Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
docampos

Drivercleaner 2006 e cia!

Recommended Posts

Olá pessoal!

como muitos já postaram por aqui, estou com uma máquina com esse maldito que não sai usando spybot, ad-adware e afins nem indo pelo modo de segurança!

estou enviando o log para análise!

desde já agradeço pela ajuda!

Logfile of HijackThis v1.99.1

Scan saved at 13:23:19, on 12/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Application Data\tmp3.tmp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {4da1188a-28c9-4258-b303-91639da0c9d2} - C:\WINDOWS\system32\ws2bjs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\DOCUME~1\Elza\CONFIG~1\Temp\tmp4.tmp.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Startup: Reboot.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Office XP\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: Domain = localnet

O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: NameServer = 192.168.0.1,200.176.2.75

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\vtstrro.dll

O20 - Winlogon Notify: ws2bjs - C:\WINDOWS\SYSTEM32\ws2bjs.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\Application Data\tmp3.tmp.exe

O23 - Service: Gbp Service (GbpSv) - Banco Unibanco - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

docampos,

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

:: Desabilite/Feche o seu antivirus antes de fazer os procedimentos abaixos ::

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Log reservado: C:\ComboFix.txt

@- Copie os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá Mr. Coruj@!

    obrigado pela ajuda!

    ai vão os logs!

    Log do Hijack atualizado

    Logfile of HijackThis v1.99.1

    Scan saved at 15:33:06, on 12/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll

    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

    O4 - HKLM\..\Run: [systemTray] SysTray.Exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

    O4 - Startup: Reboot.exe

    O4 - Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Office XP\Office10\OSA.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: Domain = localnet

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: NameServer = 192.168.0.1,200.176.2.75

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: Gbp Service (GbpSv) - Banco Unibanco - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

    Log do Combofix

    ComboFix 07-08-09.3 - "Elza" 2007-08-12 15:19:36.1 -

    FAT32x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.7 [GMT

    -3:00]

    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions

    )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\144.exe

    C:\WINDOWS\APPLIC~1\tmp2.tmp.exe

    C:\WINDOWS\APPLIC~1\tmp3.tmp.exe

    C:\WINDOWS\APPLIC~1\tmp4.tmp.exe

    C:\WINDOWS\fccaww.dll

    C:\WINDOWS\start.exe

    C:\WINDOWS\system32\dn1f271703.dat

    C:\WINDOWS\system32\tmp4.tmp.dll

    C:\WINDOWS\system32\vtstrro.dll

    C:\WINDOWS\system32\ws2bjs.dll

    C:\WINDOWS\WebAssist.dll

    C:\WINDOWS\wwaccf.ini

    C:\WINDOWS\xhelper.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services

    )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE

    -------\DomainService

    ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12

    )))))))))))))))))))))))))))))))

    2007-08-12 15:17 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-12 13:21 92,672 --a------ C:\KillBox.exe

    2007-08-12 13:21 218,112 --a------ C:\HijackThis.exe

    2007-08-11 23:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot -

    Search & Destroy

    2007-08-11 22:59 <DIR> d--hs---- C:\FOUND.006

    2007-08-11 18:17 55,330 --a------ C:\tmp2.tmp.exe

    2007-08-06 13:59 25,152 --a------ C:\WINDOWS\SYSTEM32\5vTgy05B.exe

    2007-08-01 13:54 24,128 --a------ C:\WINDOWS\SYSTEM32\5RdAa2td.exe

    2007-07-31 08:09 419,328 --a------ C:\WINDOWS\SYSTEM32\AClient.dll

    2007-07-31 08:08 416,768 --a------ C:\WINDOWS\Installer.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report

    ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-18 17:16 19608 --a------

    C:\WINDOWS\APPLIC~1\GDIPFONTCACHEV1.DAT

    2005-11-07 16:27 266 ---hs---- C:\Arquivos de programas\desktop.ini

    2005-11-07 16:27 11280 ---h----- C:\Arquivos de programas\folder.htt

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points

    ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper

    Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]

    2007-08-11 18:17 419328 --a------ C:\WINDOWS\system32\AClient.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SystemTray"="SysTray.Exe" [2001-10-28 09:07

    C:\WINDOWS\SYSTEM32\systray.exe]

    "SoundMan"="SOUNDMAN.EXE" [2003-11-13 18:23 C:\WINDOWS\soundman.exe]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 18:09]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe"

    [2007-02-16 10:54]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "STYLEXP"="C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe"

    [2006-04-04 14:01]

    C:\WINDOWS\Menu Iniciar\Programas\Iniciar\

    Reboot.exe [2004-10-01 14:01:50]

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos

    comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-28 23:23:55]

    C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\

    Microsoft Office.lnk - C:\Arquivos de programas\Office

    XP\Office10\OSA.EXE [2001-02-13 10:01:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de

    programas\Scpad\scpLIB.dll [2007-06-06 10:40 128512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program

    Files\CONFLICT.1\gbiehuni.dll [2007-01-12 09:58 222376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de

    programas\Scpad\scpLIB.dll [2007-06-06 10:40 128512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "SoundMan"=SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    "CARPService"=carpserv.exe

    "LoadQM"=loadqm.exe

    "AVG7_CC"=C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

    "AVG7_EMC"=C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

    "AVG7_AMSVR"=C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

    "QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

    R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys

    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT

    Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

    S3

    872472ee-358e-4f44-9144-862b1ca225f4;872472ee-358e-4f44-9144-862b1ca225f4;\??\D:\Player\cds300.dll

    S3 QV2KUX;Casio Digital Camera;C:\WINDOWS\system32\DRIVERS\qv2kux.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed

    components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

    "C:\ARQUIV~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

    "C:\ARQUIV~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed

    components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

    "C:\ARQUIV~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user

    /install

    "C:\ARQUIV~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed

    components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

    C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    Contents of the 'Scheduled Tasks' folder

    2007-08-05 02:00:02 C:\WINDOWS\Tasks\Aplicativo de ajuste.job

    2007-08-12 03:00:02 C:\WINDOWS\Tasks\At1.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-11 04:00:02 C:\WINDOWS\Tasks\At2.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-12 05:00:02 C:\WINDOWS\Tasks\At3.job

    2007-08-11 06:00:06 C:\WINDOWS\Tasks\At4.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-05 07:00:02 C:\WINDOWS\Tasks\At5.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-12 08:00:08 C:\WINDOWS\Tasks\At6.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-07-25 17:19:54 C:\WINDOWS\Tasks\At7.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-07-25 17:19:54 C:\WINDOWS\Tasks\At8.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-08 11:00:04 C:\WINDOWS\Tasks\At9.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-08 12:00:02 C:\WINDOWS\Tasks\At10.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-08 13:00:02 C:\WINDOWS\Tasks\At11.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-08 14:00:02 C:\WINDOWS\Tasks\At12.job

    2007-08-08 15:00:02 C:\WINDOWS\Tasks\At13.job

    2007-08-12 16:00:02 C:\WINDOWS\Tasks\At14.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-12 17:00:02 C:\WINDOWS\Tasks\At15.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-12 18:00:02 C:\WINDOWS\Tasks\At16.job -

    C:\WINDOWS\system32\X6bh30gU.exe

    2007-08-10 19:00:02 C:\WINDOWS\Tasks\At17.job

    2007-08-10 20:00:02 C:\WINDOWS\Tasks\At18.job

    2007-08-09 21:00:02 C:\WINDOWS\Tasks\At19.job

    2007-08-11 22:00:02 C:\WINDOWS\Tasks\At20.job

    2007-08-11 23:00:08 C:\WINDOWS\Tasks\At21.job

    2007-08-12 00:00:02 C:\WINDOWS\Tasks\At22.job

    2007-08-12 01:00:02 C:\WINDOWS\Tasks\At23.job

    2007-08-11 02:00:04 C:\WINDOWS\Tasks\At24.job

    2007-08-12 03:01:22 C:\WINDOWS\Tasks\At25.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-11 04:00:32 C:\WINDOWS\Tasks\At26.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 05:01:26 C:\WINDOWS\Tasks\At27.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-11 06:00:40 C:\WINDOWS\Tasks\At28.job

    2007-08-05 07:00:34 C:\WINDOWS\Tasks\At29.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 08:01:56 C:\WINDOWS\Tasks\At30.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-01 16:54:54 C:\WINDOWS\Tasks\At31.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-01 16:54:54 C:\WINDOWS\Tasks\At32.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-08 11:02:06 C:\WINDOWS\Tasks\At33.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-08 12:00:34 C:\WINDOWS\Tasks\At34.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-08 13:00:32 C:\WINDOWS\Tasks\At35.job

    2007-08-08 14:00:34 C:\WINDOWS\Tasks\At36.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-08 15:00:32 C:\WINDOWS\Tasks\At37.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 16:01:16 C:\WINDOWS\Tasks\At38.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 17:01:12 C:\WINDOWS\Tasks\At39.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 18:00:34 C:\WINDOWS\Tasks\At40.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-10 19:00:32 C:\WINDOWS\Tasks\At41.job

    2007-08-10 20:00:34 C:\WINDOWS\Tasks\At42.job

    2007-08-09 21:00:32 C:\WINDOWS\Tasks\At43.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-11 22:00:34 C:\WINDOWS\Tasks\At44.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-11 23:00:44 C:\WINDOWS\Tasks\At45.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 00:00:40 C:\WINDOWS\Tasks\At46.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-12 01:00:38 C:\WINDOWS\Tasks\At47.job -

    C:\WINDOWS\system32\5RdAa2td.exe

    2007-08-11 02:00:36 C:\WINDOWS\Tasks\At48.job

    2007-08-12 03:01:06 C:\WINDOWS\Tasks\At49.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-11 04:01:02 C:\WINDOWS\Tasks\At50.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 05:01:06 C:\WINDOWS\Tasks\At51.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-11 06:01:08 C:\WINDOWS\Tasks\At52.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-06 16:59:38 C:\WINDOWS\Tasks\At53.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 08:01:16 C:\WINDOWS\Tasks\At54.job

    2007-08-06 16:59:38 C:\WINDOWS\Tasks\At55.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-06 16:59:38 C:\WINDOWS\Tasks\At56.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-08 11:01:34 C:\WINDOWS\Tasks\At57.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-08 12:01:46 C:\WINDOWS\Tasks\At58.job

    2007-08-08 13:01:02 C:\WINDOWS\Tasks\At59.job

    2007-08-08 14:01:04 C:\WINDOWS\Tasks\At60.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-08 15:01:02 C:\WINDOWS\Tasks\At61.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 16:01:04 C:\WINDOWS\Tasks\At62.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 17:01:02 C:\WINDOWS\Tasks\At63.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 18:01:04 C:\WINDOWS\Tasks\At64.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-10 19:01:02 C:\WINDOWS\Tasks\At65.job

    2007-08-10 20:01:04 C:\WINDOWS\Tasks\At66.job

    2007-08-09 21:01:02 C:\WINDOWS\Tasks\At67.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-11 22:01:50 C:\WINDOWS\Tasks\At68.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-11 23:01:14 C:\WINDOWS\Tasks\At69.job

    2007-08-12 00:01:10 C:\WINDOWS\Tasks\At70.job -

    C:\WINDOWS\system32\5vTgy05B.exe

    2007-08-12 01:01:08 C:\WINDOWS\Tasks\At71.job

    2007-08-11 02:01:06 C:\WINDOWS\Tasks\At72.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by

    Gmer, http://www.gmer.net

    Rootkit scan 2007-08-12 15:26:36

    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-12 15:29:49 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-12 15:29

    --- E O F ---e Log do Combofix Quarentine


    1999-05-05 22:22 28672 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\start.exe.vir
    2007-07-25 14:30 126976 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\xhelper.dll.vir
    2007-07-28 02:55 0 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\144.exe.vir
    2007-07-30 22:46 84992 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\WebAssist.dll.vir
    2007-08-06 23:57 13380 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vtstrro.dll.vir
    2007-08-06 23:58 92730 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ws2bjs.dll.vir
    2007-08-07 08:14 63532 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tmp4.tmp.dll.vir
    2007-08-12 05:08 124767 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\APPLIC~1\tmp2.tmp.exe.vir
    2007-08-12 05:08 131487 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\fccaww.dll.vir
    2007-08-12 05:08 55330 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\APPLIC~1\tmp3.tmp.exe.vir
    2007-08-12 05:08 79581 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\APPLIC~1\tmp4.tmp.exe.vir
    2007-08-12 05:09 2267978 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\wwaccf.ini.vir
    2007-08-12 15:22 1098 --a------
    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    2007-08-12 15:22 3062 --a------
    C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    2007-08-12 15:23 317221 --a------
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dn1f271703.dat.vir


    Lista de caminhos de pastas para o volume ELZA
    O n£mero de s‚rie do volume ‚ 1F27-1703
    C:\QOOBOX
    \---Quarantine
    +---Registry_backups
    | LEGACY_DOMAINSERVICE.reg.cf
    | services_DomainService.reg.cf
    |
    \---C
    \---WINDOWS
    | 144.exe.vir
    | fccaww.dll.vir
    | wwaccf.ini.vir
    | start.exe.vir
    | xhelper.dll.vir
    | WebAssist.dll.vir
    |
    +---APPLIC~1
    | tmp2.tmp.exe.vir
    | tmp4.tmp.exe.vir
    | tmp3.tmp.exe.vir
    |
    \---SYSTEM32
    tmp4.tmp.dll.vir
    dn1f271703.dat.vir
    vtstrro.dll.vir
    ws2bjs.dll.vir

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    docampos,

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Faça a descompactação e execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\Tasks\At1.job
      C:\WINDOWS\Tasks\At10.job
      C:\WINDOWS\Tasks\At11.job
      C:\WINDOWS\Tasks\At12.job
      C:\WINDOWS\Tasks\At13.job
      C:\WINDOWS\Tasks\At14.job
      C:\WINDOWS\Tasks\At15.job
      C:\WINDOWS\Tasks\At16.job
      C:\WINDOWS\Tasks\At17.job
      C:\WINDOWS\Tasks\At18.job
      C:\WINDOWS\Tasks\At19.job
      C:\WINDOWS\Tasks\At2.job
      C:\WINDOWS\Tasks\At20.job
      C:\WINDOWS\Tasks\At21.job
      C:\WINDOWS\Tasks\At22.job
      C:\WINDOWS\Tasks\At23.job
      C:\WINDOWS\Tasks\At24.job
      C:\WINDOWS\Tasks\At25.job
      C:\WINDOWS\Tasks\At26.job
      C:\WINDOWS\Tasks\At27.job
      C:\WINDOWS\Tasks\At28.job
      C:\WINDOWS\Tasks\At29.job
      C:\WINDOWS\Tasks\At3.job
      C:\WINDOWS\Tasks\At30.job
      C:\WINDOWS\Tasks\At31.job
      C:\WINDOWS\Tasks\At32.job
      C:\WINDOWS\Tasks\At33.job
      C:\WINDOWS\Tasks\At34.job
      C:\WINDOWS\Tasks\At35.job
      C:\WINDOWS\Tasks\At36.job
      C:\WINDOWS\Tasks\At37.job
      C:\WINDOWS\Tasks\At38.job
      C:\WINDOWS\Tasks\At39.job
      C:\WINDOWS\Tasks\At4.job
      C:\WINDOWS\Tasks\At40.job
      C:\WINDOWS\Tasks\At41.job
      C:\WINDOWS\Tasks\At42.job
      C:\WINDOWS\Tasks\At43.job
      C:\WINDOWS\Tasks\At44.job
      C:\WINDOWS\Tasks\At45.job
      C:\WINDOWS\Tasks\At46.job
      C:\WINDOWS\Tasks\At47.job
      C:\WINDOWS\Tasks\At48.job
      C:\WINDOWS\Tasks\At49.job
      C:\WINDOWS\Tasks\At5.job
      C:\WINDOWS\Tasks\At50.job
      C:\WINDOWS\Tasks\At51.job
      C:\WINDOWS\Tasks\At52.job
      C:\WINDOWS\Tasks\At53.job
      C:\WINDOWS\Tasks\At54.job
      C:\WINDOWS\Tasks\At55.job
      C:\WINDOWS\Tasks\At56.job
      C:\WINDOWS\Tasks\At57.job
      C:\WINDOWS\Tasks\At58.job
      C:\WINDOWS\Tasks\At59.job
      C:\WINDOWS\Tasks\At6.job
      C:\WINDOWS\Tasks\At60.job
      C:\WINDOWS\Tasks\At61.job
      C:\WINDOWS\Tasks\At62.job
      C:\WINDOWS\Tasks\At63.job
      C:\WINDOWS\Tasks\At64.job
      C:\WINDOWS\Tasks\At65.job
      C:\WINDOWS\Tasks\At66.job
      C:\WINDOWS\Tasks\At67.job
      C:\WINDOWS\Tasks\At68.job
      C:\WINDOWS\Tasks\At69.job
      C:\WINDOWS\Tasks\At7.job
      C:\WINDOWS\Tasks\At70.job
      C:\WINDOWS\Tasks\At71.job
      C:\WINDOWS\Tasks\At72.job
      C:\WINDOWS\Tasks\At73.job
      C:\WINDOWS\Tasks\At74.job
      C:\WINDOWS\Tasks\At75.job
      C:\WINDOWS\Tasks\At76.job
      C:\WINDOWS\Tasks\At77.job
      C:\WINDOWS\Tasks\At78.job
      C:\WINDOWS\Tasks\At79.job
      C:\WINDOWS\Tasks\At8.job
      C:\WINDOWS\Tasks\At9.job
      C:\tmp2.tmp.exe
      C:\WINDOWS\SYSTEM32\5vTgy05B.exe
      C:\WINDOWS\SYSTEM32\5RdAa2td.exe
      C:\WINDOWS\system32\X6bh30gU.exe
      C:\WINDOWS\SYSTEM32\AClient.dll

      registry keys to delete:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    @- Veja se o problema continua, copie os logs do Hijack (atualizado), Avenger.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • olá Mr Coruj@!

    lá vão os logs!

    AVENGER

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\nlhsimha

    *******************

    Script file located at: \??\C:\WINDOWS\system32\vdrvksvm.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\Tasks\At1.job deleted successfully.

    File C:\WINDOWS\Tasks\At10.job deleted successfully.

    File C:\WINDOWS\Tasks\At11.job deleted successfully.

    File C:\WINDOWS\Tasks\At12.job deleted successfully.

    File C:\WINDOWS\Tasks\At13.job deleted successfully.

    File C:\WINDOWS\Tasks\At14.job deleted successfully.

    File C:\WINDOWS\Tasks\At15.job deleted successfully.

    File C:\WINDOWS\Tasks\At16.job deleted successfully.

    File C:\WINDOWS\Tasks\At17.job deleted successfully.

    File C:\WINDOWS\Tasks\At18.job deleted successfully.

    File C:\WINDOWS\Tasks\At19.job deleted successfully.

    File C:\WINDOWS\Tasks\At2.job deleted successfully.

    File C:\WINDOWS\Tasks\At20.job deleted successfully.

    File C:\WINDOWS\Tasks\At21.job deleted successfully.

    File C:\WINDOWS\Tasks\At22.job deleted successfully.

    File C:\WINDOWS\Tasks\At23.job deleted successfully.

    File C:\WINDOWS\Tasks\At24.job deleted successfully.

    File C:\WINDOWS\Tasks\At25.job deleted successfully.

    File C:\WINDOWS\Tasks\At26.job deleted successfully.

    File C:\WINDOWS\Tasks\At27.job deleted successfully.

    File C:\WINDOWS\Tasks\At28.job deleted successfully.

    File C:\WINDOWS\Tasks\At29.job deleted successfully.

    File C:\WINDOWS\Tasks\At3.job deleted successfully.

    File C:\WINDOWS\Tasks\At30.job deleted successfully.

    File C:\WINDOWS\Tasks\At31.job deleted successfully.

    File C:\WINDOWS\Tasks\At32.job deleted successfully.

    File C:\WINDOWS\Tasks\At33.job deleted successfully.

    File C:\WINDOWS\Tasks\At34.job deleted successfully.

    File C:\WINDOWS\Tasks\At35.job deleted successfully.

    File C:\WINDOWS\Tasks\At36.job deleted successfully.

    File C:\WINDOWS\Tasks\At37.job deleted successfully.

    File C:\WINDOWS\Tasks\At38.job deleted successfully.

    File C:\WINDOWS\Tasks\At39.job deleted successfully.

    File C:\WINDOWS\Tasks\At4.job deleted successfully.

    File C:\WINDOWS\Tasks\At40.job deleted successfully.

    File C:\WINDOWS\Tasks\At41.job deleted successfully.

    File C:\WINDOWS\Tasks\At42.job deleted successfully.

    File C:\WINDOWS\Tasks\At43.job deleted successfully.

    File C:\WINDOWS\Tasks\At44.job deleted successfully.

    File C:\WINDOWS\Tasks\At45.job deleted successfully.

    File C:\WINDOWS\Tasks\At46.job deleted successfully.

    File C:\WINDOWS\Tasks\At47.job deleted successfully.

    File C:\WINDOWS\Tasks\At48.job deleted successfully.

    File C:\WINDOWS\Tasks\At49.job deleted successfully.

    File C:\WINDOWS\Tasks\At5.job deleted successfully.

    File C:\WINDOWS\Tasks\At50.job deleted successfully.

    File C:\WINDOWS\Tasks\At51.job deleted successfully.

    File C:\WINDOWS\Tasks\At52.job deleted successfully.

    File C:\WINDOWS\Tasks\At53.job deleted successfully.

    File C:\WINDOWS\Tasks\At54.job deleted successfully.

    File C:\WINDOWS\Tasks\At55.job deleted successfully.

    File C:\WINDOWS\Tasks\At56.job deleted successfully.

    File C:\WINDOWS\Tasks\At57.job deleted successfully.

    File C:\WINDOWS\Tasks\At58.job deleted successfully.

    File C:\WINDOWS\Tasks\At59.job deleted successfully.

    File C:\WINDOWS\Tasks\At6.job deleted successfully.

    File C:\WINDOWS\Tasks\At60.job deleted successfully.

    File C:\WINDOWS\Tasks\At61.job deleted successfully.

    File C:\WINDOWS\Tasks\At62.job deleted successfully.

    File C:\WINDOWS\Tasks\At63.job deleted successfully.

    File C:\WINDOWS\Tasks\At64.job deleted successfully.

    File C:\WINDOWS\Tasks\At65.job deleted successfully.

    File C:\WINDOWS\Tasks\At66.job deleted successfully.

    File C:\WINDOWS\Tasks\At67.job deleted successfully.

    File C:\WINDOWS\Tasks\At68.job deleted successfully.

    File C:\WINDOWS\Tasks\At69.job deleted successfully.

    File C:\WINDOWS\Tasks\At7.job deleted successfully.

    File C:\WINDOWS\Tasks\At70.job deleted successfully.

    File C:\WINDOWS\Tasks\At71.job deleted successfully.

    File C:\WINDOWS\Tasks\At72.job deleted successfully.

    File C:\WINDOWS\Tasks\At73.job not found!

    Deletion of file C:\WINDOWS\Tasks\At73.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At73.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At74.job not found!

    Deletion of file C:\WINDOWS\Tasks\At74.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At74.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At75.job not found!

    Deletion of file C:\WINDOWS\Tasks\At75.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At75.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At76.job not found!

    Deletion of file C:\WINDOWS\Tasks\At76.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At76.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At77.job not found!

    Deletion of file C:\WINDOWS\Tasks\At77.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At77.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At78.job not found!

    Deletion of file C:\WINDOWS\Tasks\At78.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At78.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At79.job not found!

    Deletion of file C:\WINDOWS\Tasks\At79.job failed!

    Could not process line:

    C:\WINDOWS\Tasks\At79.job

    Status: 0xc0000034

    File C:\WINDOWS\Tasks\At8.job deleted successfully.

    File C:\WINDOWS\Tasks\At9.job deleted successfully.

    File C:\tmp2.tmp.exe not found!

    Deletion of file C:\tmp2.tmp.exe failed!

    Could not process line:

    C:\tmp2.tmp.exe

    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\5vTgy05B.exe not found!

    Deletion of file C:\WINDOWS\SYSTEM32\5vTgy05B.exe failed!

    Could not process line:

    C:\WINDOWS\SYSTEM32\5vTgy05B.exe

    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\5RdAa2td.exe not found!

    Deletion of file C:\WINDOWS\SYSTEM32\5RdAa2td.exe failed!

    Could not process line:

    C:\WINDOWS\SYSTEM32\5RdAa2td.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\X6bh30gU.exe not found!

    Deletion of file C:\WINDOWS\system32\X6bh30gU.exe failed!

    Could not process line:

    C:\WINDOWS\system32\X6bh30gU.exe

    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\AClient.dll not found!

    Deletion of file C:\WINDOWS\SYSTEM32\AClient.dll failed!

    Could not process line:

    C:\WINDOWS\SYSTEM32\AClient.dll

    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080} deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    (NOTA: o arquivo Aclient.dll já havia sido deletado manualmente, bem como o tmp2.tmp.exe...e o registro limpo usando o easycleaner)

    Hijack

    Logfile of HijackThis v1.99.1

    Scan saved at 13:28:38, on 14/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

    O4 - HKLM\..\Run: [systemTray] SysTray.Exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

    O4 - Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Office XP\Office10\OSA.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: Domain = localnet

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE753132-FC4B-4B11-9C49-4551D004AB61}: NameServer = 192.168.0.1,200.176.2.75

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: Gbp Service (GbpSv) - Banco Unibanco - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

    o computador está normal agora...nem spybot nem ad-adware acusam qquer praga!

    valeu pela ajuda!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    docampos,

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    _________________________________

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ola Mr Coruj@!

    mais uma vez obrigado pela ajuda!

    estarei reportando ao moderador para fechar o tópico!

    valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×