.99.1 Scan saved at 22:25:07, on 15/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\Silent Mode\SilentMode.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Apoint2K\Apoint.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe C:\ARQUIV~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\Apoint2K\Apntex.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.18.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [silent Mode] C:\Arquivos de programas\Silent Mode\SilentMode.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EOUApp] "C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [AVGINST] C:\sw_util\avg70\instala.exe -S O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 17, 2008 Bom Dia! Leocarlos <!> Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. ---------------------------------- >@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::E:\EXPLORER.EXE C:\c.com C:\30ed3.exe C:\i.bat Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8ab0f0-bea1-11dc-905e-001302442ea4}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2b3f06-0815-11dd-90e1-001302442ea4}] >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Leocarlos 0 Denunciar post Postado Abril 18, 2008 ComboFix: ComboFix 08-04-15.1 - Leocarlos Cosendey 2008-04-17 21:56:53.2 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.805 [GMT -3:00] Executando de: C:\ComboFix.exe Command switches used :: C:\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\30ed3.exe C:\c.com C:\i.bat E:\EXPLORER.EXE . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\30ed3.exe C:\c.com C:\i.bat . ((((((((((((((((((((((( Ficheiros criados de 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))) . 2008-04-15 22:42 . 2008-04-15 22:42 <DIR> d-------- C:\Arquivos de programas\Passware 2008-04-15 21:37 . 2008-04-15 21:37 1,770,165 --a------ C:\ComboFix.exe 2008-04-12 01:03 . 2008-04-15 22:24 <DIR> d-------- C:\Hijackthis 2008-04-10 23:51 . 2008-04-10 23:51 <DIR> d-------- C:\Arquivos de programas\Programas RFB 2008-04-05 18:14 . 2008-04-06 10:58 42 --a------ C:\WINDOWS\webica.ini 2008-04-05 14:39 . 2008-04-05 14:39 <DIR> d-------- C:\WINDOWS\system32\Resource 2008-04-05 14:38 . 2008-04-05 14:38 <DIR> d-------- C:\Arquivos de programas\Citrix 2008-04-05 13:27 . 2008-04-05 13:35 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center 2008-04-04 17:09 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-04 17:09 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-03 20:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-03 20:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-03 20:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-02 21:13 . 2008-04-02 21:13 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Citrix 2008-04-02 21:11 . 2008-04-05 14:40 <DIR> d-------- C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\ICAClient 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-04-02 20:11 . 2008-04-02 20:12 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-04-02 20:11 . 2008-04-02 20:11 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-03-30 14:31 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-30 14:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-30 14:31 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-20 05:09 . 2008-03-20 05:09 1,845,376 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 00:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-04-18 00:52 151,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-18 00:52 12,812,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-16 00:40 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-04-13 02:05 --------- d-----w C:\Arquivos de programas\eMule 2008-04-06 04:55 --------- d-----w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\Skype 2008-04-02 23:13 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-11 23:29 --------- d-----w C:\Arquivos de programas\Unity 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-20 12:49 1,916,416 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-01-03 23:19 1,897,984 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2007-11-14 02:01 618,496 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2007-10-11 16:44 20,794,624 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_08_12_07_10_full.dmp.zip 2007-10-07 07:56 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-10-07 07:51 1,769,472 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-10-01 23:55 2,751,966 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-05-01 05:30 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-05-01 05:27 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-04-03 21:21 61,376 ----a-w C:\Documents and Settings\Leocarlos Cosendey\Dados de aplicativos\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2007-12-20 19:36 262144 --a------ C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-20 19:36 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 15:05 919016] "SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-05-06 18:49 98304] "SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-05-06 18:49 536576] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "SMSERIAL"="sm56hlpr.exe" [2005-12-01 12:16 557056 C:\WINDOWS\sm56hlpr.exe] "Silent Mode"="C:\Arquivos de programas\Silent Mode\SilentMode.exe" [2006-04-20 10:50 151552] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 07:49 15691264 C:\WINDOWS\RTHDCPL.EXE] "RoxioDragToDisc"="C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 00:37 1691648] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208] "LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152] "IntelZeroConfig"="C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 11:39 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824] "EOUApp"="C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "AVGINST"="C:\sw_util\avg70\instala.exe" [2004-12-16 14:51 24576] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224] "Apoint"="C:\Arquivos de programas\Apoint2K\Apoint.exe" [2003-12-03 19:22 159744] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 21:59:07 113664] Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-03-05 03:43:54 11000] Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-03-31 14:01 367016] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn] C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-03-31 14:01 367016 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-13 09:22] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 22:00:45 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-04-17 22:02:32 ComboFix-quarantined-files.txt 2008-04-18 01:02:05 Pre-Run: 39,106,084,864 bytes disponíveis Post-Run: 39,119,925,248 bytes disponíveis . 2008-04-12 17:24:27 --- E O F --- HJT: Logfile of HijackThis v1.99.1 Scan saved at 22:12:09, on 17/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\Silent Mode\SilentMode.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Apoint2K\Apoint.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe C:\Arquivos de programas\Apoint2K\Apntex.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.18.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [silent Mode] C:\Arquivos de programas\Silent Mode\SilentMode.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EOUApp] "C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [AVGINST] C:\sw_util\avg70\instala.exe -S O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 18, 2008 Boa Noite! Leocarlos >@< Faça o download do PenClean. >@< Salve-o no seu Desktop! ----------------------------- >@< Insira sua(s) unidade(s) removíveis,na entrada USB. ( pendrive,mp3,mp4,etc... ) >@< Rode o utilitário,em Modo de Segurança,e selecione a opção: Verificar o computador >@< Clique no botão Verificar.Aguarde! >@< Caso haja necessidade,atenda a solicitação para reiniciar o computador. >@< Clique em Sim! >@< Ps: Não remova,ainda,essa(s) unidade(s)! ----------------------------- >@< Poste,na sua resposta,o relatório do PenClean,que estará em: C:\PenClean\PenClean.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Leocarlos 0 Denunciar post Postado Abril 19, 2008 Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 18/4/2008 22:46:11 ----------------------------------------------------------- Arquivos e chaves excluídos do computador: Malware não detectado no computador! ----------------------------------------------------------- Fim da análise no computador. ----------------------------------------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 19, 2008 Iniciando relatório do PenClean 2.0.3Por Renato Victor Mejias renatomejias@yahoo.com.br 18/4/2008 22:46:11 ----------------------------------------------------------- Arquivos e chaves excluídos do computador: Malware não detectado no computador! ----------------------------------------------------------- Fim da análise no computador. ----------------------------------------------------------- ----------------------------------------------------------- Bom Dia! Leocarlos Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > >@< Os Logs estão limpos! :thumbsup: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Leocarlos 0 Denunciar post Postado Abril 19, 2008 Valeu!!! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 19, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites