wrongdoer 0 Denunciar post Postado Agosto 11, 2010 Fala galera, beleza? Seguinte quando entro nos meus sites o Avast acusa que tem esse vírus no site o: JS:Redirector-CV [Trj], só que já baixei o site passei dois antivirus Kaspersky e Avast só que não encontraram nada, olhei alguns códigos de algumas páginas que são muitas. Pelo que consegui achar na internet esse vírus é um código malicioso que fica nas páginas em PHP e JavaScript, só que não consigo achar esse bendito código. Como tenho muitos sites, queria saber se tem como achar esse código de forma rápida?? PS: Passei antivírus nos dois computadores que trabalho, passei o programa MalwareAnti Bytes, Spybot Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 17, 2010 Olá! Desculpe-me a demora para responder. Você poderia me passar os links dos seus sites para eu poder analisá-los? Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 18, 2010 Olá! Desculpe-me a demora para responder. Você poderia me passar os links dos seus sites para eu poder analisá-los? Abraços :D Opa, tranquilo, ai vai os links: www.sindasp.org.br www.policiapenal.com.br www.apeaprudentina.com.br www.assdec.com.br www.cicerofelix.com.br Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais. Compartilhar este post Link para o post Compartilhar em outros sites
João Batista Neto 448 Denunciar post Postado Agosto 18, 2010 Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais. @wrongdoer, Esses sites são estáticos ou existe uma aplicação server-side ? Se houver uma aplicação server-side, muito provavelmente, o problema estará relacionado com XSS ou SQL Injection. Veja este tópico, o usuário descreve um problema similar ao seu :seta: http://forum.imasters.com.br/index.php?/topic/393665-problema-com-eval-virus-script/ Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 19, 2010 Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais. @wrongdoer, Esses sites são estáticos ou existe uma aplicação server-side ? Se houver uma aplicação server-side, muito provavelmente, o problema estará relacionado com XSS ou SQL Injection. Veja este tópico, o usuário descreve um problema similar ao seu :seta: http://forum.imasters.com.br/index.php?/topic/393665-problema-com-eval-virus-script/ @João Batista Neto, Pelo que estive pesquisando sobre esse vírus, eu acho que trata-se do SQL Injection. Porém achei um página que fala um pouco sobre o vírus, em russo ai eu traduzi para o português: Trojan.JS.Redirector.cv Tempo de detecção de 11 maio 2010 14:06 BRT Time Release Update 09 de maio de 2010 21:42 BRT Descrição publicado 21 junho de 2010 11:38 BRT Detalhes técnicos atividade destrutiva Remoção Detalhes técnicos Trojan programa que executa uma ação destrutiva no computador do usuário. É a página HTML contendo uma linguagem de script Java Script. O tamanho de 2.460 bytes. atividade destrutiva Quando você abre uma página infectada, o usuário do navegador, o cavalo de tróia redireciona o link a seguir: http://pb *** 0i.ru/in.cgi? 6 & ab_iframe = 0 & = 0 & ab_badtraffic ab_trash = 1 & antibot_hash bot = & id = 46 Além disso, dependendo da localização de um script malicioso na página HTML e tamanho da janela do navegador, o Trojan é executado e gera o link para a sua mensagem: http://pb *** 0i.ru/in.cgi? ab_iframe 6 & = 0 & = 0 & ab_badtraffic antibot_hash = 939579443 & ur = 1 & HTTP_REFERER = http://pb *** 0i.ru/ts/in.cgi? 181 & id = 46 No momento da escrita, os links não estão funcionando. Remoção Se o computador não estava protegido por antivírus e infectados com este malware, então excluí-lo, siga estes passos: 1. Excluir o arquivo original de Tróia (a sua localização no computador infectado vai depender de como o programa inicialmente penetraram na máquina da vítima). 2. Limpar o diretório de Arquivos Temporários da Internet, que podem conter arquivos infectados (Como faço para excluir os arquivos infectados na pasta Temporary Internet Files?): % Temporary Internet Files% Li atentamente o tópico que me mandou e não descarto a opção ser o script "eval". Mas preciso de um jeito que eu consiga achar essas linhas de modo rápido e fácil porque os sites tem muitas páginas em PHP e JavaScrip. Para que eu possa fazer a remoção do vírus. Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 20, 2010 Olá! Desculpe a demora para responder. O João batista pediu para que primeiro desinfectássemos seu pc para depois limpar seu site. Por favor, poste um log do HijackThis, seguindo a Regra Nº02 desta seção. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 23, 2010 Olá! Desculpe a demora para responder. O João batista pediu para que primeiro desinfectássemos seu pc para depois limpar seu site. Por favor, poste um log do HijackThis, seguindo a Regra Nº02 desta seção. Abraços :D Log HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:57:00, on 23/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001 C:\hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing) O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 14190 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 23, 2010 Olá! Por favor, a versão do seu hijackthis é antiga. Desinstale o HijackThis usando o Painel de Controle > Adicionar ou Remover Programas e instale a versão 2.0.4, seguindo a regra nº 02. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 23, 2010 Olá! Por favor, a versão do seu hijackthis é antiga. Desinstale o HijackThis usando o Painel de Controle > Adicionar ou Remover Programas e instale a versão 2.0.4, seguindo a regra nº 02. Abraços :D Olá, log Hijack versão 2.0.4, foi mal nem prestei atenção que versão do hijack estava usando no primeiro log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:39, on 23/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001 C:\Arquivos de programas\Ipswitch\WS_FTP 12\wsftpgui.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing) O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 14513 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 23, 2010 Olá! Por favor, siga as instruções abaixo, na ordem dada. ____________________________________________________ <<1>> Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) ____________________________________________________ <<2>> Acesse o site " Jotti's malware scan " Na caixa que fica em cima (File to upload & scan); Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001 C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1 [*]Clique no botão [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde. [*]Copie e cole o(s) resultado(s). Se o site acima estiver muito congestionado, tente num desses sites: Alternativa 1 Alternativa 2 ____________________________________________________ <<3>> Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado. Tutorial do Malwarebyte's Anti-Malwaer ____________________________________________________ <<4>> Poste um novo log do HijackThis. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 24, 2010 Olá! Por favor, siga as instruções abaixo, na ordem dada. ____________________________________________________ <<1>> Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) ____________________________________________________ <<2>> Acesse o site " Jotti's malware scan " Na caixa que fica em cima (File to upload & scan); Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001 C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1 [*]Clique no botão [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde. [*]Copie e cole o(s) resultado(s). Se o site acima estiver muito congestionado, tente num desses sites: Alternativa 1 Alternativa 2 ____________________________________________________ <<3>> Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado. Tutorial do Malwarebyte's Anti-Malwaer ____________________________________________________ <<4>> Poste um novo log do HijackThis. Abraços :D Virus Scan: Filename: clclean.0001 Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Wed 18 Aug 2010 04:13:36 (CET) Permalink O outro arquivo não existe mais no meu computador. --------------------------------------------------------------------------------------------------------- Log Malware Bites Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4469 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 24/5/2010 11:54:41 mbam-log-2010-05-24 (11-54-41).txt Tipo de Verificação: Verificação Completa (C:\|F:\|) Objetos escaneados: 519360 Tempo decorrido: 2 hora(s), 45 minuto(s), 30 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 22 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Arquivos de programas\WinRAR\patch.exe (Trojan.Patcher) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> No action taken. C:\Documents and Settings\Administrador\Desktop\corel\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.UsinaVirtual.com\keygen.exe (Trojan.Agent.CK) -> No action taken. C:\Documents and Settings\Administrador\Desktop\downloads\Portable Sony DVD Architect Studio_v5.0.0.128\Portable Sony DVD Architect Studio v5.0.0.128 by Birungueta\Portable Sony DVD Architect Studio v5.0.0.128.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrador\Meus documentos\access.exe (Trojan.Dropper) -> No action taken. ---------------------------------------------------------------------------------------------------------------- Novo Log HiJack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:37:33, on 24/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing) O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 13538 bytes _------------------------------------------------------------------------------------------------------ PS.: Suspeito que esse vírus que está atacando meus sites, está pegando o e-mail dos usuários que é do Hotmail e mandando vírus. Tem esse malware que está na quarentena da outra vez que fiz o scan: C:\Documents and Settings\ All Users\ Dados de aplicativos\dkwork.ini Fabricante: Malware.Trace Abraços Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 24, 2010 Olá! Por favor, siga as instruções abaixo, na ordem dada. ____________________________________________________ <<1>> Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) ____________________________________________________ <<2>> Acesse o site " Jotti's malware scan " Na caixa que fica em cima (File to upload & scan); Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001 C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1 [*]Clique no botão [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde. [*]Copie e cole o(s) resultado(s). Se o site acima estiver muito congestionado, tente num desses sites: Alternativa 1 Alternativa 2 ____________________________________________________ <<3>> Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado. Tutorial do Malwarebyte's Anti-Malwaer ____________________________________________________ <<4>> Poste um novo log do HijackThis. Abraços :D Virus Scan: Filename: clclean.0001 Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Wed 18 Aug 2010 04:13:36 (CET) Permalink O outro arquivo não existe mais no meu computador. --------------------------------------------------------------------------------------------------------- Log Malware Bites Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4469 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 24/5/2010 11:54:41 mbam-log-2010-05-24 (11-54-41).txt Tipo de Verificação: Verificação Completa (C:\|F:\|) Objetos escaneados: 519360 Tempo decorrido: 2 hora(s), 45 minuto(s), 30 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 22 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Arquivos de programas\WinRAR\patch.exe (Trojan.Patcher) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> No action taken. C:\Documents and Settings\Administrador\Desktop\corel\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.UsinaVirtual.com\keygen.exe (Trojan.Agent.CK) -> No action taken. C:\Documents and Settings\Administrador\Desktop\downloads\Portable Sony DVD Architect Studio_v5.0.0.128\Portable Sony DVD Architect Studio v5.0.0.128 by Birungueta\Portable Sony DVD Architect Studio v5.0.0.128.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Administrador\Meus documentos\access.exe (Trojan.Dropper) -> No action taken. ---------------------------------------------------------------------------------------------------------------- Novo Log HiJack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:37:33, on 24/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing) O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 13538 bytes _------------------------------------------------------------------------------------------------------ PS.: Suspeito que esse vírus que está atacando meus sites, está pegando o e-mail dos usuários que é do Hotmail e mandando vírus. Tem esse malware que está na quarentena da outra vez que fiz o scan: C:\Documents and Settings\ All Users\ Dados de aplicativos\dkwork.ini Fabricante: Malware.Trace Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 24, 2010 Olá! Observe: HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken. O Malwarebyte's somente detectou os malwares! Por favor, refaça o scan, seguindo aquele tutorial, e remova todos os malwares encontrados. -> Pode limpar (deletar) todos os malwares da quarentena também, ok? Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 25, 2010 Olá! Observe: HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken. O Malwarebyte's somente detectou os malwares! Por favor, refaça o scan, seguindo aquele tutorial, e remova todos os malwares encontrados. -> Pode limpar (deletar) todos os malwares da quarentena também, ok? Abraços :D Novo Log MalwareBytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4475 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 25/5/2010 10:16:13 mbam-log-2010-05-25 (10-16-13).txt Tipo de Verificação: Verificação Completa (C:\|F:\|) Objetos escaneados: 518899 Tempo decorrido: 1 hora(s), 37 minuto(s), 35 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 18 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> Quarantined and deleted successfully. Novo Log HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:17, on 25/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing) O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 13239 bytes ______________________________________________________________________________ Não liga para as datas, é que eu tenho que atrasar as datas para poder usar o CorelDraw. Abraços :) Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 25, 2010 Olá! Faça o Download do DDS e salve no Desktop (Área de trabalho). Temporariamente desative os seus programas de proteção. Duplo clique em dds.scr. Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde! Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt. Salve o resultado e cole-o no seu tópico. OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 26, 2010 Olá! Faça o Download do DDS e salve no Desktop (Área de trabalho). Temporariamente desative os seus programas de proteção. Duplo clique em dds.scr. Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde! Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt. Salve o resultado e cole-o no seu tópico. OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link. Abraços :D DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrador at 9:00:29,75 on qua 26/05/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.185 [GMT -3:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Arquivos de programas\borland\interbase\bin\ibguard.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\borland\interbase\bin\ibserver.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrador\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.uol.com.br/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\arquivos de programas\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: IEButton Class: {f81d52bf-f2f1-4f49-bf5f-05664e803039} - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe" uRun: [H/PC Connection Agent] "c:\arquivos de programas\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background mRun: [soundMan] SOUNDMAN.EXE mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe" mRun: [Nokia FastStart] "c:\arquivos de programas\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe mRun: [Document2PDF virtual printer agent] "c:\arquivos de programas\document2pdf sample\d2pdfagent.exe" mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: Save Flash - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll/210 IE: Save YouTube Video - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll/217 IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\arquivos de programas\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\wjav1kz9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\arquivos de programas\google\google gears\firefox\lib\ff35\gears.dll FF - plugin: c:\arquivos de programas\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll FF - plugin: c:\browserplusplugins\51d0adf9803be42006c60588a80885e0\npybrowserplus_2.4.17.dll FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-8-20 45472] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-2 312912] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 165456] R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [2010-5-16 3584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 17744] R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384] R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-8-20 55072] R2 IS360service;IS360service;c:\arquivos de programas\iobit\iobit security 360\is360srv.exe [2010-1-22 311568] R2 MailList Controller;MailList Controller;c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe [2009-11-11 1585152] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-12-30 135664] S2 s;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-8-20 55072] S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\arquivos de programas\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?] S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384] S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys [?] S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\nitropc\NitroPCService.exe [2009-5-29 847376] =============== Created Last 30 ================ 2010-08-09 12:30:25 0 d-----w- C:\hijack 2010-08-06 12:56:11 0 d-----w- c:\arquivos de programas\FastStone Image Viewer 2010-08-02 17:43:28 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-08-02 17:40:00 38848 ----a-w- c:\windows\avastSS.scr 2010-08-02 17:24:29 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software 2010-05-30 14:02:08 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-05-30 14:02:08 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-05-30 14:02:00 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-05-30 14:02:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-05-23 13:45:09 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Socusoft 2010-05-23 12:24:47 0 d-----w- c:\arquivos de programas\Ad-Remover 2010-05-23 12:05:49 0 d-----w- c:\arquivos de programas\Ipswitch 2010-05-22 11:18:51 0 d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-21 20:00:41 0 d-----w- c:\docume~1\admini~1\dadosd~1\LimeWire 2010-05-21 19:59:28 0 d-----w- c:\arquivos de programas\LimeWire 2010-05-21 19:47:53 0 d-----w- c:\arquivos de programas\WinPcap 2010-05-20 13:21:12 0 d-----w- c:\arquivos de programas\CoolSMS 2010-05-19 14:39:31 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-05-19 14:39:31 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-05-19 14:39:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-05-19 14:39:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-05-19 14:39:00 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-05-19 11:55:14 0 d-----w- c:\arquivos de programas\arquivos comuns\Apple 2010-05-17 17:47:13 1901 ----a-w- c:\windows\panose.bin 2010-05-16 12:32:15 0 d-----w- c:\docume~1\alluse~1\dadosd~1\IProt 2010-05-16 12:22:10 0 d-----w- c:\windows\iprot 2010-05-16 12:22:07 0 d-----w- c:\docume~1\admini~1\dadosd~1\Bidgood Svcs 2010-05-16 12:22:00 0 d-----w- c:\arquivos de programas\wpcvtr 2010-05-16 12:18:23 36864 ----a-w- c:\windows\system32\d2pdfpm.dll 2010-05-16 12:18:21 0 d-----w- c:\arquivos de programas\Document2PDF Sample 2010-05-16 12:18:11 0 d-----w- c:\docume~1\admini~1\dadosd~1\Two Pilots 2010-05-16 12:18:11 0 d-----w- c:\arquivos de programas\Two Pilots 2010-05-13 17:48:02 0 d-----w- c:\arquivos de programas\arquivos comuns\Vbox 2010-05-13 11:18:40 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe 2010-05-13 11:18:39 0 d-----w- c:\arquivos de programas\CyberLink DVD Solution 2010-05-12 17:41:31 0 d-----w- c:\arquivos de programas\Xenocode 2010-05-12 17:41:30 0 d-----w- c:\windows\XSxS 2010-05-12 14:31:10 0 d-----w- c:\arquivos de programas\Sony 2010-05-11 13:37:51 0 d-----w- c:\arquivos de programas\Ares 2010-05-11 13:05:22 459264 ----a-w- c:\windows\system32\HTML2PDF.dll 2010-05-10 11:30:57 0 d-----w- c:\arquivos de programas\arquivos comuns\HP 2010-05-10 11:27:24 2828 ------w- c:\windows\hphmdl15.dat 2010-05-10 11:27:24 148006 ----a-w- c:\windows\HPHins15.dat 2010-05-09 18:58:10 267864 ----a-r- c:\windows\system32\hpzids01.dll 2010-05-09 18:58:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll 2010-05-06 13:35:11 0 d-----w- c:\arquivos de programas\Nikon 2010-05-06 13:35:10 0 d-----w- c:\arquivos de programas\arquivos comuns\Nikon 2010-05-02 14:17:10 337 ----a-w- c:\docume~1\alluse~1\dadosd~1\.bat 2010-05-02 14:16:33 192 ----a-w- c:\docume~1\alluse~1\dadosd~1\UpApp32.dll 2010-04-29 13:58:12 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll ==================== Find3M ==================== 2010-05-26 13:48:08 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2010-05-26 13:12:07 49324 ----a-w- c:\windows\fonts\Murray Hill Bold Regular.ttf 2010-05-25 17:48:22 2568 --sha-w- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys 2010-05-17 13:45:55 482840 ----a-w- c:\windows\fonts\AdobeFnt.lst 2010-05-07 11:09:12 88166 ----a-w- c:\windows\system32\perfc016.dat 2010-05-07 11:09:12 489932 ----a-w- c:\windows\system32\perfh016.dat 2010-04-29 18:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-12 20:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-03-01 20:06:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2008-05-05 18:08:25 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll 2009-08-25 16:29:55 32768 --sha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009082520090826\index.dat ============= FINISH: 9:01:31,81 =============== ____________________________________________________________________________________________________ Attach UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/5/2008 14:38:21 System Uptime: 26/5/2010 08:10:23 (1 hours ago) Motherboard: | | K8M800-M2 Processor: AMD Sempron Processor 2600+ | Socket 940 | 1599/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 466 GiB total, 57,309 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 932 GiB total, 495,336 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia N95 8GB Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N95 8GB PNP Device ID: ROOT\WPD\0000 Service: WUDFRd ==== System Restore Points =================== RP559: 11/5/2010 16:52:42 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch RP560: 12/5/2010 08:20:44 - Software Distribution Service 3.0 RP561: 13/5/2010 08:21:29 - Removed Ask Toolbar. RP562: 13/5/2010 08:25:05 - Removed Watermark RP563: 14/5/2010 12:31:47 - Ponto de verificação do sistema RP564: 17/5/2010 08:55:04 - Ponto de verificação do sistema RP565: 18/5/2010 11:17:31 - Ponto de verificação do sistema RP566: 19/5/2010 12:18:22 - Ponto de verificação do sistema RP567: 20/5/2010 12:22:59 - Ponto de verificação do sistema RP568: 21/5/2010 08:45:15 - Removed Adobe Photoshop Lightroom 2.7. RP569: 24/5/2010 12:21:25 - Ponto de verificação do sistema RP570: 25/5/2010 12:22:12 - Ponto de verificação do sistema RP571: 26/5/2010 12:59:17 - Ponto de verificação do sistema RP572: 27/5/2010 13:25:12 - Ponto de verificação do sistema RP573: 28/5/2010 14:35:08 - Ponto de verificação do sistema RP574: 31/5/2010 12:53:39 - Ponto de verificação do sistema RP575: 2/2/2010 12:30:35 - Ponto de verificação do sistema RP576: 3/5/2010 12:19:36 - Ponto de verificação do sistema RP577: 4/6/2010 12:35:27 - Ponto de verificação do sistema RP578: 7/5/2010 12:36:34 - Ponto de verificação do sistema RP579: 8/5/2010 12:52:13 - Ponto de verificação do sistema RP580: 9/5/2010 16:28:01 - Ponto de verificação do sistema RP581: 10/5/2010 08:33:14 - Installed HPSU306Stub RP582: 10/5/2010 15:01:08 - Software Distribution Service 3.0 RP583: 11/5/2010 15:13:47 - Ponto de verificação do sistema RP584: 14/5/2010 11:11:45 - Ponto de verificação do sistema RP585: 15/5/2010 11:20:36 - Ponto de verificação do sistema RP586: 16/5/2010 09:18:07 - Installed Document2PDF Pilot 2.16.100 Trial RP587: 16/5/2010 09:18:36 - Driver de impressão Document2PDF instalado RP588: 17/5/2010 11:38:32 - Ponto de verificação do sistema RP589: 18/5/2010 12:12:55 - Ponto de verificação do sistema RP590: 21/5/2010 09:00:53 - Ponto de verificação do sistema RP591: 22/4/2010 12:12:46 - Ponto de verificação do sistema RP592: 28/5/2010 12:16:16 - Ponto de verificação do sistema RP593: 29/5/2010 13:17:07 - Ponto de verificação do sistema RP594: 30/5/2010 16:40:53 - Ponto de verificação do sistema RP595: 1/5/2010 12:21:32 - Ponto de verificação do sistema RP596: 29/5/2010 17:26:12 - Ponto de verificação do sistema RP597: 31/5/2010 09:03:09 - Ponto de verificação do sistema RP598: 5/4/2010 12:26:18 - Ponto de verificação do sistema RP599: 5/4/2010 14:01:02 - Installed Java 6 Update 20 RP600: 6/5/2010 12:14:15 - Ponto de verificação do sistema RP601: 7/5/2010 12:32:45 - Ponto de verificação do sistema RP602: 8/5/2010 12:56:18 - Ponto de verificação do sistema RP603: 12/5/2010 16:12:54 - Ponto de verificação do sistema RP604: 14/5/2010 10:30:31 - Ponto de verificação do sistema RP605: 15/5/2010 12:25:28 - Ponto de verificação do sistema RP606: 15/5/2010 15:01:32 - Software Distribution Service 3.0 RP607: 16/5/2010 17:38:34 - Ponto de verificação do sistema RP608: 19/5/2010 08:55:47 - Instalado QuickTime RP609: 19/5/2010 11:39:00 - Installed Windows XP Wdf01007. RP610: 19/5/2010 11:41:04 - Installed Windows XP Wudf01005. RP611: 19/5/2010 11:54:15 - Removed Nokia Connectivity Cable Driver RP612: 19/5/2010 11:56:14 - Removed Nokia Flashing Cable Driver RP613: 20/5/2010 12:22:49 - Ponto de verificação do sistema RP614: 21/5/2010 10:56:53 - Instalado Microsoft Visual C++ 2005 Redistributable RP615: 21/5/2010 11:00:56 - Removido Microsoft Visual C++ 2005 Redistributable RP616: 21/5/2010 11:01:49 - Instalado Microsoft Visual C++ 2005 Redistributable RP617: 22/5/2010 12:34:43 - Ponto de verificação do sistema RP618: 23/5/2010 12:59:09 - Ponto de verificação do sistema RP619: 26/5/2010 12:15:03 - Ponto de verificação do sistema RP620: 27/5/2010 12:40:32 - Ponto de verificação do sistema RP621: 28/5/2010 13:02:55 - Ponto de verificação do sistema RP622: 29/5/2010 13:59:01 - Ponto de verificação do sistema RP623: 30/4/2010 12:18:45 - Ponto de verificação do sistema RP624: 30/7/2010 15:16:36 - Ponto de verificação do sistema RP625: 2/5/2010 09:38:16 - Ponto de verificação do sistema RP626: 2/8/2010 14:27:07 - avast! Pro Antivirus Setup RP627: 2/8/2010 14:27:26 - avast! Pro Antivirus Setup RP628: 2/8/2010 14:38:43 - avast! Pro Antivirus Setup RP629: 3/8/2010 15:01:55 - Ponto de verificação do sistema RP630: 6/8/2010 10:35:41 - Ponto de verificação do sistema RP631: 9/8/2010 12:37:56 - Ponto de verificação do sistema RP632: 10/5/2010 12:18:16 - Ponto de verificação do sistema RP633: 11/5/2010 12:19:02 - Ponto de verificação do sistema RP634: 12/5/2010 11:31:07 - Installed Sony DVD Architect 3.0c RP635: 12/5/2010 15:12:08 - Software Distribution Service 3.0 RP636: 13/5/2010 15:37:07 - Ponto de verificação do sistema RP637: 15/5/2010 12:17:07 - Ponto de verificação do sistema RP638: 16/5/2010 13:11:38 - Ponto de verificação do sistema RP639: 17/5/2010 13:16:57 - Ponto de verificação do sistema RP640: 18/5/2010 13:30:57 - Ponto de verificação do sistema RP641: 20/5/2010 10:57:01 - Ponto de verificação do sistema RP642: 23/5/2010 09:05:23 - Installed WS_FTP RP643: 24/8/2010 16:27:21 - Ponto de verificação do sistema ==== Installed Programs ====================== #1 DVD Ripper 8.1.1 Ad-Remover By C_XX Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge 1.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Center 1.0 Adobe Help Viewer CS3 Adobe Illustrator CS2 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe PageMaker 7.0 Adobe PDF Library Files Adobe Photoshop CS2 Adobe Reader 8.1.4 - Português Adobe Setup Adobe SING CS3 Adobe Stock Photos 1.0 Adobe Stock Photos CS3 Adobe SVG Viewer 3.0 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ADPHONE3 Advanced SystemCare 3 AiO_Scan Apple Application Support Apple Software Update Ares 2.1.6 Arquivo do WinRAR Assistente de Conexão do Windows Live Atualização de Segurança para o Windows Media Player (KB952069) Atualização de Segurança para o Windows Media Player (KB973540) Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB961260) Atualização de Segurança para Windows Internet Explorer 7 (KB963027) Atualização de Segurança para Windows Internet Explorer 7 (KB969897) Atualização de Segurança para Windows Internet Explorer 7 (KB972260) Atualização de Segurança para Windows XP (KB923561) Atualização de Segurança para Windows XP (KB938464-v2) Atualização de Segurança para Windows XP (KB941569) Atualização de Segurança para Windows XP (KB946648) Atualização de Segurança para Windows XP (KB950760) Atualização de Segurança para Windows XP (KB950762) Atualização de Segurança para Windows XP (KB950974) Atualização de Segurança para Windows XP (KB951066) Atualização de Segurança para Windows XP (KB951376-v2) Atualização de Segurança para Windows XP (KB951698) Atualização de Segurança para Windows XP (KB951748) Atualização de Segurança para Windows XP (KB952004) Atualização de Segurança para Windows XP (KB952954) Atualização de Segurança para Windows XP (KB954600) Atualização de Segurança para Windows XP (KB955069) Atualização de Segurança para Windows XP (KB956572) Atualização de Segurança para Windows XP (KB956802) Atualização de Segurança para Windows XP (KB956803) Atualização de Segurança para Windows XP (KB956841) Atualização de Segurança para Windows XP (KB957097) Atualização de Segurança para Windows XP (KB958644) Atualização de Segurança para Windows XP (KB958687) Atualização de Segurança para Windows XP (KB958690) Atualização de Segurança para Windows XP (KB959426) Atualização de Segurança para Windows XP (KB960225) Atualização de Segurança para Windows XP (KB960715) Atualização de Segurança para Windows XP (KB960803) Atualização de Segurança para Windows XP (KB960859) Atualização de Segurança para Windows XP (KB961371) Atualização de Segurança para Windows XP (KB961373) Atualização de Segurança para Windows XP (KB961501) Atualização de Segurança para Windows XP (KB968537) Atualização de Segurança para Windows XP (KB969898) Atualização de Segurança para Windows XP (KB970238) Atualização de Segurança para Windows XP (KB971557) Atualização de Segurança para Windows XP (KB971633) Atualização de Segurança para Windows XP (KB971657) Atualização de Segurança para Windows XP (KB973346) Atualização de Segurança para Windows XP (KB973354) Atualização de Segurança para Windows XP (KB973507) Atualização de Segurança para Windows XP (KB973869) Atualização para Windows Internet Explorer 7 (KB947518) Atualização para Windows XP (KB955839) Atualização para Windows XP (KB967715) Atualização para Windows XP (KB968389) Atualização para Windows XP (KB973815) aTube Catcher aTube Catcher 1.0 Audacity 1.3.12 (Unicode) avast! Pro Antivirus BufferChm Caricature Studio Green 3.6 CCleaner (remove only) ConvertXtoDVD 4.0.9.322 CoolSMS 2.06 beta CorelDRAW Graphics Suite X4 CorelDRAW Graphics Suite X4 - Capture CorelDRAW Graphics Suite X4 - Content CorelDRAW Graphics Suite X4 - Draw CorelDRAW Graphics Suite X4 - Filters CorelDRAW Graphics Suite X4 - FontNav CorelDRAW Graphics SUite X4 - ICA CorelDRAW Graphics Suite X4 - IPM CorelDRAW Graphics Suite X4 - Lang EN CorelDRAW Graphics Suite X4 - PP CorelDRAW Graphics Suite X4 - VBA CorelDRAW® Graphics Suite X4 CorelDRAW® Graphics Suite X4 - Windows Shell Extension CustomerResearchQFolder CuteFTP 8 Professional DAEMON Tools Toolbar DeviceDiscovery DeviceManagementQFolder Dg Foto Art Gold Trial(Portuguese) dj_sf_software dj_sf_software_req DM3 Contas a Pagar & Receber for Windows DM3 Relatórios 6.2 Document2PDF Pilot 2.16.100 Trial Document2PDF Sample 1.0 DVD Cover Searcher DVD Shrink 3.2 DVD Solution EasyPHP 1.6 EAX Unified eMule eSupportQFolder Everest Ultimate Engineer Edition Extensis Mask Pro 3.0 FastDictionary 2007 FastStone Image Viewer 4.0 Ferramenta de Carregamento do Windows Live FileZilla Client 3.3.3 Flash Saving Plugin Flash Slideshow Maker Pro 5.00 FM Screen Capture Codec (Remove Only) FormatFactory 2.20 GameSpy Comrade Google Desktop Google Gears Google Toolbar for Internet Explorer Google Update Helper Guia do Dispositivo do MOTO Q gsm Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB954550-v5) Hotfix para Windows XP (KB943232-v2) Hotfix para Windows XP (KB952287) Hotfix para Windows XP (KB961118) HP Customer Participation Program 9.0 HP Deskjet Printer Driver Software 9.0 HP Image Zone 4.2 HP Imaging Device Functions 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP PSC & OfficeJet 4.2 HP Smart Web Printing HP Solution Center 9.0 HP Update HPProductAssistant HPSSupply IncrediMail Instalação das DLLs no Windows IObit Security 360 Ipswitch WS_FTP 12 Java Auto Updater Java 6 Update 20 Java 6 Update 6 K-Lite Mega Codec Pack 4.1.0 LimeWire 4.18.8 Macromedia Dreamweaver MX Macromedia Extension Manager Magic ISO Maker v5.4 (build 0256) MailList Controller 7.2 R3 Free Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.5.11) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) Multimedia Launcher NEF Codec Nero 7 Essentials neroxml NETEagle NitroPC NOD32 FiX v2.1 NOD32 sistema antivírus Nokia Connectivity Cable Driver Nokia Home Media Server Nokia Map Loader Nokia Music Nokia Ovi Application Installer Nokia Ovi Application Installer 6.85.3011 Nokia Ovi Content Copier Nokia Ovi Content Copier 6.85.3011 Nokia Ovi One Touch Access Nokia Ovi One Touch Access 6.85.3011 Nokia Ovi Suite Nokia Ovi System Utilities Nokia Ovi System Utilities 6.85.3013 Nokia Photos Nokia Software Updater NVIDIA PhysX v8.07.11 Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) PanoStandAlone PC Connectivity Solution PDF Settings Photo Story Platinum 3.5.0.12 Photodex Presenter PIXresizer 2.0.4 ProShow Gold PSSWCORE QFolder QuickTime Realtek AC'97 Audio ReaWatermark 2.1 RegCure 1.5.1.3 Revo Uninstaller 1.83 Scan Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Segoe UI Shine Video To Audio Converter 3.00 Significado do seu nome SmartFTP Client SmartFTP Client 3.0 Setup Files (remove only) SolutionCenter Sony DVD Architect 3.0c Sothink SWF Decompiler Spybot - Search & Destroy Status STOPzilla SUPER © Version 2009.bld.35 (Jan 5, 2009) SWF Opener The Sims 2 Toolbox TrayApp TwonkyMedia UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (kb2279264) você 9.0 Runtime VideoToolkit01 Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English Warmonger WebFldrs XP WebReg WinAVI Video Converter Windows Imaging Component Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows XP Service Pack 3 WinPcap 4.1.1 Wondershare DVD Slideshow Builder(Build 5.0.1.23) WordPefect Document Converter 5 Yahoo! BrowserPlus 2.9.8 ==== End Of File =========================== Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 26, 2010 Olá! Por favor, siga o tutorial no link abaixo: #### Como usar o ComboFix #### Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta. Siga o tutorial e execute o ComboFix. Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta. NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador. Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações. De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N". Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão. Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 27, 2010 Olá! Por favor, siga o tutorial no link abaixo: #### Como usar o ComboFix #### Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta. Siga o tutorial e execute o ComboFix. Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta. NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador. Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações. De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N". Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão. Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão. Abraços :D Log ComboFix ComboFix 10-08-26.04 - Administrador 27/05/2010 14:12:34.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.104 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - drivers: deleted 204 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . c:\documents and settings\Administrador\Dados de aplicativos\inst.exe c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll c:\windows\My.ini c:\windows\system32\AutoRun.inf c:\windows\system32\AVSredirect.dll c:\windows\system32\vbzlib1.dll F:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPI32 -------\Legacy_ATI64SI -------\Legacy_I386SI -------\Legacy_NETSIK -------\Legacy_NICSK32 -------\Legacy_PORT135SIK -------\Legacy_SECURENTM -------\Legacy_SYSTEMNTMI -------\Legacy_WS2_32SIK -------\Legacy_NPF -------\Service_npf (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))) . 2010-08-09 12:30 . 2010-05-25 13:25 -------- d-----w- C:\hijack 2010-08-06 12:56 . 2010-08-06 12:56 -------- d-----w- c:\arquivos de programas\FastStone Image Viewer 2010-08-04 11:54 . 2010-08-04 11:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla 2010-08-04 11:53 . 2010-08-04 11:54 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2010-08-02 17:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-08-02 17:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-02 17:43 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-08-02 17:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-08-02 17:40 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-08-02 17:39 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-08-02 17:24 . 2010-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-05-30 14:02 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-05-30 14:02 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-05-30 14:02 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-05-30 14:02 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-05-27 11:34 . 2010-05-27 11:34 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-23 13:45 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft 2010-05-23 12:24 . 2010-05-23 12:35 -------- d-----w- c:\arquivos de programas\Ad-Remover 2010-05-23 12:06 . 2010-05-23 12:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\arquivos de programas\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield 2010-05-22 11:19 . 2010-05-22 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Audacity 2010-05-22 11:18 . 2010-05-22 11:19 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-21 20:00 . 2010-05-11 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire 2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\arquivos de programas\LimeWire 2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\arquivos de programas\WinPcap 2010-05-21 13:51 . 2010-05-12 17:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony 2010-05-20 13:21 . 2010-05-20 13:21 -------- d-----w- c:\arquivos de programas\CoolSMS 2010-05-19 14:39 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-05-19 14:39 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-05-19 14:39 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-05-19 11:59 . 2010-05-19 11:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\arquivos de programas\Apple Software Update 2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2010-05-17 17:47 . 2010-05-21 11:46 1901 ----a-w- c:\windows\panose.bin 2010-05-16 12:32 . 2010-05-16 12:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IProt 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\windows\iprot 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Bidgood Svcs 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\arquivos de programas\wpcvtr 2010-05-16 12:18 . 2010-01-28 12:42 36864 ----a-w- c:\windows\system32\d2pdfpm.dll 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Document2PDF Sample 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Two Pilots 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Two Pilots 2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Vbox 2010-05-13 11:18 . 2004-10-01 18:00 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe 2010-05-13 11:18 . 2010-05-13 11:18 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution 2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\arquivos de programas\Xenocode 2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\windows\XSxS 2010-05-12 14:31 . 2010-05-12 14:31 -------- d-----w- c:\arquivos de programas\Sony 2010-05-11 13:37 . 2010-05-11 13:38 -------- d-----w- c:\arquivos de programas\Ares 2010-05-11 13:05 . 2010-05-11 13:05 459264 ----a-w- c:\windows\system32\HTML2PDF.dll 2010-05-10 12:55 . 2010-05-06 14:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData 2010-05-10 12:21 . 2010-05-19 11:57 -------- d-----w- c:\arquivos de programas\QuickTime 2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\HPAppData 2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY 2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2010-05-10 11:32 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP 2010-05-10 11:30 . 2010-05-10 11:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP 2010-05-10 11:27 . 2010-05-10 11:35 148006 ----a-w- c:\windows\HPHins15.dat 2010-05-10 11:27 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat 2010-05-09 18:58 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll 2010-05-09 18:58 . 2007-03-28 16:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-05-09 18:58 . 2007-03-28 17:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll 2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Nikon 2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nikon 2010-05-02 17:04 . 2010-05-02 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP 2010-04-29 13:58 . 2010-04-29 13:58 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 20:02 . 2009-07-24 14:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-08-05 19:56 . 2010-01-22 12:17 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-08-02 17:38 . 2009-11-12 10:56 -------- d-----w- c:\arquivos de programas\Alwil Software 2010-06-28 20:33 . 2009-11-12 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2009-11-12 10:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2009-11-12 10:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2009-11-12 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-28 18:27 . 2009-07-24 14:44 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy 2010-05-26 17:59 . 2008-12-05 18:44 2568 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-05-26 13:48 . 2009-08-20 13:48 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2010-05-23 14:16 . 2009-06-19 11:36 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-05-23 13:45 . 2009-12-23 18:29 -------- d-----w- c:\arquivos de programas\Flash Slideshow Maker Professional 2010-05-23 12:05 . 2008-05-05 19:46 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-05-21 19:47 . 2009-08-18 12:20 -------- d-----w- c:\arquivos de programas\DsNET Corp 2010-05-19 14:56 . 2010-02-10 11:20 -------- d-----w- c:\arquivos de programas\Nokia 2010-05-19 14:43 . 2010-02-10 11:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries 2010-05-19 14:39 . 2010-02-10 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite 2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-05-16 12:29 . 2009-07-01 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2010-05-16 12:28 . 2009-08-20 13:47 -------- d-----w- c:\arquivos de programas\GbPlugin 2010-05-13 19:07 . 2008-06-26 18:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2010-05-13 17:47 . 2008-05-05 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-05-12 18:39 . 2008-05-05 18:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2010-05-12 14:30 . 2009-08-28 17:54 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-05-10 11:34 . 2009-07-14 12:55 -------- d-----w- c:\arquivos de programas\HP 2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ADPHONE 2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\arquivos de programas\ADPHONE3 2010-05-07 11:09 . 2001-10-28 12:07 88166 ----a-w- c:\windows\system32\perfc016.dat 2010-05-07 11:09 . 2001-10-28 12:07 489932 ----a-w- c:\windows\system32\perfh016.dat 2010-05-06 12:03 . 2008-10-17 20:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead 2010-05-02 14:17 . 2010-05-02 14:17 337 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\.bat 2010-04-29 18:39 . 2010-01-22 12:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2010-01-22 12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-12 20:29 . 2010-04-05 17:01 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-05 17:02 . 2008-06-25 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-04-05 17:01 . 2008-06-25 17:20 -------- d-----w- c:\arquivos de programas\Java 2010-03-01 20:06 . 2009-09-04 12:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2006-05-03 10:06 . 2009-12-23 10:49 163328 --sh--r- c:\windows\system32\flvDX.dll 2008-05-05 18:08 . 2008-05-05 18:02 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-02-21 11:47 . 2009-12-23 10:49 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-12-23 10:49 216064 --sh--r- c:\windows\system32\nbDX.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-06-28 20:59 153184 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-23 90112] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Nokia FastStart"="c:\arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Document2PDF virtual printer agent"="c:\arquivos de programas\Document2PDF Sample\d2pdfagent.exe" [2010-01-28 94208] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"= "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"= "c:\\Arquivos de programas\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"= "c:\\Arquivos de programas\\EasyPHP\\apache\\Apache.exe"= "c:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"= "c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/8/2009 10:48 45472] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/5/2009 14:13 61328] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/8/2010 14:43 312912] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 14:43 165456] R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22 3584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 14:43 17744] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072] R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [22/1/2010 08:45 311568] R2 MailList Controller;MailList Controller;c:\arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52 1585152] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47 135664] S2 s;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072] S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?] S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?] S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 15:05 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47] 2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save Flash - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 IE: Save YouTube Video - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-27 14:28 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69, 68,6e,67,6a,00,00 "haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69, 68,6e,67,6a,00,00 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(680) c:\arquivos de programas\GbPlugin\gbieh.dll - - - - - - - > 'explorer.exe'(980) c:\windows\system32\WININET.dll c:\windows\system32\MSCTF.dll c:\arquivos de programas\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll c:\arquivos de programas\FreeTime\FormatFactory\FFModules\Filters\Haali\mkunicode.dll c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll c:\arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\arquivos de programas\GbPlugin\gbieh.dll . Tempo para conclusão: 2010-05-27 14:36:47 ComboFix-quarantined-files.txt 2010-05-27 17:36 Pré-execução: 31 pasta(s) 59.004.096.512 bytes disponíveis Pós execução: 32 pasta(s) 58.964.381.696 bytes disponíveis - - End Of File - - 37461D53DF1BA402FA3728268E131AC6 Cara voltarei a responder na segunda, porque esse computador que está com problemas é o da empresa onde trabalho e faço a administração dos sites, ok? abraços Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Agosto 27, 2010 Olá! Ok! ~> Por favor, execute então novamente o ComboFix. Como o computador é da empresa, creio que os outros computadores (se existirem) estarão infectados. Se esse for o caso (se existirem outros computadores), creio que será melhor contratar um serviço para realizar a remoção, visto que demorará muito para remover todos os malwares na rede. ~> Sugiro então, que remova esse computador da rede (que não compartilhe mais pasta alguma com outros pc's, pode estar conectado com internet, mas isolado) para evitarmos uma nova remoção. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
wrongdoer 0 Denunciar post Postado Agosto 31, 2010 Olá! Ok! ~> Por favor, execute então novamente o ComboFix. Como o computador é da empresa, creio que os outros computadores (se existirem) estarão infectados. Se esse for o caso (se existirem outros computadores), creio que será melhor contratar um serviço para realizar a remoção, visto que demorará muito para remover todos os malwares na rede. ~> Sugiro então, que remova esse computador da rede (que não compartilhe mais pasta alguma com outros pc's, pode estar conectado com internet, mas isolado) para evitarmos uma nova remoção. Abraços :D Novo Log ComboFix ComboFix 10-08-30.02 - Administrador 31/05/2010 8:22.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.255 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - drivers: deleted 204 bytes in 1 streams. (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))) . 2010-08-09 12:30 . 2010-05-25 13:25 -------- d-----w- C:\hijack 2010-08-06 12:56 . 2010-08-06 12:56 -------- d-----w- c:\arquivos de programas\FastStone Image Viewer 2010-08-04 11:54 . 2010-08-04 11:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla 2010-08-04 11:53 . 2010-08-04 11:54 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2010-08-02 17:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-08-02 17:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-02 17:43 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-08-02 17:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-08-02 17:40 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-08-02 17:39 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-08-02 17:24 . 2010-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-05-31 11:21 . 2010-05-31 11:21 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS 2010-05-30 14:02 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-05-30 14:02 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-05-30 14:02 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-05-30 14:02 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-05-27 11:34 . 2010-05-27 11:34 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-23 13:45 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft 2010-05-23 12:24 . 2010-05-23 12:35 -------- d-----w- c:\arquivos de programas\Ad-Remover 2010-05-23 12:06 . 2010-05-23 12:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\arquivos de programas\Ipswitch 2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield 2010-05-22 11:19 . 2010-05-22 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Audacity 2010-05-22 11:18 . 2010-05-22 11:19 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-21 20:00 . 2010-05-11 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire 2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\arquivos de programas\LimeWire 2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\arquivos de programas\WinPcap 2010-05-21 13:51 . 2010-05-12 17:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony 2010-05-20 13:21 . 2010-05-20 13:21 -------- d-----w- c:\arquivos de programas\CoolSMS 2010-05-19 14:39 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-05-19 14:39 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-05-19 14:39 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-05-19 11:59 . 2010-05-19 11:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\arquivos de programas\Apple Software Update 2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2010-05-17 17:47 . 2010-05-21 11:46 1901 ----a-w- c:\windows\panose.bin 2010-05-16 12:32 . 2010-05-16 12:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IProt 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\windows\iprot 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Bidgood Svcs 2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\arquivos de programas\wpcvtr 2010-05-16 12:18 . 2010-01-28 12:42 36864 ----a-w- c:\windows\system32\d2pdfpm.dll 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Document2PDF Sample 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Two Pilots 2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Two Pilots 2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Vbox 2010-05-13 11:18 . 2004-10-01 18:00 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe 2010-05-13 11:18 . 2010-05-13 11:18 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution 2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\arquivos de programas\Xenocode 2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\windows\XSxS 2010-05-12 14:31 . 2010-05-12 14:31 -------- d-----w- c:\arquivos de programas\Sony 2010-05-11 13:37 . 2010-05-11 13:38 -------- d-----w- c:\arquivos de programas\Ares 2010-05-11 13:05 . 2010-05-11 13:05 459264 ----a-w- c:\windows\system32\HTML2PDF.dll 2010-05-10 12:55 . 2010-05-06 14:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData 2010-05-10 12:21 . 2010-05-19 11:57 -------- d-----w- c:\arquivos de programas\QuickTime 2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\HPAppData 2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY 2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2010-05-10 11:32 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP 2010-05-10 11:30 . 2010-05-10 11:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP 2010-05-10 11:27 . 2010-05-10 11:35 148006 ----a-w- c:\windows\HPHins15.dat 2010-05-10 11:27 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat 2010-05-09 18:58 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll 2010-05-09 18:58 . 2007-03-28 16:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-05-09 18:58 . 2007-03-28 17:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll 2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Nikon 2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nikon 2010-05-02 17:04 . 2010-05-02 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 20:02 . 2009-07-24 14:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-08-05 19:56 . 2010-01-22 12:17 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-08-02 17:38 . 2009-11-12 10:56 -------- d-----w- c:\arquivos de programas\Alwil Software 2010-06-28 20:33 . 2009-11-12 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2009-11-12 10:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2009-11-12 10:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2009-11-12 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-28 18:27 . 2009-07-24 14:44 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy 2010-05-26 17:59 . 2008-12-05 18:44 2568 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-05-26 13:48 . 2009-08-20 13:48 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2010-05-23 14:16 . 2009-06-19 11:36 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-05-23 13:45 . 2009-12-23 18:29 -------- d-----w- c:\arquivos de programas\Flash Slideshow Maker Professional 2010-05-23 12:05 . 2008-05-05 19:46 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-05-21 19:47 . 2009-08-18 12:20 -------- d-----w- c:\arquivos de programas\DsNET Corp 2010-05-19 14:56 . 2010-02-10 11:20 -------- d-----w- c:\arquivos de programas\Nokia 2010-05-19 14:43 . 2010-02-10 11:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries 2010-05-19 14:39 . 2010-02-10 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite 2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-05-16 12:29 . 2009-07-01 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2010-05-16 12:28 . 2009-08-20 13:47 -------- d-----w- c:\arquivos de programas\GbPlugin 2010-05-13 19:07 . 2008-06-26 18:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2010-05-13 17:47 . 2008-05-05 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-05-12 18:39 . 2008-05-05 18:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2010-05-12 14:30 . 2009-08-28 17:54 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-05-10 11:34 . 2009-07-14 12:55 -------- d-----w- c:\arquivos de programas\HP 2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ADPHONE 2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\arquivos de programas\ADPHONE3 2010-05-07 11:09 . 2001-10-28 12:07 88166 ----a-w- c:\windows\system32\perfc016.dat 2010-05-07 11:09 . 2001-10-28 12:07 489932 ----a-w- c:\windows\system32\perfh016.dat 2010-05-06 12:03 . 2008-10-17 20:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead 2010-05-02 14:17 . 2010-05-02 14:17 337 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\.bat 2010-04-29 18:39 . 2010-01-22 12:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2010-01-22 12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 13:58 . 2010-04-29 13:58 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll 2010-04-12 20:29 . 2010-04-05 17:01 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-05 17:02 . 2008-06-25 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-04-05 17:01 . 2008-06-25 17:20 -------- d-----w- c:\arquivos de programas\Java 2006-05-03 10:06 . 2009-12-23 10:49 163328 --sh--r- c:\windows\system32\flvDX.dll 2008-05-05 18:08 . 2008-05-05 18:02 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-02-21 11:47 . 2009-12-23 10:49 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-12-23 10:49 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-27_17.28.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-31 11:12 . 2010-05-31 11:12 16384 c:\windows\Temp\Perflib_Perfdata_a14.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-06-28 20:59 153184 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-23 90112] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Nokia FastStart"="c:\arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Document2PDF virtual printer agent"="c:\arquivos de programas\Document2PDF Sample\d2pdfagent.exe" [2010-01-28 94208] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"= "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"= "c:\\Arquivos de programas\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"= "c:\\Arquivos de programas\\EasyPHP\\apache\\Apache.exe"= "c:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"= "c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/8/2009 10:48 45472] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/5/2009 14:13 61328] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/8/2010 14:43 312912] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 14:43 165456] R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22 3584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 14:43 17744] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072] R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [22/1/2010 08:45 311568] R2 MailList Controller;MailList Controller;c:\arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52 1585152] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47 135664] S2 s;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072] S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?] S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?] S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 15:05 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47] 2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save Flash - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 IE: Save YouTube Video - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217 IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-31 08:38 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69, 68,6e,67,6a,00,00 "haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69, 68,6e,67,6a,00,00 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(688) c:\arquivos de programas\GbPlugin\gbieh.dll - - - - - - - > 'explorer.exe'(3960) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\arquivos de programas\GbPlugin\gbieh.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2010-05-31 08:46:59 ComboFix-quarantined-files.txt 2010-05-31 11:46 ComboFix2.txt 2010-05-27 17:36 Pré-execução: 31 pasta(s) 57.774.710.784 bytes disponíveis Pós execução: 32 pasta(s) 57.776.582.656 bytes disponíveis - - End Of File - - 7ABE7A804F6CC6EF84434963D34ABF61 Compartilhar este post Link para o post Compartilhar em outros sites