Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Lia Sergia

[Resolvido!]  Micro lento demais.

Recommended Posts

Opa Lia Sergia,

 

Baixe a EliStarA = no final da página clique no botão Descargar EliStarA.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não utilize a internet até terminado o procedimento.

 

Reinicie em Modo Seguro (pressione repetidamente a tecla F8 durante a inicialização, até que apareça o menu, onde você deverá selecionar Modo Seguro).

 

Execute o EliStarA.exe e aguarde, pois o scan é um pouco demorado.

 

Terminado o processo, reinicie e poste o log (ele estará em C:\infoSat.txt).

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ô monstrinho danado... :~(

 

 

Aqui está o log:

 

 

Wed Jul 30 10:45:01 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\ GBPLUGINBB] -> C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL

C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL --> Vundo9 Acceso Denegado.

C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL --> Vundo9 Acceso Denegado.

Eliminada Class, "{C41A1C0E-EA6C-11D4-B1B8-444553540000}" -> C:\ARQUIV~1\GbPlugin\gbieh.dll

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winsoftware.com ## added by CiD

Eliminada Carpeta "%WinDir%\PeerNet"

No detectado SP3 de Windows XP

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

 

Wed Jul 30 10:45:50 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\GbPlugin\GBIEH.DLL --> Acceso Denegado, Vundo9 (Reiniciar para Completar la Limpieza)

C:\Meus documentos\JOGOS\GBA\VBALINK180B0.EXE --> Eliminado, PWCrack-Pwdump(dropper)

 

Nº Total de Directorios: 5344

Nº Total de Ficheros: 79949

Nº de Ficheros Analizados: 16585

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 1

 

Wed Jul 30 11:05:46 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\ GBPLUGINBB] -> C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL

C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL --> Vundo9 Acceso Denegado.

C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL --> Vundo9 Acceso Denegado.

Eliminada Class, "{C41A1C0E-EA6C-11D4-B1B8-444553540000}" -> C:\ARQUIV~1\GbPlugin\gbieh.dll

No detectado SP3 de Windows XP

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz tudo no Modo de Segurança. Ele disse que não foi possível remover este "GBIEH.DLL", mas que estava infectado. E disse que a limpeza seria completada ao reiniciar.

 

Quando reiniciei, ele tentou executar de novo o EliStar, eu fui dando "ok", mas não mandei varrer novamente e colei o log acima. Executei o HijackThis e ele apareceu nesta linha:

 

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

 

O que faço??

Aqui está o log completo:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:14:16, on 30/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgupd.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Meus documentos\Lia\Programas\linha defensiva\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\User\Desktop\ELISTARA.A%D8%D8HB%D8%D8H.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203358348309

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://topguard066.dipmap.com/ssi.cgi/cab/...hecker_8198.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\System32\pctspk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute o EliStarA novamente mais em modo seguro.

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Execute o combofix também, na sua proxima resposta poste o log do combofix + EliStarA

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites
Execute o EliStarA novamente mais em modo seguro.

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Execute o combofix também, na sua proxima resposta poste o log do combofix + EliStarA

 

Abraços

 

 

Não entendi sua última instrução. Executei o EliStarA em modo seguro. Removi o Combofix. Baixei o combofix de novo e executei. E ele removeu o log do EliStarA. Não entendi nada... hehehehehe

 

Faço tudo de novo, postando o log do EliStarA antes de executar o Combofix???

 

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste o log do combofix

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe-me a demora:

 

ComboFix 08-07-31.06 - User 2008-08-01 16:22:31.4 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.465 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

 

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-07-30 20:02 . 2008-07-30 20:02 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\AVGTOOLBAR

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Arquivos de programas\AVG

2008-07-27 01:27 . 2008-07-27 01:27 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-07-24 17:21 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-23 22:21 . 2008-07-23 22:21 <DIR> d--hs---- C:\FOUND.000

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\skypePM

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-07-14 18:21 . 2008-07-14 18:22 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-05 13:51 1,901 ----a-w C:\WINDOWS\panose.bin

2008-07-05 12:22 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-05 12:22 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-05 12:22 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\Haali

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\CoreCodec

2008-06-20 23:37 21,764 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe

2008-02-18 09:18 375,296 ----a-w C:\Arquivos de programas\mdn.exe

2004-07-28 19:57 271 --sh--w C:\Arquivos de programas\desktop.ini

2004-07-28 19:57 22,040 ---h--w C:\Arquivos de programas\folder.htt

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-28 09:47 1232152]

"C-Media Mixer"="Mixer.exe" [2001-06-11 06:05 1110016 C:\WINDOWS\mixer.exe]

"CountrySelection"="pctptt.exe" [2000-01-05 04:41 68096 C:\WINDOWS\system32\pctptt.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"ReEXEc"="C:\Documents and Settings\User\Desktop\ELISTARA.A%D8%D8HB%D8%D8H.EXE" [2008-07-30 20:11 404491]

 

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-15 20:51:46 113664]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GbPlugin\gbieh.dll" [2008-04-15 09:37 378696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager

"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

 

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 09:22]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 09:22]

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f8d5120-4dde-11dd-9ca8-0050fcb6eb92}]

\Shell\AutoRun\command - G:\avc14.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb467877-5812-11dd-9ccf-0050fcb6eb92}]

\Shell\AutoRun\command - diskdrive.exe

\Shell\open\command - diskdrive.exe

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-K-Lite Nitro BETA - C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\dh7yxq9u.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.uol.com.br/

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJava11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJava12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJava13.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJava14.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJava32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPJPI150_12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_12\bin\NPOJI610.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 16:24:54

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-08-01 16:27:32

ComboFix-quarantined-files.txt 2008-08-01 19:27:30

 

Pre-Run: 5,513,347,072 bytes disponíveis

Post-Run: 5,503,713,280 bytes disponíveis

 

127

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Lia Sergia,

 

• Baixe o PenClean e salve-o em seu desktop;

• Execute o programa;

• Conecte o seu pendrive ao computador;

• Selecione a opção Verificar todas as unidades e clique sobre o botão Verificar;

<<Aguarde alguns instantes, o exame é bem rápido>>

• Se algo for encontrado será solicitada a reinicialização da máquina. Clique sobre Sim. O computador será reiniciado;

• Um relatório sobre a execução será gerado e salvo em C:\PenClean\PenClean.txt.

• Poste o conteúdo do relatório em sua próxima resposta.

 

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\system32\ezsidmv.dat

C:\Arquivos de programas\mdn.exe

C:\Arquivos de programas\desktop.ini

C:\Arquivos de programas\folder.htt

C:\ARQUIV~1\GbPlugin\gbieh.dll

G:\avc14.exe

Folder::

C:\FOUND.000

C:\ARQUIV~1\GbPlugin

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x1)

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f8d5120-4dde-11dd-9ca8-0050fcb6eb92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb467877-5812-11dd-9ccf-0050fcb6eb92}]

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito!

 

PenClean:

 

Iniciando relatório do PenClean 2.0.3

Por Renato Victor Mejias

renatomejias@yahoo.com.br

02/08/2008 21:16:10

-----------------------------------------------------------

Arquivos e chaves excluídos da unidade escolhida:

 

-----------------------------------------------------------

Arquivos excluídos da unidade C: (Resik):

 

-----------------------------------------------------------

Arquivos excluídos da unidade F: (Resik):

 

H:\autorun.inf foi deletado com sucesso!

-----------------------------------------------------------

Fim da análise, a unidade verificada foi: "Todas as unidades"

 

-----------------------------------------------------------

 

 

 

 

 

ComboFix:

 

ComboFix 08-07-31.06 - User 2008-08-02 21:23:45.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.397 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\ARQUIV~1\GbPlugin\gbieh.dll

C:\Arquivos de programas\desktop.ini

C:\Arquivos de programas\folder.htt

C:\Arquivos de programas\mdn.exe

C:\WINDOWS\system32\ezsidmv.dat

G:\avc14.exe

.

 

 

 

 

 

HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:33, on 2008-08-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\Notepad.exe

C:\Meus documentos\Lia\Programas\linha defensiva\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203358348309

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://topguard066.dipmap.com/ssi.cgi/cab/...hecker_8198.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\System32\pctspk.exe

 

 

 

E então?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Ligia,

 

Repita os procedimentos com o combofix, mais dessa vez faça-o em modo seguranca.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-31.06 - User 2008-08-03 18:29:42.4 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.499 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt

 

FILE ::

C:\ARQUIV~1\GbPlugin\gbieh.dll

C:\Arquivos de programas\desktop.ini

C:\Arquivos de programas\folder.htt

C:\Arquivos de programas\mdn.exe

C:\WINDOWS\system32\ezsidmv.dat

G:\avc14.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ARQUIV~1\GbPlugin

C:\ARQUIV~1\GbPlugin\bb.gpc

C:\ARQUIV~1\GbPlugin\gbieh.dll

C:\ARQUIV~1\GbPlugin\gbieh.gmd

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\desktop.ini

C:\Arquivos de programas\folder.htt

C:\Arquivos de programas\mdn.exe

C:\FOUND.000

C:\FOUND.000\FILE0000.CHK

C:\WINDOWS\system32\ezsidmv.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GbpSv

-------\Service_GbpSv

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))

.

 

2008-08-02 21:28 . 2008-08-02 21:28 <DIR> d--hs---- C:\FOUND.001

2008-08-02 21:16 . 2008-08-02 21:16 <DIR> d-------- C:\PenClean

2008-08-01 16:34 . 2008-08-01 16:34 <DIR> d-------- C:\WINDOWS\peernet

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-07-30 20:02 . 2008-07-30 20:02 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\AVGTOOLBAR

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Arquivos de programas\AVG

2008-07-27 01:27 . 2008-07-27 01:27 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-07-24 17:21 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\skypePM

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-05 13:51 1,901 ----a-w C:\WINDOWS\panose.bin

2008-07-05 12:22 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-05 12:22 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-05 12:22 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\Haali

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\CoreCodec

2008-06-20 23:37 21,764 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-28 09:47 1232152]

"C-Media Mixer"="Mixer.exe" [2001-06-11 06:05 1110016 C:\WINDOWS\mixer.exe]

"CountrySelection"="pctptt.exe" [2000-01-05 04:41 68096 C:\WINDOWS\system32\pctptt.exe]

 

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-15 20:51:46 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager

"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 09:22]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-28 09:47]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 09:47]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 09:22]

R2 Pctspk;W2K PCtel speaker phone;C:\WINDOWS\System32\pctspk.exe [2000-01-19 06:30]

S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe []

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

 

*Newly Created Service* - GBPSV

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-K-Lite Nitro BETA - C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-03 18:36:16

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\AVG\AVG8\AVGWDSVC.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\AVG\AVG8\AVGTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\AVG\AVG8\AVGRSX.EXE

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-03 18:40:29 - Maquina reiniciou [user]

ComboFix-quarantined-files.txt 2008-08-03 21:40:14

 

Pre-Run: 5,337,579,520 bytes disponíveis

Post-Run: 4,685,824,000 bytes dispon¡veis

 

135

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\FOUND.001

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x1)

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-31.06 - User 2008-08-04 13:05:34.5 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.503 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\FOUND.001

C:\FOUND.001\FILE0000.CHK

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))

.

 

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\Documents and Settings\User\Configuraþ§es locais

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Configuraþ§es locais

2008-08-03 18:40 . 2008-08-03 18:40 <DIR> d-------- C:\Documents and Settings\1\Configuraþ§es locais

2008-08-02 21:16 . 2008-08-02 21:16 <DIR> d-------- C:\PenClean

2008-08-01 16:34 . 2008-08-01 16:34 <DIR> d-------- C:\WINDOWS\peernet

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-07-30 20:02 . 2006-07-26 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-07-30 20:02 . 2008-07-30 20:02 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\AVGTOOLBAR

2008-07-28 09:47 . 2008-07-28 09:47 <DIR> d-------- C:\Arquivos de programas\AVG

2008-07-27 01:27 . 2008-07-27 01:27 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-07-24 17:21 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\skypePM

2008-07-14 18:21 . 2008-07-14 18:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Skype

2008-07-14 18:20 . 2008-07-14 18:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-05 13:51 1,901 ----a-w C:\WINDOWS\panose.bin

2008-07-05 12:22 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-05 12:22 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-05 12:22 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\Haali

2008-06-20 23:38 --------- d-----w C:\Arquivos de programas\CoreCodec

2008-06-20 23:37 21,764 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-28 09:47 1232152]

"C-Media Mixer"="Mixer.exe" [2001-06-11 06:05 1110016 C:\WINDOWS\mixer.exe]

"CountrySelection"="pctptt.exe" [2000-01-05 04:41 68096 C:\WINDOWS\system32\pctptt.exe]

 

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-15 20:51:46 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager

"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

 

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 09:22]

S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-28 09:47]

S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 09:47]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 09:22]

S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe []

S2 Pctspk;W2K PCtel speaker phone;C:\WINDOWS\System32\pctspk.exe [2000-01-19 06:30]

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-04 13:08:10

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-08-04 13:10:49

ComboFix-quarantined-files.txt 2008-08-04 16:10:46

ComboFix2.txt 2008-08-03 21:40:34

 

Pre-Run: 5,086,871,552 bytes disponíveis

Post-Run: 5,093,228,544 bytes disponíveis

 

112

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 13:17:57, on 04/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Meus documentos\Lia\Programas\linha defensiva\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203358348309

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://topguard066.dipmap.com/ssi.cgi/cab/...hecker_8198.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{0D210024-2510-4662-B1EE-E3E0DDF43CDC}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\System32\pctspk.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Para finalizar, Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções;

 

Caso seu problema ja tenha sido resolvido, responda esse tópico informando.

 

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigada! Estava com dificuldades no DSL aqui, mas já estou baixando o SP3.

 

Meu pai chega aqui com o pendrive infectado e não passa o anti-virus antes de abrir. Eu vivo reclamando com ele, mas agora, depois dessa dor de cabeça toda acho que ele aprendeu.

 

Só tem uma coisa. Meu micro é em rede. Eu vou abrir um novo topico, pq eu descobri que o tal arquivo "gbieh.dll" está no outro computador. Vou passar o combofix e o hijackthis na outra máquina e criar um novo topico, ok?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico ja criado, e o problema resolvido

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.