recouto 0 Denunciar post Postado Outubro 5, 2008 Meu pc está muito lento, já fiz uma limpeza nos arquivos mas não melhorou, segue o log para analise, desde já agradeço Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:16, on 5/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\SnAgOS.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\SnLiveUp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\SnEngine.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Regina Couto\Configurações locais\Temporary Internet Files\Content.IE5\YAHYGY89\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download Video on This Page - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Arquivos de programas\Tomato\TubeDownload\IELink.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Download Video - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra 'Tools' menuitem: Download Video on This Page - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A2BF5D6A-739D-42D8-B007-2A737E1FD14F}: NameServer = 201.10.1.2 201.10.120.3 O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE -- End of file - 8947 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 6, 2008 Opa recouto, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta. OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
recouto 0 Denunciar post Postado Outubro 6, 2008 fiz o procedimento mas não consegui localizar o conteúdo do combofix então estou mandando um novo log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:59, on 2008-10-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\SnAgOS.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\SnLiveUp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\SnEngine.EXE C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Regina Couto\Meus documentos\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download Video on This Page - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Arquivos de programas\Tomato\TubeDownload\IELink.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Download Video - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra 'Tools' menuitem: Download Video on This Page - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A2BF5D6A-739D-42D8-B007-2A737E1FD14F}: NameServer = 201.10.1.2 201.10.120.3 O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE -- End of file - 9072 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 6, 2008 Fica em C:\ComboFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 6, 2008 Fica em C:\ComboFix.txt Exatamente. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
recouto 0 Denunciar post Postado Outubro 7, 2008 Acho que é isto ComboFix 08-10-05.11 - Regina Couto 2008-10-06 14:49:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.93 [GMT -3:00] Executando de: C:\Documents and Settings\Regina Couto\Meus documentos\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 8, 2008 Acho que é isto ComboFix 08-10-05.11 - Regina Couto 2008-10-06 14:49:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.93 [GMT -3:00] Executando de: C:\Documents and Settings\Regina Couto\Meus documentos\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . O log está incompleto. Execute o ComboFix em Modo Seguro e retorne com o resultado. Compartilhar este post Link para o post Compartilhar em outros sites
recouto 0 Denunciar post Postado Outubro 8, 2008 :clap: agora deu certo lá vai ComboFix 08-10-05.11 - Regina Couto 2008-10-07 23:33:02.1 - NTFSx86 MINIMAL Executando de: C:\Documents and Settings\Regina Couto\Meus documentos\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . /wow section não completado ((((((((((((((((((((((( Ficheiros criados de 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))) . 2008-09-21 16:33 . 2008-09-22 00:05 <DIR> d-------- C:\Documents and Settings\Regina Couto\Dados de aplicativos\gtk-2.0 2008-09-21 16:33 . 2008-09-21 16:33 <DIR> d-------- C:\Documents and Settings\Regina Couto\.thumbnails 2008-09-21 16:30 . 2008-09-22 00:16 <DIR> d-------- C:\Documents and Settings\Regina Couto\.gimp-2.4 2008-09-21 16:29 . 2008-09-21 16:29 <DIR> d-------- C:\Arquivos de programas\GIMP-2.0 2008-09-09 23:01 . 2008-09-09 23:01 268 --ah----- C:\sqmdata19.sqm 2008-09-09 23:01 . 2008-09-09 23:01 244 --ah----- C:\sqmnoopt19.sqm 2008-09-09 18:53 . 2008-09-09 18:53 268 --ah----- C:\sqmdata18.sqm 2008-09-09 18:53 . 2008-09-09 18:53 244 --ah----- C:\sqmnoopt18.sqm . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 02:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-10-08 02:22 --------- d-----w C:\Arquivos de programas\Brasil Telecom Turbo 2008-10-05 22:55 --------- d-----w C:\Documents and Settings\Regina Couto\Dados de aplicativos\Vso 2008-10-03 02:16 --------- d-----w C:\Arquivos de programas\DreMule 2008-09-19 12:02 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-09-12 19:48 --------- d-----w C:\Documents and Settings\Regina Couto\Dados de aplicativos\CmapTools 2008-09-10 15:18 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-09-05 02:28 --------- d-----w C:\Documents and Settings\Regina Couto\Dados de aplicativos\uTorrent 2008-08-30 17:57 --------- d-----w C:\Documents and Settings\Regina Couto\Dados de aplicativos\FrostWire 2008-08-30 03:00 --------- d-----w C:\Arquivos de programas\uTorrent 2008-08-21 17:33 1,786 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-08-20 23:14 5,607 ----a-w C:\WINDOWS\~GLH000f.TMP 2008-08-20 23:14 27,136 ----a-w C:\WINDOWS\~GLH000e.TMP 2008-08-20 23:14 155,136 ----a-w C:\WINDOWS\~GLC0007.TMP 2008-08-20 14:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-08-18 03:42 --------- d-----w C:\Arquivos de programas\Java 2008-08-11 20:30 --------- d-----w C:\Arquivos de programas\IHMC CmapTools 2008-08-11 20:07 --------- d--h--w C:\Arquivos de programas\Zero G Registry 2008-07-28 21:22 5,607 ----a-w C:\WINDOWS\~GLH000d.TMP 2008-07-28 21:21 27,136 ----a-w C:\WINDOWS\~GLH000c.TMP 2008-07-28 21:21 155,136 ----a-w C:\WINDOWS\~GLC0006.TMP 2008-07-22 00:27 5,607 ----a-w C:\WINDOWS\~GLH000b.TMP 2008-07-22 00:27 27,136 ----a-w C:\WINDOWS\~GLH000a.TMP 2008-07-22 00:27 155,136 ----a-w C:\WINDOWS\~GLC0005.TMP 2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-04-23 22:32 87,608 ----a-w C:\Documents and Settings\Regina Couto\Dados de aplicativos\inst.exe 2008-04-23 22:32 47,360 ----a-w C:\Documents and Settings\Regina Couto\Dados de aplicativos\pcouffin.sys 2008-04-21 21:52 1,024 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\pdfppt2.dll 2008-04-19 00:58 1,024 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\imgdoc2.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "a-winpoet-service"="C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe" [2004-09-16 405504] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-18 185896] "NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "VTTimer"="VTTimer.exe" [2008-03-17 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2008-03-17 C:\WINDOWS\system32\VTTrayp.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-09-01 374856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2008-09-01 14:47 384840 C:\ARQUIV~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-09-01 17:12 374856 C:\Arquivos de programas\GbPlugin\gbiehcef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\DreMule\\emule.exe"= "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "C:\\Arquivos de programas\\Ares\\Ares.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56856:TCP"= 56856:TCP:Pando P2P TCP Listening Port "56856:UDP"= 56856:UDP:Pando P2P UDP Listening Port R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 12464] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 78416] S1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-05-30 22784] S1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-05-30 35464] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560] S2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 15048] S2 SNMgrSvc;SNMgrSvc;C:\WINDOWS\system32\SnMgrSvc.exe [2007-05-30 280712] S2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 52214] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ] S3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 30336] S3 WrKPoET2000;WrKPoET2000;C:\Arquivos de programas\Brasil Telecom Turbo\WrKPoET2000.sys [2004-09-16 52214] S3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604] . - - - - ORFAOS REMOVIDOS - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-AudioDeck - C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe HKLM-Run-NBKeyScan - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Ccan Suplementar ------- . R0 -: HKCU-Main,Start Page = hxxp://www.globo.com/ R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: Download Video on This Page - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O8 -: Download Video This Links To - C:\Arquivos de programas\Tomato\TubeDownload\IELink.html O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 -: {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 -: {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html - O16 -: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - hxxps://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab C:\WINDOWS\Downloaded Program Files\SecureControl2k.inf C:\WINDOWS\Downloaded Program Files\AtmCap.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 23:34:28 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1??|????$i?|????` $????????????????????????????????? Procurando ficheiros ocultos ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . Tempo para conclusão: 2008-10-07 23:40:29 ComboFix-quarantined-files.txt 2008-10-08 02:40:28 Pre-Run: 8 pasta(s) 43,152,486,400 bytes disponíveis Post-Run: 12 pasta(s) 43,238,334,464 bytes disponíveis 165 --- E O F --- 2008-09-09 21:52:51 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 14, 2008 Opa recouto, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::C:\Documents and Settings\Regina Couto\Dados de aplicativos\inst.exe C:\Documents and Settings\Regina Couto\Dados de aplicativos\pcouffin.sys C:\Documents and Settings\All Users\Dados de aplicativos\pdfppt2.dll C:\Documents and Settings\All Users\Dados de aplicativos\imgdoc2.dll C:\WINDOWS\system32\PerfStringBackup.TMP C:\WINDOWS\~GLH000f.TMP C:\WINDOWS\~GLH000e.TMP C:\WINDOWS\~GLC0007.TMP C:\WINDOWS\~GLH000d.TMP C:\WINDOWS\~GLH000c.TMP C:\WINDOWS\~GLC0006.TMP C:\WINDOWS\~GLH000b.TMP C:\WINDOWS\~GLH000a.TMP C:\WINDOWS\~GLC0005.TMP ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
recouto 0 Denunciar post Postado Outubro 21, 2008 Desculpe-me a demora mas estava sem internet segue o novo log e combofix ComboFix 08-10-19.04 - Regina Couto 2008-10-22 9:02:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.131 [GMT -2:00] Executando de: C:\Documents and Settings\Regina Couto\Desktop\ComboFix.exe Comandos utilizados :: C:\Documents and Settings\Regina Couto\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: C:\Documents and Settings\All Users\Dados de aplicativos\imgdoc2.dll C:\Documents and Settings\All Users\Dados de aplicativos\pdfppt2.dll C:\Documents and Settings\Regina Couto\Dados de aplicativos\inst.exe C:\Documents and Settings\Regina Couto\Dados de aplicativos\pcouffin.sys C:\WINDOWS\~GLC0005.TMP C:\WINDOWS\~GLC0006.TMP C:\WINDOWS\~GLC0007.TMP C:\WINDOWS\~GLH000a.TMP C:\WINDOWS\~GLH000b.TMP C:\WINDOWS\~GLH000c.TMP C:\WINDOWS\~GLH000d.TMP C:\WINDOWS\~GLH000e.TMP C:\WINDOWS\~GLH000f.TMP C:\WINDOWS\system32\PerfStringBackup.TMP . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:08, on 2008-10-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\SnAgOS.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\SnLiveUp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SnEngine.EXE C:\Documents and Settings\Regina Couto\Meus documentos\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Brasil Telecom Turbo\winpppoverethernet.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download Video on This Page - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Arquivos de programas\Tomato\TubeDownload\IELink.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Download Video - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra 'Tools' menuitem: Download Video on This Page - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - C:\Arquivos de programas\Tomato\TubeDownload\IEPage.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A2BF5D6A-739D-42D8-B007-2A737E1FD14F}: NameServer = 201.10.1.2 201.10.120.3 O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Arquivos de programas\Brasil Telecom Turbo\WrOS.EXE -- End of file - 8689 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 23, 2008 Opa recouto, O log do ComboFix está incompleto. Preciso que você poste um log na íntegra. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 23, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
