Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Lobini

gbiehbsb.dll Nao inicia mais após killbox

Recommended Posts

meu computador vem apresentando alguns problemas a um bom tempo, e apenas agora tive tempo para tentar coloca-lo em ordem. Estou tendo o erro do gbiehbsb.dll quando inicia o note, e o "system Error. Code 1400. Invalid window handle" diversas vezes, em especial quando minimiza o Internet Explorer. Chercando os topicos sobre o assunto tentei instalar outro antivirus apos ter desinstalado o mcaffe, mas a instalacao simplesmente desaparece na metade, ou da despejo de memoria fisica, tanto o avg quanto o kasper...

log do hijack:

Logfile of HijackThis v1.99.1

Scan saved at 5:47:57 AM, on 2/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ACS.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\unsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\winsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE

C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE

C:\WINDOWS\ping.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\wmx\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchcc.brinkster.net/magula/original.asp?chave=WMGHR83655%20AMWMGHR&sistema=W-XP&ip=192.168.0.116&nome=toshiba-8abbd53

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\unsrvc.exe -runservice

O1 - Hosts: 198.106.46.81 www.caixa.com.br

O1 - Hosts: 198.106.46.81 www.caixa.gov.br

O1 - Hosts: 198.106.46.81 www.cef.com.br

O1 - Hosts: 198.106.46.81 www.cef.gov.br

O1 - Hosts: 198.106.46.81 www.caixaeconomica.com.br

O1 - Hosts: 198.106.46.81 www.caixaeconomica.gov.br

O1 - Hosts: 198.106.46.81 www.caixaeconomicafederal.com.br

O1 - Hosts: 198.106.46.81 caixa.com.br

O1 - Hosts: 198.106.46.81 caixa.gov.br

O1 - Hosts: 198.106.46.81 cef.com.br

O1 - Hosts: 198.106.46.81 cef.gov.br

O1 - Hosts: 198.106.46.81 caixaeconomica.com.br

O1 - Hosts: 198.106.46.81 caixaeconomica.gov.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [bigDog302] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera II

O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\unsrvc.exe -runservice

O4 - HKLM\..\RunOnce: [sndrec32] C:\WINDOWS\system32\drivers\sndrec32.exe

O4 - HKLM\..\RunOnce: [msnmsg] C:\WINDOWS\system32\drivers\sndrec32.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

quando puder por favor me ajude brow.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HostsXpert, descompacte o arquivo, abra o programa e clique em Restore MS Hosts File;

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt e um novo log do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • procedimentos executados, segue abaixo log do hijack e do combofix, e aparentemente o system error 1400 nao esta mais ocorrendo.

    Logfile of HijackThis v1.99.1

    Scan saved at 8:37:41 PM, on 25/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\ACS.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

    C:\WINDOWS\system32\unsrvc.exe

    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\winsrvc.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE

    C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE

    C:\WINDOWS\ping.exe

    C:\Documents and Settings\TOSHIBA\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\unsrvc.exe -runservice

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll

    O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [bigDog302] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera II

    O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\unsrvc.exe -runservice

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    ComboFix 08-02-25 - WMX 2008-02-24 18:37:54.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.717 [GMT -3:00]

    Running from: C:\Documents and Settings\WMX\Desktop\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\TOSHIBA\ravmonlog

    C:\WINDOWS\system32\drivers\sndrec32.exe

    C:\WINDOWS\system32\drivers\taskmgr.exe

    C:\WINDOWS\system32\drvsrvc.dll

    C:\WINDOWS\system32\systray.scr

    C:\winxp.exe

    .

    ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))

    .

    2008-02-24 05:34 . 2008-02-24 05:34 <DIR> d-------- C:\Documents and Settings\WMX\Application Data\Intel

    2008-02-24 05:25 . 2008-02-24 05:25 <DIR> d-------- C:\Program Files\Kaspersky Lab

    2008-02-23 23:33 . 2008-02-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    2008-02-23 23:33 . 2008-02-25 18:43 2,629,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

    2008-02-23 23:33 . 2008-02-24 15:40 31,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

    2008-02-23 23:33 . 2008-02-25 18:42 17,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

    2008-02-23 23:33 . 2008-02-24 15:40 2,420 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

    2008-02-23 19:15 . 2008-02-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

    2008-02-22 13:20 . 2008-02-22 13:20 <DIR> d-------- C:\WINDOWS\_tmp

    2008-02-22 13:19 . 2008-02-22 13:19 266 --a------ C:\WINDOWS\system\del.bat

    2008-02-22 12:08 . 2008-02-22 12:08 757,248 --a------ C:\WINDOWS\gbiehbsb.dll

    2008-02-22 12:08 . 2008-02-22 12:08 311,296 --a------ C:\WINDOWS\ping.exe

    2008-02-22 12:08 . 2008-02-22 12:08 117,760 --a------ C:\WINDOWS\svcpool.dll

    2008-02-22 12:07 . 2008-02-21 15:10 183,296 -ra------ C:\WINDOWS\system\8wejw34c.exe

    2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ C:\WINDOWS\system32\klogon.dll

    2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ C:\WINDOWS\system32\drivers\klopp.dat

    2008-02-07 11:59 . 2008-02-24 04:21 <DIR> d-------- C:\wmx

    2008-01-28 11:35 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\TOSHIBA\Application Data\U3

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-24 20:59 --------- d-----w C:\Program Files\Google

    2008-02-24 20:58 16 ----a-w C:\WINDOWS\system32\drivers\odel32.dll

    2008-02-24 20:57 15,362 ----a-w C:\WINDOWS\sysstr.sys

    2008-02-24 20:57 10,837 ----a-w C:\WINDOWS\system32\filetemp.tmp

    2008-02-24 07:00 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Skype

    2008-02-21 16:59 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

    2007-12-27 03:16 45,058 ----a-w C:\WINDOWS\system32\winsrvc.exe

    2007-12-14 04:30 323,584 ----a-w C:\WINDOWS\system32\unsrvc.exe

    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll

    2007-06-15 11:01 893,440 --sh--w C:\WINDOWS\Help\svhost.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

    2008-02-22 12:08 757248 --a------ C:\WINDOWS\gbiehbsb.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BigDog302"="C:\WINDOWS\VM_STI.exe" [2005-06-03 18:57 61440]

    "unsrvc"="C:\WINDOWS\system32\unsrvc.exe" [2007-12-14 01:30 323584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "sndrec32"="C:\WINDOWS\system32\drivers\sndrec32.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{B9E618A2-A4FE-11D4-83C2-005004636C96}"= C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 20:26 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 16:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^My_Love.exe]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\My_Love.exe

    backup=C:\WINDOWS\pss\My_Love.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

    backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows32.exe]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows32.exe

    backup=C:\WINDOWS\pss\Windows32.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    --a------ 2005-04-12 21:17 88358 C:\WINDOWS\agrsmmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alertas de desempenho]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\wupdmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

    --a------ 2004-03-24 03:40 196608 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog302]

    --a------ 2005-06-03 18:57 61440 C:\WINDOWS\VM_STI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bright]

    --a------ 2007-09-02 16:46 921088 C:\WINDOWS\bright.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

    --a------ 2005-04-29 01:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

    --a------ 2005-01-14 06:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gerenciamento de aplicativo]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\netsvcs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

    --a------ 2004-11-02 13:59 126976 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

    --a------ 2005-04-21 01:38 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

    --a------ 2004-11-02 14:03 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    --a------ 2004-08-04 09:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

    --a------ 2004-10-15 16:27 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IsassRenascimento]

    C:\WINDOWS\help\Issas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVPServiceMgr]

    --a------ 2003-10-20 13:37 475136 C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

    --------- 2005-04-12 21:18 184320 C:\Program Files\ltmoh\Ltmoh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgrss]

    --a------ 2007-09-02 16:46 1881600 C:\WINDOWS\msgrss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messenger Live 80]

    --a------ 2007-06-15 08:02 201216 C:\WINDOWS\help\msn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKGO]

    --a------ 2007-06-15 18:00 3616768 C:\WINDOWS\winutade.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

    --a------ 2004-09-07 19:03 1077301 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]

    --a------ 2005-03-17 21:37 151552 C:\TOSHIBA\IVP\ISM\pinger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2006-12-01 17:56 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\renascimento]

    ---hs---- 2007-06-15 08:01 893440 C:\WINDOWS\help\svhost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    --a------ 2006-10-13 22:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

    --a------ 2004-05-01 19:03 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

    --a------ 2004-12-30 05:32 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

    --a------ 2005-02-22 18:51 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

    --a------ 2004-11-30 02:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

    --a------ 2004-12-28 21:02 270336 C:\WINDOWS\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

    --a------ 2005-04-05 21:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unsrvc]

    --a------ 2007-12-14 01:30 323584 C:\WINDOWS\system32\unsrvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows32]

    C:\Arquivos de programas\System\Windows32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winxp]

    C:\winXP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

    "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\WINDOWS\\Help\\svhost.exe"=

    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "16562:TCP"= 16562:TCP:NortonAV

    "18707:TCP"= 18707:TCP:NortonAV

    R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 20:05]

    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-26 00:22]

    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

    S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

    S3 ZSMC302;VIMICRO USB PC Camera II;C:\WINDOWS\system32\Drivers\usbVM302.sys [2005-09-22 22:57]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-15 19:18:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-25 18:43:50

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    .

    Completion time: 2008-02-25 18:46:42

    ComboFix-quarantined-files.txt 2008-02-25 21:45:44

    .

    2008-02-13 15:54:01 --- E O F ---

    agradeco novamente

    EDIT: Tem que te um ***** aqui em baixo pra tira meu tópico da lista de espera, bane o cara por favor pra ele aprender a ler os topicos importantes....

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    Folder::
    C:\WINDOWS\_tmp
    File::
    C:\WINDOWS\system\del.bat
    C:\WINDOWS\gbiehbsb.dll
    C:\WINDOWS\ping.exe
    C:\WINDOWS\svcpool.dll
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "unsrvc"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "sndrec32"-=
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "sndrec32"=-
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start -Menu^Programs^Startup^My_Love.exe]
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows32.exe]
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IsassRenascimento]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgrss]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messenger Live 80]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKGO]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\renascimento]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unsrvc]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows32]

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-02-25 - TOSHIBA 2008-02-28 13:35:01.2 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.700 [GMT -3:00]

    Running from: C:\wmx\hijack\ComboFix.exe

    Command switches used :: C:\wmx\hijack\CFScript.txt

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\gbiehbsb.dll

    C:\WINDOWS\ping.exe

    C:\WINDOWS\svcpool.dll

    C:\WINDOWS\system\del.bat

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\_tmp

    C:\WINDOWS\gbiehbsb.dll

    C:\WINDOWS\ping.exe

    C:\WINDOWS\svcpool.dll

    C:\WINDOWS\system\del.bat

    C:\WINDOWS\system32\drvsrvc.dll

    C:\WINDOWS\winhlp.dll

    .

    ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))

    .

    2008-02-28 13:37 . 2008-02-28 19:11 2,691 --a------ C:\WINDOWS\svchost_

    2008-02-28 13:37 . 2008-02-28 19:11 0 --a------ C:\WINDOWS\lkjsoiq

    2008-02-27 20:30 . 2008-02-28 00:57 5,104 --a------ C:\WINDOWS\mssnmsgr.dll

    2008-02-24 05:25 . 2008-02-24 05:25 <DIR> d-------- C:\Program Files\Kaspersky Lab

    2008-02-23 23:33 . 2008-02-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    2008-02-23 23:33 . 2008-02-28 19:13 3,428,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

    2008-02-23 23:33 . 2008-02-28 19:13 47,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

    2008-02-23 23:33 . 2008-02-28 19:12 41,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

    2008-02-23 23:33 . 2008-02-28 19:12 5,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

    2008-02-23 19:15 . 2008-02-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

    2008-02-22 12:07 . 2008-02-21 15:10 183,296 -ra------ C:\WINDOWS\system\8wejw34c.exe

    2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ C:\WINDOWS\system32\klogon.dll

    2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ C:\WINDOWS\system32\drivers\klopp.dat

    2008-02-07 11:59 . 2008-02-24 04:21 <DIR> d-------- C:\wmx

    2008-01-28 11:35 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\TOSHIBA\Application Data\U3

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-28 16:27 15,362 ----a-w C:\WINDOWS\sysstr.sys

    2008-02-27 19:01 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Skype

    2008-02-26 01:13 --------- d-----w C:\Program Files\Google

    2008-02-24 20:58 16 ----a-w C:\WINDOWS\system32\drivers\odel32.dll

    2008-02-21 16:59 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

    2007-06-15 11:01 893,440 --sh--w C:\WINDOWS\Help\svhost.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BigDog302"="C:\WINDOWS\VM_STI.exe" [2005-06-03 18:57 61440]

    "unsrvc"="C:\WINDOWS\system32\unsrvc.exe" [2007-12-14 01:30 323584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{B9E618A2-A4FE-11D4-83C2-005004636C96}"= C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 20:26 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 16:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^My_Love.exe]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\My_Love.exe

    backup=C:\WINDOWS\pss\My_Love.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

    backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    --a------ 2005-04-12 21:17 88358 C:\WINDOWS\agrsmmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alertas de desempenho]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\wupdmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

    --a------ 2004-03-24 03:40 196608 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog302]

    --a------ 2005-06-03 18:57 61440 C:\WINDOWS\VM_STI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bright]

    --a------ 2007-09-02 16:46 921088 C:\WINDOWS\bright.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

    --a------ 2005-04-29 01:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

    --a------ 2005-01-14 06:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gerenciamento de aplicativo]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\netsvcs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

    --a------ 2004-11-02 13:59 126976 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

    --a------ 2005-04-21 01:38 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

    --a------ 2004-11-02 14:03 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    --a------ 2004-08-04 09:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

    --a------ 2004-10-15 16:27 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVPServiceMgr]

    --a------ 2003-10-20 13:37 475136 C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

    --------- 2005-04-12 21:18 184320 C:\Program Files\ltmoh\Ltmoh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

    --a------ 2004-09-07 19:03 1077301 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2006-12-01 17:56 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    --a------ 2006-10-13 22:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

    --a------ 2004-05-01 19:03 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

    --a------ 2004-12-30 05:32 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

    --a------ 2005-02-22 18:51 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

    --a------ 2004-11-30 02:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

    --a------ 2004-12-28 21:02 270336 C:\WINDOWS\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

    --a------ 2005-04-05 21:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winxp]

    C:\winXP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

    "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\WINDOWS\\Help\\svhost.exe"=

    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "16562:TCP"= 16562:TCP:NortonAV

    "18707:TCP"= 18707:TCP:NortonAV

    R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 20:05]

    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-26 00:22]

    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

    S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

    S3 ZSMC302;VIMICRO USB PC Camera II;C:\WINDOWS\system32\Drivers\usbVM302.sys [2005-09-22 22:57]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    \Shell\AutoRun\command - E:\LaunchU3.exe

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-15 19:18:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-28 19:13:34

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\drvsrvc.dll 0 bytes

    scan completed successfully

    hidden files: 1

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\ACS.exe

    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\winsrvc.exe

    .

    **************************************************************************

    .

    Completion time: 2008-02-28 19:17:04 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-02-28 22:17:00

    ComboFix2.txt 2008-02-25 21:46:44

    .

    2008-02-13 15:54:01 --- E O F ---

    Logfile of HijackThis v1.99.1

    Scan saved at 19:22, on 28/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\ACS.exe

    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

    C:\WINDOWS\system32\unsrvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\winsrvc.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE

    C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE

    C:\wmx\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\unsrvc.exe -runservice

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [bigDog302] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera II

    O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\unsrvc.exe -runservice

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    grato de novo, gbiehbsb ainda apareceu no inicio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    File::
    C:\WINDOWS\svchost_
    C:\WINDOWS\lkjsoiq
    C:\WINDOWS\mssnmsgr.dll
    C:\WINDOWS\Help\svhost.exe
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "unsrvc"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "gbieh.1"=-
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^My_Love.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bright]

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-02-25 - TOSHIBA 2008-03-01 12:36:52.3 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.707 [GMT -3:00]

    Running from: C:\wmx\hijack\ComboFix.exe

    Command switches used :: C:\wmx\hijack\CFScript.txt

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\Help\svhost.exe

    C:\WINDOWS\lkjsoiq

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\svchost_

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\Help\svhost.exe

    C:\WINDOWS\lkjsoiq

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\svchost_

    C:\WINDOWS\system32\drvsrvc.dll

    .

    ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))

    .

    2008-02-24 05:25 . 2008-02-24 05:25 <DIR> d-------- C:\Program Files\Kaspersky Lab

    2008-02-23 23:33 . 2008-02-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    2008-02-23 23:33 . 2008-03-01 12:42 4,802,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

    2008-02-23 23:33 . 2008-03-01 12:42 61,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

    2008-02-23 23:33 . 2008-03-01 10:17 57,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

    2008-02-23 23:33 . 2008-03-01 10:17 6,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

    2008-02-23 19:15 . 2008-02-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

    2008-02-22 12:07 . 2008-02-21 15:10 183,296 -ra------ C:\WINDOWS\system\8wejw34c.exe

    2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ C:\WINDOWS\system32\klogon.dll

    2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ C:\WINDOWS\system32\drivers\klopp.dat

    2008-02-07 11:59 . 2008-02-24 04:21 <DIR> d-------- C:\wmx

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-01 15:33 15,362 ----a-w C:\WINDOWS\sysstr.sys

    2008-03-01 15:33 10,856 ----a-w C:\WINDOWS\system32\filetemp.tmp

    2008-02-27 19:01 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Skype

    2008-02-26 01:13 --------- d-----w C:\Program Files\Google

    2008-02-24 20:58 16 ----a-w C:\WINDOWS\system32\drivers\odel32.dll

    2008-02-21 16:59 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

    2008-01-28 14:52 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\U3

    2007-12-27 03:16 45,058 ----a-w C:\WINDOWS\system32\winsrvc.exe

    2007-12-14 04:30 323,584 ----a-w C:\WINDOWS\system32\unsrvc.exe

    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BigDog302"="C:\WINDOWS\VM_STI.exe" [2005-06-03 18:57 61440]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{B9E618A2-A4FE-11D4-83C2-005004636C96}"= C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 20:26 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 16:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

    backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    --a------ 2005-04-12 21:17 88358 C:\WINDOWS\agrsmmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alertas de desempenho]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\wupdmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

    --a------ 2004-03-24 03:40 196608 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog302]

    --a------ 2005-06-03 18:57 61440 C:\WINDOWS\VM_STI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

    --a------ 2005-04-29 01:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

    --a------ 2005-01-14 06:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gerenciamento de aplicativo]

    C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\netsvcs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

    --a------ 2004-11-02 13:59 126976 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

    --a------ 2005-04-21 01:38 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

    --a------ 2004-11-02 14:03 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    --a------ 2004-08-04 09:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

    --a------ 2004-10-15 16:27 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVPServiceMgr]

    --a------ 2003-10-20 13:37 475136 C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

    --------- 2005-04-12 21:18 184320 C:\Program Files\ltmoh\Ltmoh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

    --a------ 2004-09-07 19:03 1077301 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    --a------ 2004-08-04 09:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2006-12-01 17:56 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    --a------ 2006-10-13 22:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

    --a------ 2004-05-01 19:03 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

    --a------ 2004-12-30 05:32 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

    --a------ 2005-02-22 18:51 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

    --a------ 2004-11-30 02:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

    --a------ 2004-12-28 21:02 270336 C:\WINDOWS\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

    --a------ 2005-04-05 21:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winxp]

    C:\winXP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

    "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "16562:TCP"= 16562:TCP:NortonAV

    "18707:TCP"= 18707:TCP:NortonAV

    R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 20:05]

    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-26 00:22]

    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

    S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

    S3 ZSMC302;VIMICRO USB PC Camera II;C:\WINDOWS\system32\Drivers\usbVM302.sys [2005-09-22 22:57]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    \Shell\AutoRun\command - E:\LaunchU3.exe

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-15 19:18:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-01 12:43:00

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    .

    Completion time: 2008-03-01 12:45:42

    ComboFix-quarantined-files.txt 2008-03-01 15:44:44

    ComboFix2.txt 2008-02-28 22:17:05

    ComboFix3.txt 2008-02-25 21:46:44

    .

    2008-02-13 15:54:01 --- E O F ---

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Logfile of HijackThis v1.99.1

    Scan saved at 13:00, on 01/03/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\ACS.exe

    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

    C:\WINDOWS\system32\unsrvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\winsrvc.exe

    C:\wmx\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\unsrvc.exe -runservice

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [bigDog302] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera II

    O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\unsrvc.exe -runservice

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

    gbiehbsb sumiu. Aparentemente esta tudo normal, vou esperar sua resposta se esta tudo ok para instalar o antivirus e voltar a ultilizar o computador, grato

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

    - Faça o download do Killbox e execute-o:

    • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

    C:\WINDOWS\system32\unsrvc.exe
    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
    • Clique no killbox.png e responda Não à pergunta.

    - Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\unsrvc.exe –runservice

    O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\unsrvc.exe -runservice

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - Reinicie em modo normal, gere novo log do HijackThis e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • bom brow, desisnstalei o combofix da forma como mandou, abri o killbox e segui os passos certinho, reiniciei o computador em modo seguro, mas ele entra na tela de logon e apareçem duas contas, a de administrador e a minha (wm) eu cliclo para abrir as duas, nenhuma delas abre, ela começa a abrir e ja aparece "logging off" "saving your network settings" e volta pra tela de log on por favor ve isso o quanto mais rápido pra mim brow, porque agora como ele nao inicia nem em modo seguro nem em modo normal fico complicado pra mim....

    qq coisa to no msn wmx7@hotmail.com

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ...porque agora como ele nao inicia nem em modo seguro nem em modo normal ...

    qq coisa to no msn wmx7@hotmail.com

    Não inicia em modo normal também brow, nem em modo seguro. Mesma coisa das duas formas, ou seja, o computador nao passa da tela de login, ñão tem senha inclusive. Ja tentei iniciar pela ultima configuração válida mas deu a mesma coisa. help?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • alguma outra opção disponível brow?

    uso um windows original no note mas nao tenho o cd de instalação, foi perdido, apenas a chave, ela servirá em outra versão do xp?

    além de que, se existir qualquer outrao opção seria preferível pelo fato de ter diversos programas da receita e similares que não se acham mais para download, é possivel?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×