poly 0 Denunciar post Postado Maio 24, 2009 oi gente, bem eu não sei exatamente o que aconteceu com meu pc, mas ontem eu estava usando normalmente durante o dia, mas de noite minha irmã foi usar e quando ela ligou a barra de tarefas não iniciou, agora a barra não aparece, ou demora muito tempo para aparecer, o pc tá lento e o avg acusou alguns virus, eu consegui tirar alguns mas ainda assim a barra não aparece. Eu sou leiga nesses assuntos, espero que alguém possa em ajudar. obrigada! :) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:49, on 24/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\IDT\10302008194515\STacSV.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\IDT\WDM\sttray.exe C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Dados de aplicativos\aim rect help creative\PURE CREATIVE.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [once knob] C:\DOCUME~1\ADMINI~1\DADOSD~1\64FOR~1\link load meet.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1225415199484 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Roteamento e acesso remoto RemoteAccessmnmsrvc (remoteaccessmnmsrvc) - Unknown owner - C:\WINDOWS\system32\1025t.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\10302008194515\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 8991 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 25, 2009 Boa Noite! poly <@> Baixe: < LopS&D > <@> Salve-o no Disco Local-C! <@> Instale o programa e clique em: LopSD.cmd <@> Na janela que abrir,aperte o "p" --> Aperte Enter. <@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde! <@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena. <@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt ) <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
poly 0 Denunciar post Postado Maio 26, 2009 Boa Noite! poly <@> Baixe: < LopS&D > <@> Salve-o no Disco Local-C! <@> Instale o programa e clique em: LopSD.cmd <@> Na janela que abrir,aperte o "p" --> Aperte Enter. <@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde! <@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena. <@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt ) <@> Poste,também,HijackThis atualizado. Abraços! Boa noite DigRam! aqui está o relatório: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : Default System BIOS USER : Administrador ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.5 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go) D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( seg 25/05/2009|21:01 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS Deletado! - C:\WINDOWS\Tasks\A8FAAFDE918525EA.job Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\aim rect help creative\PURE CREATIVE.dat Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\aim rect help creative Deletado! - C:\DOCUME~1\ADMINI~1\DADOSD~1\64for~1 Deletado! - C:\DOCUME~1\Poly\DADOSD~1\64for~1 Deletado! - C:\Arquivos de programas\64for~1 Deletado! - C:\Arquivos de programas\Circle Developement - [ Arquivos/Ficheiros Hosts ] .. RESTAURADO \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Lista de pastas em DADOSD~1 [08/02/2009|01:33] C:\DOCUME~1\ADMINI~1\DADOSD~1\Adobe [30/10/2008|21:12] C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeUM [30/10/2008|19:50] C:\DOCUME~1\ADMINI~1\DADOSD~1\Ahead [19/05/2009|19:38] C:\DOCUME~1\ADMINI~1\DADOSD~1\AIMP [30/10/2008|18:41] C:\DOCUME~1\ADMINI~1\DADOSD~1\Identities [30/10/2008|19:22] C:\DOCUME~1\ADMINI~1\DADOSD~1\InstallShield [30/10/2008|21:06] C:\DOCUME~1\ADMINI~1\DADOSD~1\Macromedia [24/05/2009|12:31] C:\DOCUME~1\ADMINI~1\DADOSD~1\Malwarebytes [02/12/2008|11:47] C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic [07/03/2009|13:10] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft [31/10/2008|09:25] C:\DOCUME~1\ADMINI~1\DADOSD~1\Mozilla [25/04/2009|09:39] C:\DOCUME~1\ADMINI~1\DADOSD~1\Skype [25/04/2009|09:36] C:\DOCUME~1\ADMINI~1\DADOSD~1\skypePM [25/05/2009|20:05] C:\DOCUME~1\ADMINI~1\DADOSD~1\Spyware Terminator [01/11/2008|20:14] C:\DOCUME~1\ADMINI~1\DADOSD~1\Sun [29/01/2009|18:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe [29/01/2009|18:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems [30/10/2008|18:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead [27/01/2009|10:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8 [02/04/2009|19:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin [08/02/2009|11:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Last.fm [24/05/2009|12:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes [06/11/2008|05:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus! [30/10/2008|19:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft [30/10/2008|18:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero [22/12/2008|09:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage [09/04/2009|21:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype [24/05/2009|17:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy [24/05/2009|18:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spyware Terminator [20/12/2008|10:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage [02/11/2008|18:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller [31/01/2009|17:26] C:\DOCUME~1\CONVID~1\DADOSD~1\Adobe [23/12/2008|15:46] C:\DOCUME~1\CONVID~1\DADOSD~1\Identities [31/01/2009|17:08] C:\DOCUME~1\CONVID~1\DADOSD~1\Macromedia [27/02/2009|14:44] C:\DOCUME~1\CONVID~1\DADOSD~1\Microsoft [31/01/2009|17:07] C:\DOCUME~1\CONVID~1\DADOSD~1\Mozilla [30/10/2008|18:38] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft [30/10/2008|18:38] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft [30/10/2008|18:38] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft [18/12/2008|09:07] C:\DOCUME~1\Poly\DADOSD~1\Identities [18/12/2008|09:08] C:\DOCUME~1\Poly\DADOSD~1\Microsoft [18/12/2008|09:11] C:\DOCUME~1\Poly\DADOSD~1\Mozilla --------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks [25/05/2009 20:39][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/10/2001 14:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Lista de pastas em C:\Arquivos de programas [29/01/2009|19:05] C:\Arquivos de programas\Adobe [01/01/2009|15:36] C:\Arquivos de programas\AIMP2 [09/05/2009|22:37] C:\Arquivos de programas\Arquivos comuns [09/05/2009|22:38] C:\Arquivos de programas\AskBarDis [30/10/2008|19:05] C:\Arquivos de programas\AVG [24/05/2009|17:35] C:\Arquivos de programas\CCleaner [16/11/2008|17:47] C:\Arquivos de programas\Combined Community Codec Pack [30/10/2008|18:35] C:\Arquivos de programas\ComPlus Applications [25/05/2009|20:47] C:\Arquivos de programas\Crawler [21/02/2009|00:25] C:\Arquivos de programas\data [18/03/2009|18:35] C:\Arquivos de programas\Digipix D-Book [09/05/2009|22:37] C:\Arquivos de programas\DVDVideoSoft [08/05/2009|20:31] C:\Arquivos de programas\eMule [30/10/2008|19:10] C:\Arquivos de programas\ESET [24/05/2009|12:46] C:\Arquivos de programas\GbPlugin [16/11/2008|17:47] C:\Arquivos de programas\IDT [12/04/2009|21:49] C:\Arquivos de programas\InstallShield Installation Information [30/10/2008|19:22] C:\Arquivos de programas\Intel [10/02/2009|12:32] C:\Arquivos de programas\Internet Explorer [09/04/2009|14:45] C:\Arquivos de programas\Java [27/03/2009|22:32] C:\Arquivos de programas\Last.fm [24/05/2009|12:31] C:\Arquivos de programas\Malwarebytes' Anti-Malware [16/11/2008|17:47] C:\Arquivos de programas\Messenger [22/04/2009|21:25] C:\Arquivos de programas\Messenger Plus! Live [10/02/2009|12:31] C:\Arquivos de programas\Microsoft [09/11/2008|18:37] C:\Arquivos de programas\microsoft frontpage [30/10/2008|19:01] C:\Arquivos de programas\Microsoft Office [30/10/2008|19:02] C:\Arquivos de programas\Microsoft.NET [09/11/2008|14:56] C:\Arquivos de programas\Movie Maker [25/05/2009|20:53] C:\Arquivos de programas\Mozilla Firefox [30/10/2008|18:35] C:\Arquivos de programas\MSN Gaming Zone [02/11/2008|23:29] C:\Arquivos de programas\MSXML 4.0 [30/10/2008|18:51] C:\Arquivos de programas\Nero [12/04/2009|21:49] C:\Arquivos de programas\Net Studio [09/11/2008|14:53] C:\Arquivos de programas\NetMeeting [09/11/2008|14:53] C:\Arquivos de programas\Outlook Express [24/05/2009|10:31] C:\Arquivos de programas\Panda Security [12/11/2008|08:23] C:\Arquivos de programas\PhotoFiltre Studio [04/03/2009|13:31] C:\Arquivos de programas\PluginLetras [30/10/2008|18:37] C:\Arquivos de programas\Servi‡os on-line [09/04/2009|21:39] C:\Arquivos de programas\Skype [24/05/2009|12:16] C:\Arquivos de programas\Spybot - Search & Destroy [24/05/2009|20:27] C:\Arquivos de programas\Spyware Terminator [15/03/2009|15:26] C:\Arquivos de programas\Topaz Labs [30/10/2008|18:37] C:\Arquivos de programas\Uninstall Information [10/02/2009|12:34] C:\Arquivos de programas\Windows Live [10/02/2009|12:30] C:\Arquivos de programas\Windows Live SkyDrive [07/03/2009|13:24] C:\Arquivos de programas\Windows Media Connect 2 [08/02/2009|11:42] C:\Arquivos de programas\Windows Media Player [09/11/2008|14:53] C:\Arquivos de programas\Windows NT [30/10/2008|18:37] C:\Arquivos de programas\WindowsUpdate [30/10/2008|18:38] C:\Arquivos de programas\WinRAR [09/11/2008|18:37] C:\Arquivos de programas\xerox [06/03/2009|10:20] C:\Arquivos de programas\XP Codec Pack --------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns [29/01/2009|19:03] C:\Arquivos de programas\Arquivos comuns\Adobe [29/01/2009|18:52] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared [30/10/2008|18:53] C:\Arquivos de programas\Arquivos comuns\Ahead [30/10/2008|19:01] C:\Arquivos de programas\Arquivos comuns\DESIGNER [09/05/2009|22:37] C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft [30/10/2008|18:44] C:\Arquivos de programas\Arquivos comuns\InstallShield [30/10/2008|18:39] C:\Arquivos de programas\Arquivos comuns\Java [18/02/2009|13:21] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared [30/10/2008|18:36] C:\Arquivos de programas\Arquivos comuns\MSSoap [30/10/2008|16:30] C:\Arquivos de programas\Arquivos comuns\ODBC [30/10/2008|18:36] C:\Arquivos de programas\Arquivos comuns\Servi‡os [09/04/2009|21:39] C:\Arquivos de programas\Arquivos comuns\Skype [30/10/2008|16:30] C:\Arquivos de programas\Arquivos comuns\SpeechEngines [09/11/2008|14:53] C:\Arquivos de programas\Arquivos comuns\System [30/10/2008|19:42] C:\Arquivos de programas\Arquivos comuns\Windows Live [02/11/2008|20:24] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller --------------------\\ Process ( 34 Processes ) ... OK ! --------------------\\ Procura pelo S_Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura no Registro [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Verificando o Arquivos/Ficheiros Hosts Arquivos/Ficheiros Hosts LIMPO --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 21:03:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Procurando por outras infecções Não foram encontradas outras infecções. [F:27][D:9]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp [F:26][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies [F:456][D:5]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - seg 25/05/2009|21:04 - Option : [2] e aqui o hijackthis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:41, on 25/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\Crawler\CToolbar.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrador\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\ARQUIV~1\Crawler\ctbr.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: crawler search - tbr:iemenu O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Roteamento e acesso remoto RemoteAccessmnmsrvc (remoteaccessmnmsrvc) - Unknown owner - C:\WINDOWS\system32\1025t.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\10302008194515\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7401 bytes muito obrigada pela ajuda (: abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 26, 2009 Boa Noite! poly <@> Abra o Spybot Search & Destroy! <@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme! <@> Clique no botão Ferramentas e depois em Residente. <@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema ) <><><><><><><><><><><> <@> Baixe: < ToolBar S&D > <@> Salve-o no Disco Local-C,em uma pasta própria. <@> Reinicie o computador,em Modo de Segurança. <-- Importante! <@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok. <@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde! <@> Terminando,poste os relatórios: ( C:\ToolBar SD\TB_1.txt ) + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
poly 0 Denunciar post Postado Maio 26, 2009 Boa Noite! :} aqui está o relatorio: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : Default System BIOS USER : Administrador ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.5 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go) D:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( ter 26/05/2009|20:04 ) C:\Arquivos de programas\Mozilla Firefox\searchplugins\crawlersrch.xml -----------\\ REMOVIDOS Deletado! - C:\Arquivos de programas\AskBarDis\bar Deletado! - C:\Arquivos de programas\AskBarDis\PopSwatter Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe Deletado! - C:\Arquivos de programas\Crawler\adrkeys.dat Deletado! - C:\Arquivos de programas\Crawler\COMMON_FF.dat Deletado! - C:\Arquivos de programas\Crawler\confirm.dat Deletado! - C:\Arquivos de programas\Crawler\ctbcomm.dll Deletado! - C:\Arquivos de programas\Crawler\ctbr.dll Deletado! - C:\Arquivos de programas\Crawler\CTConf.dat Deletado! - C:\Arquivos de programas\Crawler\CTipsDef.dll Deletado! - C:\Arquivos de programas\Crawler\CToolbar.exe Deletado! - C:\Arquivos de programas\Crawler\CUpdate.exe Deletado! - C:\Arquivos de programas\Crawler\Download Deletado! - C:\Arquivos de programas\Crawler\firefox Deletado! - C:\Arquivos de programas\Crawler\Languages Deletado! - C:\Arquivos de programas\Crawler\lookfor.dat Deletado! - C:\Arquivos de programas\Crawler\majorse.dat Deletado! - C:\Arquivos de programas\Crawler\rootmenu.dat Deletado! - C:\Arquivos de programas\Crawler\services.dat Deletado! - C:\Arquivos de programas\Crawler\STWSGLanguageAct Deletado! - C:\Arquivos de programas\Crawler\STWSG_FF.dat Deletado! - C:\Arquivos de programas\Crawler\TBR5LanguageAct Deletado! - C:\Arquivos de programas\Crawler\Update Deletado! - C:\Arquivos de programas\Crawler\WebSecurityGuard.dll Deletado! - C:\Arquivos de programas\Crawler\WSGData Deletado! - C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\Barra de Ferramentas Crawler Deletado! - C:\Arquivos de programas\Mozilla Firefox\searchplugins\crawlersrch.xml Deletado! - C:\Arquivos de programas\AskBarDis Deletado! - C:\Arquivos de programas\Crawler -----------\\ Procura por Arquivos / Ficheiros ... -----------\\ Extensions (Administrador) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Start Page"="http://www.msn.com/" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Url"="http://go.microsoft.com/fwlink/?LinkId=75724" "Url"="http://go.microsoft.com/fwlink/?LinkId=75723" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" --------------------\\ Procurando por outras infecções Não foram encontradas outras infecções. 1 - "C:\ToolBar SD\TB_1.txt" - ter 26/05/2009|20:05 - Option : [2] -----------\\ Verificação completa em 20:05:08,23 e o hijackthis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:12:19, on 26/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Roteamento e acesso remoto RemoteAccessmnmsrvc (remoteaccessmnmsrvc) - Unknown owner - C:\WINDOWS\system32\1025t.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\10302008194515\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6394 bytes Obrigada! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 27, 2009 Boa Noite! poly <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
poly 0 Denunciar post Postado Maio 27, 2009 aqui estão os relatórios: COMBOFIX ComboFix 09-05-26.02 - Administrador 26/05/2009 21:58.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.795 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))) . 2009-05-26 00:49 . 2009-05-26 00:49 -------- d-----w C:\toolbarsd 2009-05-26 00:48 . 2009-05-27 00:56 -------- d-----w C:\ToolBar SD 2009-05-26 00:00 . 2009-05-26 22:51 -------- d-----w C:\Lop SD 2009-05-25 23:16 . 2009-05-26 23:00 -------- d-----w c:\documents and settings\Administrador\Pavark 2009-05-24 21:03 . 2009-05-24 21:03 6144 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe 2009-05-24 21:03 . 2009-05-24 21:03 5632 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys 2009-05-24 21:03 . 2009-05-24 21:03 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys 2009-05-24 21:03 . 2009-05-27 00:28 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-26 00:50 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-24 23:27 -------- d-----w c:\arquivos de programas\Spyware Terminator 2009-05-24 20:35 . 2009-05-24 20:35 -------- d-----w c:\arquivos de programas\CCleaner 2009-05-24 19:39 . 2009-05-24 19:39 7168 ----a-w c:\windows\system32\drivers\utexnjq5.sys 2009-05-24 18:10 . 2009-05-27 00:50 27392032 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-24 18:10 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\72681715.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-05-24 15:31 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 15:31 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-05-24 15:16 . 2009-05-26 23:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-05-24 15:16 . 2009-05-24 15:16 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-05-24 13:31 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-05-24 13:31 . 2009-05-24 13:31 -------- d-----w c:\arquivos de programas\Panda Security 2009-05-23 23:49 . 2009-05-23 23:49 32 --s-a-w c:\windows\system32\476966340.dat 2009-05-20 16:48 . 2009-05-16 15:52 2051864 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-05-20 16:48 . 2009-05-16 15:52 354584 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgxch32.dll 2009-05-20 16:48 . 2009-05-16 15:52 3288344 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe 2009-05-20 16:48 . 2009-05-16 15:52 424472 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgwdwsc.dll 2009-05-20 16:48 . 2009-05-16 15:52 312088 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avglngx.dll 2009-05-20 16:48 . 2009-05-16 15:52 177432 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmail.dll 2009-05-20 16:48 . 2009-05-16 15:52 486168 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsx.exe 2009-05-20 16:47 . 2009-05-16 15:49 755992 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll 2009-05-20 16:47 . 2009-05-16 15:49 1437464 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll 2009-05-17 23:06 . 2009-05-17 23:06 -------- d-sh--r C:\DATA 2009-05-17 23:06 . 2009-05-24 15:36 -------- d-sh--r C:\RESTORE 2009-05-10 01:37 . 2002-01-05 18:37 344064 ----a-w c:\windows\system32\msvcr70.dll 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\DVDVideoSoft . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-27 00:53 . 2009-04-23 00:30 111612 ----a-w c:\windows\system32\drivers\c3c2ff99.sys 2009-05-27 00:35 . 2009-05-24 18:10 295772 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-26 23:25 . 2008-11-22 23:25 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-24 15:46 . 2009-04-02 22:33 -------- d-----w c:\arquivos de programas\GbPlugin 2009-05-19 22:38 . 2009-01-01 18:36 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AIMP 2009-05-16 15:52 . 2008-10-30 22:05 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 15:52 . 2008-10-30 22:05 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-08 23:31 . 2008-10-31 11:05 -------- d-----w c:\arquivos de programas\eMule 2009-04-25 12:39 . 2009-04-10 00:40 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Skype 2009-04-25 12:36 . 2009-04-10 00:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2009-04-23 00:25 . 2008-11-05 23:18 -------- d-----w c:\arquivos de programas\Messenger Plus! Live 2009-04-13 00:49 . 2009-04-13 00:49 -------- d-----w c:\arquivos de programas\Net Studio 2009-04-13 00:49 . 2008-10-30 21:44 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-10 00:43 . 2009-04-10 00:43 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----r c:\arquivos de programas\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Skype 2009-04-09 17:45 . 2008-10-30 21:39 -------- d-----w c:\arquivos de programas\Java 2009-04-09 17:44 . 2009-04-09 17:44 152576 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-02 22:33 . 2009-04-02 22:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-28 01:32 . 2009-02-08 14:41 -------- d-----w c:\arquivos de programas\Last.fm 2009-03-18 21:34 . 2009-02-22 12:49 341 -c--a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat 2009-03-15 18:22 . 2009-03-15 18:21 5423104 ----a-w c:\windows\system32\tlpsplib10.dll 2009-03-09 08:19 . 2009-01-17 01:21 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 13:19 . 2009-03-06 13:19 7751011 ----a-w c:\arquivos de programas\XP-Codec-Pack_2.4.6.exe 2009-02-21 03:25 . 2009-02-21 03:25 37835 ----a-w c:\arquivos de programas\desinstalar.exe 2008-12-16 00:17 . 2009-01-01 18:34 53 ----a-w c:\arquivos de programas\MD5.txt 2002-07-05 03:35 . 2002-06-30 01:52 2080357 ----a-w c:\arquivos de programas\mario.exe 2002-07-03 23:05 . 2002-06-30 14:21 1521 ----a-w c:\arquivos de programas\leiame.txt 2000-12-02 10:09 . 2002-06-30 14:21 284160 ----a-w c:\arquivos de programas\cncs232.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msmsgs"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928] "USBFW"="c:\arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKLM\~\startupfolder\c:^documents and settings^administrador^menu iniciar^programas^inicializar^adobe gamma.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^all users^menu iniciar^programas^inicializar^adobe reader speed launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/4/2009 19:33 31296] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/5/2009 10:31 28544] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/10/2008 19:05 325896] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/10/2008 19:05 108552] S1 c3c2ff99;c3c2ff99;c:\windows\system32\drivers\c3c2ff99.sys [22/4/2009 21:30 111612] S1 ethcjqqo;ethcjqqo;c:\windows\system32\drivers\ethcjqqo.sys --> c:\windows\system32\drivers\ethcjqqo.sys [?] S1 ethdyjxb;ethdyjxb;c:\windows\system32\drivers\ethdyjxb.sys --> c:\windows\system32\drivers\ethdyjxb.sys [?] S1 ethecxte;ethecxte;c:\windows\system32\drivers\ethecxte.sys --> c:\windows\system32\drivers\ethecxte.sys [?] S1 ethhzbsm;ethhzbsm;c:\windows\system32\drivers\ethhzbsm.sys --> c:\windows\system32\drivers\ethhzbsm.sys [?] S1 ethmuerb;ethmuerb;c:\windows\system32\drivers\ethmuerb.sys --> c:\windows\system32\drivers\ethmuerb.sys [?] S1 ethtzfmg;ethtzfmg;c:\windows\system32\drivers\ethtzfmg.sys --> c:\windows\system32\drivers\ethtzfmg.sys [?] S1 ethxhsmb;ethxhsmb;c:\windows\system32\drivers\ethxhsmb.sys --> c:\windows\system32\drivers\ethxhsmb.sys [?] S1 is-sm6pedrv;is-SM6PEdrv;c:\windows\system32\drivers\72681715.sys [24/5/2009 15:10 148496] S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24/5/2009 18:03 142592] S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [30/10/2008 19:05 908568] S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [30/10/2008 19:05 298776] S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2/4/2009 19:33 52808] S2 zaxmc;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336] S2 zpnchpdoi;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336] S3 utexnjq5;AVZ Kernel Driver;c:\windows\system32\drivers\utexnjq5.sys [24/5/2009 16:39 7168] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs zpnchpdoi zaxmc . . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\w22dx2wm.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.click21.com.br/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-26 22:00 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zaxmc] "ServiceDll"="c:\windows\system32\jatobsyv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zpnchpdoi] "ServiceDll"="c:\windows\system32\jatobsyv.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1547161642-484763869-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€| –Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(232) c:\windows\system32\sirenacm.dll c:\windows\system32\ac3filter.acm c:\arquivos de programas\GbPlugin\gbiehcef.dll - - - - - - - > 'explorer.exe'(1024) c:\arquivos de programas\GbPlugin\gbiehcef.dll . Tempo para conclusão: 2009-05-27 22:01 ComboFix-quarantined-files.txt 2009-05-27 01:01 ComboFix2.txt 2009-05-27 00:50 ComboFix3.txt 2009-05-27 00:38 Pré-execução: 17 pasta(s) 149.554.012.160 bytes disponíveis Pós execução: 16 pasta(s) 149.545.299.968 bytes disponíveis 205 --- E O F --- 2009-01-15 02:34 HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:42, on 27/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\10302008194515\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6252 bytes Obrigada! :) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 28, 2009 Boa Noite! poly <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::c:\windows\system32\jatobsyv.dll Rootkit:: c:\windows\system32\drivers\c3c2ff99.sys Driver:: "zaxmc" "utexnjq5" "c3c2ff99" "zpnchpdoi" Netsvc:: "zaxmc" "zpnchpdoi" Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zaxmc] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zpnchpdoi] Firefox:: FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
poly 0 Denunciar post Postado Maio 28, 2009 boa noite! Aqui vão os logs atualizados: ComboFix 09-05-26.02 - Administrador 27/05/2009 21:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.755 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\jatobsyv.dll" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_utexnjq5 -------\Legacy_zaxmc -------\Legacy_ZPNCHPDOI -------\Service_c3c2ff99 -------\Service_utexnjq5 -------\Service_zaxmc -------\Service_zpnchpdoi (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))) . 2009-05-26 00:49 . 2009-05-26 00:49 -------- d-----w C:\toolbarsd 2009-05-26 00:48 . 2009-05-27 00:56 -------- d-----w C:\ToolBar SD 2009-05-26 00:00 . 2009-05-26 22:51 -------- d-----w C:\Lop SD 2009-05-25 23:16 . 2009-05-26 23:00 -------- d-----w c:\documents and settings\Administrador\Pavark 2009-05-24 21:03 . 2009-05-24 21:03 6144 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe 2009-05-24 21:03 . 2009-05-24 21:03 5632 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys 2009-05-24 21:03 . 2009-05-24 21:03 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys 2009-05-24 21:03 . 2009-05-27 22:53 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-27 22:54 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-24 23:27 -------- d-----w c:\arquivos de programas\Spyware Terminator 2009-05-24 20:35 . 2009-05-24 20:35 -------- d-----w c:\arquivos de programas\CCleaner 2009-05-24 19:39 . 2009-05-24 19:39 7168 ----a-w c:\windows\system32\drivers\utexnjq5.sys 2009-05-24 18:10 . 2009-05-28 00:42 44482592 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-24 18:10 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\72681715.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-05-24 15:31 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 15:31 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-05-24 15:16 . 2009-05-26 23:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-05-24 15:16 . 2009-05-24 15:16 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-05-24 13:31 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-05-24 13:31 . 2009-05-24 13:31 -------- d-----w c:\arquivos de programas\Panda Security 2009-05-23 23:49 . 2009-05-23 23:49 32 --s-a-w c:\windows\system32\476966340.dat 2009-05-20 16:48 . 2009-05-16 15:52 2051864 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-05-20 16:48 . 2009-05-16 15:52 354584 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgxch32.dll 2009-05-20 16:48 . 2009-05-16 15:52 3288344 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe 2009-05-20 16:48 . 2009-05-16 15:52 424472 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgwdwsc.dll 2009-05-20 16:48 . 2009-05-16 15:52 312088 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avglngx.dll 2009-05-20 16:48 . 2009-05-16 15:52 177432 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmail.dll 2009-05-20 16:48 . 2009-05-16 15:52 486168 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsx.exe 2009-05-20 16:47 . 2009-05-16 15:49 755992 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll 2009-05-20 16:47 . 2009-05-16 15:49 1437464 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll 2009-05-17 23:06 . 2009-05-17 23:06 -------- d-sh--r C:\DATA 2009-05-17 23:06 . 2009-05-24 15:36 -------- d-sh--r C:\RESTORE 2009-05-10 01:37 . 2002-01-05 18:37 344064 ----a-w c:\windows\system32\msvcr70.dll 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\DVDVideoSoft . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-28 00:41 . 2009-05-24 18:10 521684 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-26 23:25 . 2008-11-22 23:25 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-24 15:46 . 2009-04-02 22:33 -------- d-----w c:\arquivos de programas\GbPlugin 2009-05-19 22:38 . 2009-01-01 18:36 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AIMP 2009-05-16 15:52 . 2008-10-30 22:05 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 15:52 . 2008-10-30 22:05 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-08 23:31 . 2008-10-31 11:05 -------- d-----w c:\arquivos de programas\eMule 2009-04-25 12:39 . 2009-04-10 00:40 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Skype 2009-04-25 12:36 . 2009-04-10 00:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2009-04-23 00:25 . 2008-11-05 23:18 -------- d-----w c:\arquivos de programas\Messenger Plus! Live 2009-04-13 00:49 . 2009-04-13 00:49 -------- d-----w c:\arquivos de programas\Net Studio 2009-04-13 00:49 . 2008-10-30 21:44 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-10 00:43 . 2009-04-10 00:43 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----r c:\arquivos de programas\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Skype 2009-04-09 17:45 . 2008-10-30 21:39 -------- d-----w c:\arquivos de programas\Java 2009-04-09 17:44 . 2009-04-09 17:44 152576 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-02 22:33 . 2009-04-02 22:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-18 21:34 . 2009-02-22 12:49 341 -c--a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat 2009-03-15 18:22 . 2009-03-15 18:21 5423104 ----a-w c:\windows\system32\tlpsplib10.dll 2009-03-09 08:19 . 2009-01-17 01:21 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 13:19 . 2009-03-06 13:19 7751011 ----a-w c:\arquivos de programas\XP-Codec-Pack_2.4.6.exe 2009-02-21 03:25 . 2009-02-21 03:25 37835 ----a-w c:\arquivos de programas\desinstalar.exe 2008-12-16 00:17 . 2009-01-01 18:34 53 ----a-w c:\arquivos de programas\MD5.txt 2002-07-05 03:35 . 2002-06-30 01:52 2080357 ----a-w c:\arquivos de programas\mario.exe 2002-07-03 23:05 . 2002-06-30 14:21 1521 ----a-w c:\arquivos de programas\leiame.txt 2000-12-02 10:09 . 2002-06-30 14:21 284160 ----a-w c:\arquivos de programas\cncs232.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-27_01.00.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-28 00:42 . 2009-05-28 00:42 16384 c:\windows\temp\Perflib_Perfdata_47c.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msmsgs"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928] "USBFW"="c:\arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688] "SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-24 2176000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKLM\~\startupfolder\c:^documents and settings^administrador^menu iniciar^programas^inicializar^adobe gamma.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^all users^menu iniciar^programas^inicializar^adobe reader speed launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/4/2009 19:33 31296] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/5/2009 10:31 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/10/2008 19:05 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/10/2008 19:05 108552] R1 is-sm6pedrv;is-SM6PEdrv;c:\windows\system32\drivers\72681715.sys [24/5/2009 15:10 148496] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24/5/2009 18:03 142592] R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [30/10/2008 19:05 908568] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [30/10/2008 19:05 298776] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2/4/2009 19:33 52808] S1 ethcjqqo;ethcjqqo;c:\windows\system32\drivers\ethcjqqo.sys --> c:\windows\system32\drivers\ethcjqqo.sys [?] S1 ethdyjxb;ethdyjxb;c:\windows\system32\drivers\ethdyjxb.sys --> c:\windows\system32\drivers\ethdyjxb.sys [?] S1 ethecxte;ethecxte;c:\windows\system32\drivers\ethecxte.sys --> c:\windows\system32\drivers\ethecxte.sys [?] S1 ethhzbsm;ethhzbsm;c:\windows\system32\drivers\ethhzbsm.sys --> c:\windows\system32\drivers\ethhzbsm.sys [?] S1 ethmuerb;ethmuerb;c:\windows\system32\drivers\ethmuerb.sys --> c:\windows\system32\drivers\ethmuerb.sys [?] S1 ethtzfmg;ethtzfmg;c:\windows\system32\drivers\ethtzfmg.sys --> c:\windows\system32\drivers\ethtzfmg.sys [?] S1 ethxhsmb;ethxhsmb;c:\windows\system32\drivers\ethxhsmb.sys --> c:\windows\system32\drivers\ethxhsmb.sys [?] . . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\w22dx2wm.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.click21.com.br/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-27 21:42 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1547161642-484763869-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€| –Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(396) c:\arquivos de programas\GbPlugin\gbiehcef.dll - - - - - - - > 'Explorer.EXE'(1340) c:\arquivos de programas\GbPlugin\gbiehcef.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Spyware Terminator\sp_rsser.exe c:\arquivos de programas\IDT\10302008194515\stacsv.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquiv~1\AVG\AVG8\avgnsx.exe c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Tempo para conclusão: 2009-05-28 21:44 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-05-28 00:44 ComboFix2.txt 2009-05-27 01:01 ComboFix3.txt 2009-05-27 00:50 ComboFix4.txt 2009-05-27 00:38 Pré-execução: 17 pasta(s) 149.384.859.648 bytes disponíveis Pós execução: 16 pasta(s) 149.481.816.064 bytes disponíveis 226 --- E O F --- 2009-01-15 02:34 HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:19:47, on 27/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\10302008194515\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6607 bytes abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 28, 2009 Bom Dia! poly <@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas. <@> Salve-as,no desktop,como: CFScript <-- Texto! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Rootkit:: c:\windows\system32\drivers\ethcjqqo.sys c:\windows\system32\drivers\ethdyjxb.sys c:\windows\system32\drivers\ethecxte.sys c:\windows\system32\drivers\ethhzbsm.sys c:\windows\system32\drivers\ethmuerb.sys c:\windows\system32\drivers\ethtzfmg.sys c:\windows\system32\drivers\ethxhsmb.sys Driver:: "ethcjqqo" "ethdyjxb" "ethecxte" "ethhzbsm" "ethmuerb" "ethtzfmg" "ethxhsmb" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste o CFScript.txt,para o ícone do ComboFix. <@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe. <@> Terminando,poste: ComboFix.txt <-- <><><><><><><><><><><> <@> Baixe: < Taskbar Repair Tool Plus! > <@> Retire o executável do zip! <@> Rode a ferramenta e,em Taskbar Problems,execute a função "Taskbar is Missing". <@> Clique em Repair. <@> Existem outras,mas...essa correção lhe será adequada. <@> Ps: Informe sobre o fato do restabelecimento,de sua Barra de tarefas. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
poly 0 Denunciar post Postado Maio 28, 2009 Bom Dia! aqui vai o relatório: ComboFix 09-05-26.02 - Administrador 28/05/2009 8:12.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.597 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ethcjqqo -------\Service_ethdyjxb -------\Service_ethecxte -------\Service_ethhzbsm -------\Service_ethmuerb -------\Service_ethtzfmg -------\Service_ethxhsmb (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))) . 2009-05-26 00:49 . 2009-05-26 00:49 -------- d-----w C:\toolbarsd 2009-05-26 00:48 . 2009-05-27 00:56 -------- d-----w C:\ToolBar SD 2009-05-26 00:00 . 2009-05-26 22:51 -------- d-----w C:\Lop SD 2009-05-25 23:16 . 2009-05-26 23:00 -------- d-----w c:\documents and settings\Administrador\Pavark 2009-05-24 21:03 . 2009-05-24 21:03 6144 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe 2009-05-24 21:03 . 2009-05-24 21:03 5632 ----a-w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys 2009-05-24 21:03 . 2009-05-24 21:03 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys 2009-05-24 21:03 . 2009-05-27 22:53 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-27 22:54 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator 2009-05-24 21:03 . 2009-05-24 23:27 -------- d-----w c:\arquivos de programas\Spyware Terminator 2009-05-24 20:35 . 2009-05-24 20:35 -------- d-----w c:\arquivos de programas\CCleaner 2009-05-24 19:39 . 2009-05-24 19:39 7168 ----a-w c:\windows\system32\drivers\utexnjq5.sys 2009-05-24 18:10 . 2009-05-28 11:15 49174560 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-24 18:10 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\72681715.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-05-24 15:31 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 15:31 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-05-24 15:31 . 2009-05-24 15:31 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-05-24 15:16 . 2009-05-26 23:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-05-24 15:16 . 2009-05-24 15:16 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-05-24 13:31 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-05-24 13:31 . 2009-05-24 13:31 -------- d-----w c:\arquivos de programas\Panda Security 2009-05-23 23:49 . 2009-05-23 23:49 32 --s-a-w c:\windows\system32\476966340.dat 2009-05-20 16:48 . 2009-05-16 15:52 2051864 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-05-20 16:48 . 2009-05-16 15:52 354584 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgxch32.dll 2009-05-20 16:48 . 2009-05-16 15:52 3288344 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe 2009-05-20 16:48 . 2009-05-16 15:52 424472 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgwdwsc.dll 2009-05-20 16:48 . 2009-05-16 15:52 312088 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avglngx.dll 2009-05-20 16:48 . 2009-05-16 15:52 177432 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmail.dll 2009-05-20 16:48 . 2009-05-16 15:52 486168 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsx.exe 2009-05-20 16:47 . 2009-05-16 15:49 755992 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll 2009-05-20 16:47 . 2009-05-16 15:49 1437464 ----a-w c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll 2009-05-17 23:06 . 2009-05-17 23:06 -------- d-sh--r C:\DATA 2009-05-17 23:06 . 2009-05-24 15:36 -------- d-sh--r C:\RESTORE 2009-05-10 01:37 . 2002-01-05 18:37 344064 ----a-w c:\windows\system32\msvcr70.dll 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-05-10 01:37 . 2009-05-10 01:37 -------- d-----w c:\arquivos de programas\DVDVideoSoft . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-28 11:14 . 2009-05-24 18:10 575900 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-26 23:25 . 2008-11-22 23:25 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-24 15:46 . 2009-04-02 22:33 -------- d-----w c:\arquivos de programas\GbPlugin 2009-05-19 22:38 . 2009-01-01 18:36 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AIMP 2009-05-16 15:52 . 2008-10-30 22:05 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 15:52 . 2008-10-30 22:05 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-16 15:52 . 2008-10-30 22:05 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-08 23:31 . 2008-10-31 11:05 -------- d-----w c:\arquivos de programas\eMule 2009-04-25 12:39 . 2009-04-10 00:40 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Skype 2009-04-25 12:36 . 2009-04-10 00:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2009-04-23 00:25 . 2008-11-05 23:18 -------- d-----w c:\arquivos de programas\Messenger Plus! Live 2009-04-13 00:49 . 2009-04-13 00:49 -------- d-----w c:\arquivos de programas\Net Studio 2009-04-13 00:49 . 2008-10-30 21:44 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-10 00:43 . 2009-04-10 00:43 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----r c:\arquivos de programas\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-04-10 00:39 . 2009-04-10 00:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Skype 2009-04-09 17:45 . 2008-10-30 21:39 -------- d-----w c:\arquivos de programas\Java 2009-04-09 17:44 . 2009-04-09 17:44 152576 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-02 22:33 . 2009-04-02 22:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-18 21:34 . 2009-02-22 12:49 341 -c--a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat 2009-03-15 18:22 . 2009-03-15 18:21 5423104 ----a-w c:\windows\system32\tlpsplib10.dll 2009-03-09 08:19 . 2009-01-17 01:21 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 13:19 . 2009-03-06 13:19 7751011 ----a-w c:\arquivos de programas\XP-Codec-Pack_2.4.6.exe 2009-02-21 03:25 . 2009-02-21 03:25 37835 ----a-w c:\arquivos de programas\desinstalar.exe 2008-12-16 00:17 . 2009-01-01 18:34 53 ----a-w c:\arquivos de programas\MD5.txt 2002-07-05 03:35 . 2002-06-30 01:52 2080357 ----a-w c:\arquivos de programas\mario.exe 2002-07-03 23:05 . 2002-06-30 14:21 1521 ----a-w c:\arquivos de programas\leiame.txt 2000-12-02 10:09 . 2002-06-30 14:21 284160 ----a-w c:\arquivos de programas\cncs232.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-27_01.00.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-28 11:14 . 2009-05-28 11:14 16384 c:\windows\temp\Perflib_Perfdata_490.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msmsgs"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928] "USBFW"="c:\arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688] "SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-24 2176000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKLM\~\startupfolder\c:^documents and settings^administrador^menu iniciar^programas^inicializar^adobe gamma.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^all users^menu iniciar^programas^inicializar^adobe reader speed launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/4/2009 19:33 31296] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/5/2009 10:31 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/10/2008 19:05 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/10/2008 19:05 108552] R1 is-sm6pedrv;is-SM6PEdrv;c:\windows\system32\drivers\72681715.sys [24/5/2009 15:10 148496] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24/5/2009 18:03 142592] R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [30/10/2008 19:05 908568] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [30/10/2008 19:05 298776] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2/4/2009 19:33 52808] . . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\w22dx2wm.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.click21.com.br/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-28 08:15 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1547161642-484763869-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€| –Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(396) c:\arquivos de programas\GbPlugin\gbiehcef.dll - - - - - - - > 'Explorer.EXE'(1340) c:\arquivos de programas\GbPlugin\gbiehcef.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Spyware Terminator\sp_rsser.exe c:\arquivos de programas\IDT\10302008194515\stacsv.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquiv~1\AVG\AVG8\avgnsx.exe c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Tempo para conclusão: 2009-05-28 8:17 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-05-28 11:17 ComboFix2.txt 2009-05-28 00:44 ComboFix3.txt 2009-05-27 01:01 ComboFix4.txt 2009-05-27 00:50 ComboFix5.txt 2009-05-28 11:11 Pré-execução: 17 pasta(s) 149.467.045.888 bytes disponíveis Pós execução: 16 pasta(s) 149.453.168.640 bytes disponíveis 218 --- E O F --- 2009-01-15 02:34 a barra aparece mas eu não consigo usá-la. quando vou clicar aparece a ampulheta e não é possivel clicar ou utilizar nada como se tivesse travada. obrigada. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 28, 2009 Bom Dia! poly <@> Baixe: < Kaspersky Virus Removal Tool > <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Dê início ao exame,clicando em "Scan". <@> A verificação é muito demorada. <-- Aguarde! <@> Caso seja encontrada infecções,clique em "disinfect". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <><><><><><><><><><> <@> Execute,novamente,a correção com a ferramenta Taskbar Repair Tool Plus! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 4, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
