carol2906 0 Denunciar post Postado Agosto 22, 2008 Oi meu pc que era bem rápido virou uma carroça, não sei se ele está cheio ou se é por algum programa que andei instalando ultimamente... Aqui vai o log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 19:32:55, on 22/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\mcafee.com\agent\mcdetect.exe c:\ARQUIV~1\mcafee.com\vso\mcshield.exe c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\Karol\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 23, 2008 Baixe o Combofix e salve no seu desktop. Feche todas as janelas e programas Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção. Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt. Atenção: Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco. Para parar ou sair do ComboFix, tecle "2" e Enter. Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 23, 2008 ComboFix 08-08-21.02 - Karol 2008-08-23 18:40:56.5 - NTFSx86 Executando de: C:\Documents and Settings\Karol\Desktop\ComboFix.exe * Criado um novo ponto de restauro * Resident AV is active ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . Logfile of HijackThis v1.99.1 Scan saved at 18:47, on 2008-08-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\mcafee.com\agent\mcdetect.exe c:\ARQUIV~1\mcafee.com\vso\mcshield.exe c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\Karol\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O17 - HKLM\System\CS2\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 23, 2008 Execute o combofix em modo segurança Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 24, 2008 Combofix: ComboFix 08-08-21.02 - Karol 2008-08-23 21:23:58.6 - NTFSx86 MINIMAL Executando de: C:\Documents and Settings\Karol\Desktop\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Karol\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WJLSHJ7Q\interclick.com C:\Documents and Settings\Karol\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WJLSHJ7Q\interclick.com\ud.sol C:\Documents and Settings\Karol\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Karol\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.dll C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.exe C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\IEGetPlugin.ocx C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\isusweb.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\winhelp.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((( Ficheiros criados de 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))) . 2008-08-23 21:16 . 2008-08-23 21:16 <DIR> d-------- C:\Documents and Settings\Administrador 2008-08-22 20:53 . 2004-09-30 03:19 132,864 -r------- C:\WINDOWS\Cmuda.ini 2008-08-22 20:53 . 2008-08-22 20:53 179 --a------ C:\WINDOWS\system\CmiCnfg.ini 2008-08-22 20:53 . 2008-08-22 20:53 92 --a------ C:\WINDOWS\CMISETUP.INI 2008-08-22 20:53 . 2008-08-22 20:53 26 --a------ C:\WINDOWS\CMCDPLAY.INI 2008-08-22 20:53 . 2008-08-22 20:53 0 --a------ C:\WINDOWS\Wininit.ini 2008-08-22 20:52 . 2008-08-22 20:52 <DIR> d-------- C:\Arquivos de programas\C-Media 3D Audio 2008-08-22 20:52 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe 2008-08-22 20:52 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe 2008-08-22 20:52 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\Realtek AC97 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\AvRack 2008-08-22 20:47 . 2001-07-05 13:19 164 -r------- C:\WINDOWS\avrack.ini 2008-08-22 20:46 . 2005-06-20 23:09 18,751,488 -r------- C:\WINDOWS\system32\alsndmgr.cpl 2008-08-22 20:46 . 2005-06-20 10:39 9,410,048 -r------- C:\WINDOWS\system32\RTLCPL.exe 2008-08-22 20:46 . 2005-06-20 11:08 2,324,480 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys 2008-08-22 20:46 . 2005-06-02 05:31 294,912 -r------- C:\WINDOWS\alcupd.exe 2008-08-22 20:46 . 2005-06-02 05:43 200,704 -r------- C:\WINDOWS\alcrmv.exe 2008-08-22 20:46 . 2004-09-07 03:23 156,672 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2008-08-22 20:46 . 2002-02-05 02:54 141,016 -r------- C:\WINDOWS\system32\alsndmgr.wav 2008-08-22 20:46 . 2005-06-20 10:42 77,824 -r------- C:\WINDOWS\soundman.exe 2008-08-22 20:46 . 2005-05-18 02:38 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-08-22 19:53 . 2008-08-22 19:53 169 --a------ C:\WINDOWS\RtlRack.ini 2008-08-22 13:24 . 2008-08-22 13:24 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\BitSpirit 2008-08-22 13:24 . 2008-08-22 13:24 <DIR> d-------- C:\Arquivos de programas\BitSpirit 2008-08-20 22:09 . 2008-08-20 22:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel 2008-08-09 08:31 . 2008-08-09 08:33 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\zweitgeist 2008-08-08 16:02 . 2008-08-08 16:02 <DIR> d-------- C:\Arquivos de programas\Noiseware Professional Edition 2008-08-08 15:53 . 2008-08-11 19:46 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Imagenomic 2008-08-08 15:47 . 2008-08-11 15:22 <DIR> d-------- C:\Arquivos de programas\Imagenomic 2008-08-07 16:40 . 2008-08-07 16:40 244 --ah----- C:\sqmnoopt16.sqm 2008-08-07 16:40 . 2008-08-07 16:40 232 --ah----- C:\sqmdata16.sqm 2008-08-07 16:34 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-07 16:34 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp77D7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp5BD7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp31E7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp24E7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp08E7C.FOT 2008-08-04 16:24 . 2008-08-04 16:24 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\CANON INC 2008-08-04 16:24 . 2008-08-20 20:36 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\CameraWindowDC 2008-08-04 16:23 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-04 16:23 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-03 11:48 . 2008-08-20 20:37 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\ZoomBrowser EX 2008-08-03 11:26 . 2008-08-03 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ZoomBrowser 2008-08-03 11:26 . 2008-08-03 11:28 <DIR> d-------- C:\Arquivos de programas\Canon 2008-08-03 11:23 . 2008-08-03 11:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Canon 2008-08-03 10:00 . 2008-08-04 13:00 <DIR> d-------- C:\Documents and Settings\Karol\Phone Browser 2008-08-03 09:56 . 2008-08-03 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite 2008-08-03 09:55 . 2008-08-03 09:55 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Nokia 2008-08-03 09:54 . 2008-08-03 09:54 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\PC Suite 2008-08-03 09:54 . 2008-08-03 09:54 <DIR> d-------- C:\Arquivos de programas\DIFX 2008-08-03 09:53 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-03 09:51 . 2008-08-03 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations 2008-07-30 18:35 . 2008-08-05 20:33 <DIR> d-------- C:\Arquivos de programas\Oi Velox 2008-07-28 20:54 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 00:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-08-22 23:52 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-08-22 23:30 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2 2008-08-22 23:13 --------- d-----w C:\Arquivos de programas\LimeWire 2008-08-22 22:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-08-22 22:46 --------- d-----w C:\Arquivos de programas\AMP Font Viewer 2008-08-22 16:59 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\LimeWire 2008-08-21 17:57 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-08-21 17:57 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-08-21 01:08 --------- d-----w C:\Arquivos de programas\Corel 2008-08-19 16:45 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution 2008-08-19 12:08 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-08-15 23:22 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\Image Zone Express 2008-08-15 18:06 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\Nero 2008-07-11 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2007-11-10 17:00 2 ----a-w C:\Arquivos de programas\history.rcd 2007-08-18 22:34 533 ----a-w C:\Arquivos de programas\UnInst.log 2005-12-13 17:36 3,072 ----a-w C:\Arquivos de programas\shlres.dll 2005-07-01 23:44 114,688 ----a-w C:\Arquivos de programas\mcvsshl.dll 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe 2002-04-09 19:16 622,592 ----a-w C:\Arquivos de programas\recorder.exe 1998-02-12 19:54 149,504 ----a-w C:\Arquivos de programas\convert.dll 2007-09-05 15:58 88 --sh--r C:\WINDOWS\system32\65D31702E2.sys 2008-01-16 11:17 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" [X] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152] "CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-09-05 20:17 159744] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\soundman.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GbPluginCef"="C:\ARQUIV~1\GbPlugin\gbiehCef.dll" [2008-07-23 15:12 366664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2007-11-19 18:02 341928] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" [2008-07-23 15:12 366664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2007-11-19 18:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehCef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn] 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Arquivos de programas\\BitSpirit\\BitSpirit.exe"= R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-04-28 17:38] R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2008-07-23 15:15] R3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05] R3 DCamUSBSTK017;STK017 Camera;C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 20:39] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09] R3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53] . - - - - ORFAOS REMOVIDOS - - - - --------------------------------------------------------------- HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 21:45, on 2008-08-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [ GbPluginCef] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehCef.dll,Gbieh O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 25, 2008 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::C:\WINDOWS\CmiRmRedundDir.exe C:\WINDOWS\system32\65D31702E2.sys Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 25, 2008 Oi , fiz como você falou, só que não executei o combofix em modo de segurança,era pra ser assim? se fer me fala que faço de novo: ComboFix 08-08-21.02 - Karol 2008-08-25 15:14:32.7 - NTFSx86 Executando de: C:\Documents and Settings\Karol\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Karol\Desktop\CFScript.txt * Criado um novo ponto de restauro ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! FILE :: C:\WINDOWS\CmiRmRedundDir.exe C:\WINDOWS\system32\65D31702E2.sys . --------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:20, on 2008-08-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing) Estes são os logs. até mais. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 26, 2008 Repita os procedimentos acima, mais desta vez em modo segurança. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 26, 2008 Seguem os logs: ComboFix 08-08-21.02 - Karol 2008-08-26 8:29:45.7 - NTFSx86 MINIMAL Executando de: C:\Documents and Settings\Karol\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Karol\Desktop\CFScript.txt ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! FILE :: C:\WINDOWS\CmiRmRedundDir.exe C:\WINDOWS\system32\65D31702E2.sys . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Karol\Cookies\karol@visit.kodak[1].txt C:\WINDOWS\CmiRmRedundDir.exe C:\WINDOWS\system32\65D31702E2.sys . ((((((((((((((((((((((( Ficheiros criados de 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))) . 2008-08-25 12:35 . 2008-08-25 12:35 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Ambient Design 2008-08-25 12:32 . 2008-08-25 12:32 <DIR> d-------- C:\Arquivos de programas\Ambient Design 2008-08-24 10:24 . 2008-08-24 10:24 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Symantec 2008-08-24 10:20 . 2008-08-24 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-08-24 10:19 . 2008-08-25 08:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-08-23 21:44 . 2008-08-23 21:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-08-23 21:44 . 2008-08-23 21:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-08-23 21:44 . 2008-08-23 21:44 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais 2008-08-23 21:44 . 2008-08-23 21:44 <DIR> d-------- C:\Documents and Settings\Karol\Configuraþ§es locais 2008-08-23 21:16 . 2008-08-23 21:16 <DIR> d-------- C:\Documents and Settings\Administrador 2008-08-22 20:53 . 2004-09-30 03:19 132,864 -r------- C:\WINDOWS\Cmuda.ini 2008-08-22 20:53 . 2008-08-22 20:53 179 --a------ C:\WINDOWS\system\CmiCnfg.ini 2008-08-22 20:53 . 2008-08-22 20:53 92 --a------ C:\WINDOWS\CMISETUP.INI 2008-08-22 20:53 . 2008-08-22 20:53 26 --a------ C:\WINDOWS\CMCDPLAY.INI 2008-08-22 20:53 . 2008-08-22 20:53 0 --a------ C:\WINDOWS\Wininit.ini 2008-08-22 20:52 . 2008-08-22 20:52 <DIR> d-------- C:\Arquivos de programas\C-Media 3D Audio 2008-08-22 20:52 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe 2008-08-22 20:52 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\Realtek AC97 2008-08-22 20:47 . 2008-08-22 20:47 <DIR> d-------- C:\Arquivos de programas\AvRack 2008-08-22 20:47 . 2001-07-05 13:19 164 -r------- C:\WINDOWS\avrack.ini 2008-08-22 20:46 . 2005-06-20 23:09 18,751,488 -r------- C:\WINDOWS\system32\alsndmgr.cpl 2008-08-22 20:46 . 2005-06-20 10:39 9,410,048 -r------- C:\WINDOWS\system32\RTLCPL.exe 2008-08-22 20:46 . 2005-06-20 11:08 2,324,480 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys 2008-08-22 20:46 . 2005-06-02 05:31 294,912 -r------- C:\WINDOWS\alcupd.exe 2008-08-22 20:46 . 2005-06-02 05:43 200,704 -r------- C:\WINDOWS\alcrmv.exe 2008-08-22 20:46 . 2004-09-07 03:23 156,672 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2008-08-22 20:46 . 2002-02-05 02:54 141,016 -r------- C:\WINDOWS\system32\alsndmgr.wav 2008-08-22 20:46 . 2005-06-20 10:42 77,824 -r------- C:\WINDOWS\soundman.exe 2008-08-22 20:46 . 2005-05-18 02:38 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-08-22 19:53 . 2008-08-22 19:53 169 --a------ C:\WINDOWS\RtlRack.ini 2008-08-22 13:24 . 2008-08-22 13:24 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\BitSpirit 2008-08-22 13:24 . 2008-08-25 08:38 <DIR> d-------- C:\Arquivos de programas\BitSpirit 2008-08-20 22:09 . 2008-08-20 22:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel 2008-08-09 08:31 . 2008-08-09 08:33 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\zweitgeist 2008-08-08 16:02 . 2008-08-08 16:02 <DIR> d-------- C:\Arquivos de programas\Noiseware Professional Edition 2008-08-08 15:53 . 2008-08-11 19:46 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Imagenomic 2008-08-08 15:47 . 2008-08-11 15:22 <DIR> d-------- C:\Arquivos de programas\Imagenomic 2008-08-07 16:40 . 2008-08-07 16:40 244 --ah----- C:\sqmnoopt16.sqm 2008-08-07 16:40 . 2008-08-07 16:40 232 --ah----- C:\sqmdata16.sqm 2008-08-07 16:34 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-07 16:34 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp77D7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp5BD7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp31E7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp24E7C.FOT 2008-08-05 20:35 . 2008-08-05 20:35 1,409 --a------ C:\WINDOWS\system32\tmp08E7C.FOT 2008-08-04 16:24 . 2008-08-04 16:24 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\CANON INC 2008-08-04 16:24 . 2008-08-24 19:00 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\CameraWindowDC 2008-08-04 16:23 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-04 16:23 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-03 11:48 . 2008-08-24 19:00 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\ZoomBrowser EX 2008-08-03 11:26 . 2008-08-03 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ZoomBrowser 2008-08-03 11:26 . 2008-08-03 11:28 <DIR> d-------- C:\Arquivos de programas\Canon 2008-08-03 11:23 . 2008-08-03 11:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Canon 2008-08-03 10:00 . 2008-08-04 13:00 <DIR> d-------- C:\Documents and Settings\Karol\Phone Browser 2008-08-03 09:56 . 2008-08-03 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite 2008-08-03 09:55 . 2008-08-03 09:55 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\Nokia 2008-08-03 09:54 . 2008-08-03 09:54 <DIR> d-------- C:\Documents and Settings\Karol\Dados de aplicativos\PC Suite 2008-08-03 09:54 . 2008-08-03 09:54 <DIR> d-------- C:\Arquivos de programas\DIFX 2008-08-03 09:53 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-03 09:51 . 2008-08-03 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations 2008-07-30 18:35 . 2008-08-05 20:33 <DIR> d-------- C:\Arquivos de programas\Oi Velox 2008-07-28 20:54 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 11:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-08-24 02:29 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\LimeWire 2008-08-22 23:52 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-08-22 23:30 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2 2008-08-22 23:13 --------- d-----w C:\Arquivos de programas\LimeWire 2008-08-22 22:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-08-22 22:46 --------- d-----w C:\Arquivos de programas\AMP Font Viewer 2008-08-21 17:57 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-08-21 17:57 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-08-21 01:08 --------- d-----w C:\Arquivos de programas\Corel 2008-08-19 16:45 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution 2008-08-19 12:08 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-08-15 23:22 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\Image Zone Express 2008-08-15 18:06 --------- d-----w C:\Documents and Settings\Karol\Dados de aplicativos\Nero 2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-11 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 661,504 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-10 17:00 2 ----a-w C:\Arquivos de programas\history.rcd 2007-08-18 22:34 533 ----a-w C:\Arquivos de programas\UnInst.log 2005-12-13 17:36 3,072 ----a-w C:\Arquivos de programas\shlres.dll 2005-07-01 23:44 114,688 ----a-w C:\Arquivos de programas\mcvsshl.dll 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe 2002-04-09 19:16 622,592 ----a-w C:\Arquivos de programas\recorder.exe 1998-02-12 19:54 149,504 ----a-w C:\Arquivos de programas\convert.dll 2008-01-16 11:17 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-23_21.44.00.65 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-25 15:32:13 81,582 ----a-r C:\WINDOWS\Installer\{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}\controlPanelIcon_1.exe - 2007-05-27 11:58:17 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe + 2008-08-24 03:40:00 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe - 2007-05-27 11:58:18 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe + 2008-08-24 03:40:02 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe - 2007-05-27 11:58:18 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe + 2008-08-24 03:40:02 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe - 2007-05-27 11:58:18 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe + 2008-08-24 03:40:02 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe - 2007-05-27 11:58:18 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe + 2008-08-24 03:40:02 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe - 2007-05-27 11:58:17 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe + 2008-08-24 03:40:00 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe + 2007-04-11 09:11:00 511,328 ----a-w C:\WINDOWS\system32\capicom.dll - 2004-09-05 23:16:38 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll + 2008-02-20 05:37:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll - 2007-06-19 13:31:22 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll + 2008-02-20 06:51:35 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll - 2007-03-08 15:33:32 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-03-20 08:09:41 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys - 2004-09-05 23:16:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll + 2008-02-20 05:37:59 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll - 2008-08-21 10:42:25 399,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-08-25 11:30:56 399,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-06-19 13:31:22 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll + 2008-02-20 06:51:35 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll - 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys + 2008-03-20 08:09:41 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys + 2006-12-02 01:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 03:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 03:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 03:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 03:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 03:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 03:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll . -- Snapshot reset to current date -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" [X] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152] "CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088] "Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-09-05 20:17 159744] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\soundman.exe] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2007-11-19 18:02 341928] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" [2008-07-23 15:12 366664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2007-11-19 18:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehCef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn] 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-04-28 17:38] R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2008-07-23 15:15] R3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05] R3 DCamUSBSTK017;STK017 Camera;C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 20:39] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09] R3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-26 08:34:33 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... ************************************************************************** . Tempo para conclusão: 2008-08-26 8:38:41 ComboFix-quarantined-files.txt 2008-08-26 11:37:39 ComboFix2.txt 2008-08-24 00:44:31 Pre-Run: 9 pasta(s) 17,899,413,504 bytes disponíveis Post-Run: 13 pasta(s) 18,545,455,104 bytes disponíveis 234 --- E O F --- 2008-08-25 02:39:23 ________________________________________________________________________________ _________________ Logfile of HijackThis v1.99.1 Scan saved at 08:45, on 2008-08-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\RunOnce: [ GbPluginCef] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehCef.dll,Gbieh O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing) Até mais. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 26, 2008 Acesse o scan online da Kaspersky Só funciona com o Internet Explorer! Clique no botão Clique em I Accept. Vai aparecer na barra de informações que o site está pedindo para instalar o controle ActiveX. Confirme. Aguarde a instalação e a atualização (demora um pouco), então clique em Scan Settings. Em Scan Settings, deixe as opções abaixo marcadas: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases e clique em OK. Na próxima página, clique em My Computer para inicie o scan. O scan é demorado, tenha paciência. Ao final do scan, clique em Save as text para salvar o log. Poste o log do Kaspersky mais um do Hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 31, 2008 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, August 31, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, August 31, 2008 11:48:08 Records in database: 1172011 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 166668 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 02:26:32 File name / Threat name / Threats count C:\Arquivos de programas\MP3 Player Utilities 4.00\DelDrv.exe Infected: not-a-virus:RiskTool.Win32.Deleter.e 1 C:\Arquivos de programas\STK017_V2.01\STK017D.exe Infected: not-a-virus:AdWare.Win32.Cres.a 1 E:\Meus documentos\Minhas músicas\MUSICAS BAIXADAS\manual do novo gerente\Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.dva 1 The selected area was scanned. -------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:49, on 2008-08-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Karol\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090408 serial=DR12WEX-1504397-KTY lang=BP O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe O4 - Global Startup: STK017 PNP Monitor.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 31, 2008 Apague a pasta abaixo C:\Arquivos de programas\STK017_V2.01\STK017D.exe Seu log estar limpo, algum problema? :) Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 31, 2008 Eu excluí a pasta que você falou, o que era aquilo? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Agosto 31, 2008 Era um AdWare. Ok, o log estar limpo :) - Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix. Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3. Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb): http://www.microsoft.com/downloads/details...splayLang=pt-br - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner ◘ Abra o programa e clique em Executar Limpeza; ◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros - Desative e ative novamente a Restauração do Sistema Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Setembro 1, 2008 Valeu, obrigado mesmo! Vou fazer o que você falou! Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 1, 2008 PROBLEMA RESOLVIDO Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Setembro 1, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
