Weick 1 Denunciar post Postado Junho 29, 2009 Oi pessoal. Tô aqui com um PC infectado por uma praga que faz com que o IExplorer abra, constantemente, uma janela e tente acessar o endereço "http://www_getwindowinfo/" e toda vez que tento fechar a janela, abre uma nova, e outra, e mais outra e... Segue abaixo log do HiJack para análise. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:11, on 28/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\VMSnap3.exe C:\Arquivos de programas\Java.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\ARQUIV~1\MICROS~4\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\ARQUIV~1\MICROS~4\rapimgr.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\IExplore.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iMJPMIG8.2] msime82.exe O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat O4 - Global Startup: Java.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1 O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe -- End of file - 9246 bytes Grande abraço, Weick. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 29, 2009 Boa Noite! Weick <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Junho 29, 2009 Opa, DigRam! Saca só: ComboFix ComboFix 09-06-29.02 - Administrador 29/06/2009 20:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.580 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ADS - drivers: deleted 308 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\svc.exe c:\windows\system32\msconfig.exe c:\windows\Tasks\startt.job . (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))) . 2009-06-29 20:57 . 2009-06-29 20:58 -------- d-----w- c:\arquivos de programas\LG Electronics 2009-06-29 20:56 . 2009-06-29 20:56 -------- d-----w- C:\GSMULTI 2009-06-29 20:54 . 2009-06-29 20:55 -------- d-----w- C:\DOWNLOAD 2009-06-29 20:54 . 2009-06-29 20:54 -------- d-----w- C:\LG Electronics 2009-06-29 20:48 . 2009-06-29 20:48 -------- d-----w- C:\a 2009-06-29 20:09 . 2009-06-29 20:09 -------- d-----w- C:\install 2009-06-29 01:07 . 2009-06-29 01:08 401720 ----a-w- C:\HiJackThis.exe 2009-06-27 10:23 . 2008-11-03 12:45 3232373 ----a-w- c:\arquivos de programas\Java.exe 2009-06-26 19:24 . 2009-06-26 20:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy 2009-06-26 19:24 . 2009-06-26 19:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-06-26 19:19 . 2009-06-26 19:19 -------- d-----w- C:\Manual LG 2009-06-26 17:44 . 2009-06-26 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel 2009-06-26 17:39 . 2009-06-26 19:17 -------- d-----w- C:\VErsao d eSW - LG 2009-06-26 17:35 . 2009-06-16 09:25 104384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe 2009-06-26 16:53 . 2009-06-29 20:56 65536 ----a-w- c:\windows\IFinst27.exe 2009-06-26 16:52 . 2009-06-26 16:52 -------- d-----w- C:\Sistema LG 2009-06-26 16:35 . 2009-06-15 10:21 47048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2BLGMLauncher.exe 2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\windows\system32\CommonDL.dll 2009-06-26 16:35 . 2005-10-04 04:39 44544 ----a-w- c:\windows\system32\msxml4a.dll 2009-06-26 16:35 . 2009-06-17 09:12 124880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LiveUpdateAgent\B2BFileUpdateAgent.exe 2009-06-26 16:35 . 2009-06-24 10:28 210888 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BAppUninstall.exe 2009-06-26 16:35 . 2009-06-24 10:28 911296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BCheckApp.exe 2009-06-26 16:35 . 2009-06-24 10:26 458752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMUpgradeDL.dll 2009-06-26 16:35 . 2009-06-15 09:30 24576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDLRapi.dll 2009-06-26 16:35 . 2009-06-15 09:30 86016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDL.dll 2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\CommonDL.dll 2009-06-26 16:34 . 2009-06-26 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX 2009-06-26 16:34 . 2009-06-29 20:44 -------- d-----w- C:\Download LG 2009-06-20 03:09 . 2009-06-20 03:15 -------- d-----w- c:\arquivos de programas\MP4 Converter 2009-06-20 03:04 . 2009-06-20 03:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo 2009-06-20 02:53 . 2009-06-20 02:53 -------- d-----w- C:\MyDownloads 2009-06-20 01:46 . 2009-06-20 01:46 -------- d-----w- c:\arquivos de programas\Xilisoft 2009-06-12 04:04 . 2009-06-12 04:16 -------- d-----w- c:\arquivos de programas\ReadManiac 2009-06-07 22:24 . 2009-06-07 22:29 -------- d-----w- c:\arquivos de programas\All To AVI VCD SVCD DVD MPEG Converter Pro 2009-06-05 02:35 . 2009-06-05 02:35 -------- d-----w- c:\arquivos de programas\Intelore 2009-06-04 15:06 . 2009-06-04 15:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\dvdcss 2009-06-04 01:12 . 2009-06-22 06:34 -------- d-----w- c:\arquivos de programas\VideoLAN 2009-06-01 00:26 . 2009-06-01 01:36 -------- d-----w- c:\arquivos de programas\MegaJogos 2009-05-31 21:24 . 2009-05-31 21:24 0 ----a-w- c:\windows\nsreg.dat . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-29 20:58 . 2008-05-20 16:26 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-06-29 13:13 . 2008-05-29 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-06-29 00:47 . 2009-05-11 05:52 -------- d-----w- c:\arquivos de programas\jw 2009-06-27 14:03 . 2008-08-13 16:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-26 18:03 . 2008-05-29 21:59 -------- d-----w- c:\arquivos de programas\GbPlugin 2009-06-26 17:48 . 2008-08-13 16:18 65536 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe 2009-06-26 17:48 . 2008-08-13 16:18 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe 2009-06-26 12:52 . 2008-05-26 14:46 -------- d-----w- c:\arquivos de programas\Motorola Service Tools 2009-06-25 19:57 . 2001-10-28 12:07 66614 ----a-w- c:\windows\system32\perfc016.dat 2009-06-25 19:57 . 2001-10-28 12:07 3260 ----a-w- c:\windows\system32\perfh016.dat 2009-06-22 14:08 . 2009-03-03 17:47 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2009-06-19 13:36 . 2008-05-21 14:20 -------- d-----w- c:\arquivos de programas\Motofone Reflash 2009-05-29 00:10 . 2009-05-29 00:06 103509 ------w- c:\windows\hpoins04.dat 2009-05-29 00:10 . 2009-05-29 00:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard 2009-05-25 23:33 . 2008-05-21 14:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-05-20 23:51 . 2008-05-21 14:01 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools 2009-05-20 23:45 . 2008-05-21 14:02 -------- d-----w- c:\arquivos de programas\Avanquest update 2009-05-16 17:53 . 2009-04-18 13:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-05-09 03:27 . 2009-05-09 03:05 -------- d-----w- c:\arquivos de programas\MIKSOFT 2009-05-07 23:48 . 2009-05-07 23:46 -------- d-----w- c:\arquivos de programas\Jasc Software Inc 2009-05-07 15:33 . 2008-09-25 13:56 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 01:05 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Go!Zilla 2009-05-03 20:47 . 2009-05-03 20:47 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Openworld Learning 2009-05-03 20:35 . 2009-05-03 20:35 -------- d-----w- c:\arquivos de programas\VIAudioi 2009-04-29 04:45 . 2004-08-04 05:45 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2008-09-25 13:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:50 . 2008-09-25 13:56 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2008-09-25 13:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-07 13:01 . 2009-04-07 13:01 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys 2009-04-07 13:00 . 2009-04-07 13:00 202827 -c--a-w- c:\windows\system32\atasnt40.dll 2009-04-01 14:50 . 2009-04-01 14:50 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "H/PC Connection Agent"="c:\arquiv~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "B2B_AGENT"="c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" [2009-06-16 104384] "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2008-09-26 949376] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "BigDog303"="c:\windows\VM303_STI.EXE" [2005-11-05 61440] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "Java"="c:\arquivos de programas\Java.exe" [2008-11-03 3232373] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ SIFT.lnk - c:\motorola\sift_startup.bat [2003-11-7 1923] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Java.exe [2008-11-3 3232373] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Motorola\\MotoConnect\\SWDL.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Arquivos de programas\\Motorola\\PST\\pst.exe"= "c:\\Arquivos de programas\\Motofone Reflash\\F3_REFLASH.exe"= "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [3/3/2009 14:47 26984] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26/9/2008 17:09 15424] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [29/5/2008 18:59 53736] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [14/7/2008 14:56 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/12/2008 11:18 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/12/2008 11:18 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/12/2008 11:18 42112] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/8/2008 12:45 23296] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [14/7/2008 14:56 23680] S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [14/7/2008 11:50 48896] S3 UTS2pl;Foxlink Serial port driver;c:\windows\system32\drivers\UTS2pl.sys [25/5/2004 16:48 43264] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [28/5/2009 21:01 480128] S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Conteúdo da pasta 'Tarefas Agendadas' 2009-06-29 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 01:18] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-IMJPMIG8.2 - msime82.exe HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.compartilhando.org/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Trusted Zone: gigabyte.com.tw\download TCP: {D636F3B8-7E95-42B0-A088-CBD4BDCCA67D} = 192.168.1.1 DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/goldrush/sis/gamehouseplayer.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\gcdowtun.default\ FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-29 20:09 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.2 = msime82.exe???. AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???c:\documents and???|???|????????????dor\Desktop\Vi BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(456) c:\arquiv~1\GbPlugin\gbiehabn.dll c:\arquivos de programas\GbPlugin\gbiehcef.dll - - - - - - - > 'lsass.exe'(512) c:\windows\system32\imon.dll c:\arquivos de programas\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(3868) c:\arquiv~1\GbPlugin\gbiehabn.dll c:\arquivos de programas\GbPlugin\gbiehcef.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\ESET\nod32krn.exe c:\windows\system32\rundll32.exe c:\arquiv~1\MICROS~4\rapimgr.exe . ************************************************************************** . Tempo para conclusão: 2009-06-29 20:13 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-06-29 23:13 Pré-execução: 47 pasta(s) 16.535.363.584 bytes disponíveis Pós execução: 47 pasta(s) 16.532.922.368 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 251 --- E O F --- 2009-06-11 15:28 HiJack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:15:34, on 29/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\VMSnap3.exe C:\Arquivos de programas\Java.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\ARQUIV~1\MICROS~4\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe C:\ARQUIV~1\MICROS~4\rapimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat O4 - Global Startup: Java.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1 O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe -- End of file - 8589 bytes Muito obrigado mais uma vez e vamo seguindo ;D Weick. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 30, 2009 Boa Noite! Weick <@> Abra o Spybot Search & Destroy! <@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme! <@> Clique no botão Ferramentas e depois em Residente. <@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema ) <><><><><><><><><><> <@> Baixe: < Malwarebytes > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><> <@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 7, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites