Ir ao conteúdo
  • Cadastre-se
othon_16

Log do Hijackthis

Posts recomendados

Caros,

Estão aparecendo muitas DLLs estranhas no meu PC, que o SpyBot acusa. Segue log do Hijackthis.

****************************************************

Logfile of HijackThis v1.99.1

Scan saved at 18:10:09, on 28/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Soulseek\slsk.exe

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [discador] C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191787137750

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F007E7E6-7881-44DC-96F5-16BD2CE4AF7E}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\bsialoef.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

José, aqui está o scan do Kaspersky.

*****************************************************

Infected Object Name

Virus Name

Last Action

C:\!KillBox\iifedbb.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat

Object is locked

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db

Object is locked

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws

Object is locked

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log

Object is locked

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log

Object is locked

skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Identities\{1A348A20-2242-4C58-9975-8EE6B2571D13}\Microsoft\Outlook Express\Caixa de entrada.dbx

Mail MS Outlook 5: infected - 6

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db.shadow

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012007122920071230\index.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Configurações locais\Temp\ew3fvisz.EXE

Infected: Trojan-Downloader.Win32.Banload.fzp

skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\092QQ2EM\ms_s_2[1]

Infected: Trojan-Spy.Win32.VBStat.h

skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Cookies\index.dat

Object is locked

skipped

C:\Documents and Settings\Administrador\Meus documentos\41331_vdownloader061.zip/VDownloader.exe

Infected: not-a-virus:Downloader.Win32.VDown.a

skipped

C:\Documents and Settings\Administrador\Meus documentos\41331_vdownloader061.zip

ZIP: infected - 1

skipped

C:\Documents and Settings\Administrador\NTUSER.DAT

Object is locked

skipped

C:\Documents and Settings\Administrador\ntuser.dat.LOG

Object is locked

skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Object is locked

skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Object is locked

skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Object is locked

skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG

Object is locked

skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Object is locked

skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Object is locked

skipped

C:\Documents and Settings\LocalService\Cookies\index.dat

Object is locked

skipped

C:\Documents and Settings\LocalService\NTUSER.DAT

Object is locked

skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG

Object is locked

skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Object is locked

skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG

Object is locked

skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT

Object is locked

skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Object is locked

skipped

C:\Downloads\slsk\a baroque christmas\INCOMPLETE~13 Messe de Minuit sur des Airs de N.mp3

Object is locked

skipped

C:\Downloads\vdownloader.zip/VDownloader.exe

Infected: not-a-virus:Downloader.Win32.VDown.a

skipped

C:\Downloads\vdownloader.zip

ZIP: infected - 1

skipped

C:\System Volume Information\MountPointManagerRemoteDatabase

Object is locked

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP185\A0095565.exe

Infected: not-a-virus:AdTool.Win32.WhenU.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP185\A0095566.exe

Infected: not-a-virus:AdTool.Win32.WhenU.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe/file004

Infected: not-a-virus:AdTool.Win32.WhenU.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe/file005

Infected: not-a-virus:AdTool.Win32.WhenU.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP190\A0096143.exe

Inno: infected - 2

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104116.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104122.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP199\A0104128.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104141.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104143.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP200\A0104147.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108122.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108124.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP203\A0108128.rbf

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP207\A0111599.exe

Infected: not-a-virus:Downloader.Win32.VDown.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/AntiSpyware.exe

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/AntiSpywareSrv.srv.exe

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.b

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe/AntiSpywareApp/Launcher.exe

Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe

7-Zip: infected - 3

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe

UPX: infected - 3

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116479.exe

PE_Patch.UPX: infected - 3

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116480.exe/WISE0016.BIN

Infected: not-a-virus:AdTool.Win32.WhenU.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP209\A0116480.exe

WiseSFX: infected - 1

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar/xpkey.exe

Infected: not-a-virus:PSWTool.Win32.RAS.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar/officekey.exe

Infected: not-a-virus:PSWTool.Win32.RAS.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe/data.rar

Infected: not-a-virus:PSWTool.Win32.RAS.a

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP267\A0161662.exe

RarSFX: infected - 3

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP277\A0169555.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP281\A0170713.dll

Infected: Backdoor.Win32.Agent.dlj

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171242.exe

Infected: not-a-virus:AdWare.Win32.Virtumonde.ks

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171243.exe

Infected: Backdoor.Win32.Delf.axp

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171244.dll

Infected: Trojan-Spy.Win32.Banbra.ui

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171246.dll

Infected: Trojan-Spy.Win32.VBStat.h

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171247.dll

Infected: Trojan.Win32.Pakes.akr

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171315.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171316.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171317.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171318.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171380.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171465.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0171610.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172562.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172573.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0024.BIN

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0007.BIN

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0684.BIN/WISE0011.BIN

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN/WISE0684.BIN

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe/WISE0031.BIN

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0172648.exe

WiseSFX: infected - 5

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0173584.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174608.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174688.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174689.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174691.exe

Infected: Trojan-Downloader.Win32.Agent.gwe

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\A0174692.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\System Volume Information\_restore{D44ACD24-F9C9-45FE-9E58-83BB3B2F6503}\RP285\change.log

Object is locked

skipped

C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar/load.exe

Infected: Backdoor.Win32.Delf.axp

skipped

C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar/is68159.exe

Infected: not-a-virus:AdWare.Win32.Virtumonde.ks

skipped

C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe/data.rar

Infected: not-a-virus:AdWare.Win32.Virtumonde.ks

skipped

C:\thon\Complete\Motorola OEM Mobile Phonetools Deluxe 4.0.exe

RarSFX: infected - 3

skipped

C:\vdownloader\VDownloader.exe

Infected: not-a-virus:Downloader.Win32.VDown.a

skipped

C:\WINDOWS\Debug\PASSWD.LOG

Object is locked

skipped

C:\WINDOWS\SchedLgU.Txt

Object is locked

skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Object is locked

skipped

C:\WINDOWS\system32\awtutss.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\WINDOWS\system32\config\Antivirus.Evt

Object is locked

skipped

C:\WINDOWS\system32\config\AppEvent.Evt

Object is locked

skipped

C:\WINDOWS\system32\config\default

Object is locked

skipped

C:\WINDOWS\system32\config\default.LOG

Object is locked

skipped

C:\WINDOWS\system32\config\Internet.evt

Object is locked

skipped

C:\WINDOWS\system32\config\NetLimit.evt

Object is locked

skipped

C:\WINDOWS\system32\config\ODiag.evt

Object is locked

skipped

C:\WINDOWS\system32\config\OSession.evt

Object is locked

skipped

C:\WINDOWS\system32\config\SAM

Object is locked

skipped

C:\WINDOWS\system32\config\SAM.LOG

Object is locked

skipped

C:\WINDOWS\system32\config\SecEvent.Evt

Object is locked

skipped

C:\WINDOWS\system32\config\SECURITY

Object is locked

skipped

C:\WINDOWS\system32\config\SECURITY.LOG

Object is locked

skipped

C:\WINDOWS\system32\config\software

Object is locked

skipped

C:\WINDOWS\system32\config\software.LOG

Object is locked

skipped

C:\WINDOWS\system32\config\SysEvent.Evt

Object is locked

skipped

C:\WINDOWS\system32\config\system

Object is locked

skipped

C:\WINDOWS\system32\config\system.LOG

Object is locked

skipped

C:\WINDOWS\system32\drivers\sptd.sys

Object is locked

skipped

C:\WINDOWS\system32\h323log.txt

Object is locked

skipped

C:\WINDOWS\system32\iifedbb.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\WINDOWS\system32\lwnqmpqk.dll

Infected: Backdoor.Win32.Agent.dlj

skipped

C:\WINDOWS\system32\pskill.exe

Infected: not-a-virus:RiskTool.Win32.PsKill.e

skipped

C:\WINDOWS\system32\vtuutts.dll

Infected: not-a-virus:AdWare.Win32.Virtumonde.dhv

skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Object is locked

skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Object is locked

skipped

C:\WINDOWS\Temp\Perflib_Perfdata_734.dat

Object is locked

skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt

Object is locked

skipped

C:\WINDOWS\WindowsUpdate.log

Object is locked

skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do Combofix

========================================

ComboFix 07-12-21.4 - Administrador 2007-12-30 14:34:14.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.795 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\awtutss.dll

C:\WINDOWS\system32\awvvt.dll

C:\WINDOWS\system32\buaqjyft.dll

C:\WINDOWS\system32\cawmbpcx.dll

C:\WINDOWS\system32\cpouqqmb.dll

C:\WINDOWS\system32\ghhkj.bak1

C:\WINDOWS\system32\ghhkj.bak2

C:\WINDOWS\system32\ghhkj.ini2

C:\WINDOWS\system32\iifedbb.dll

C:\WINDOWS\system32\kqpmqnwl.ini

C:\WINDOWS\system32\lwnqmpqk.dll

C:\WINDOWS\system32\nbkwwfns.dll

C:\WINDOWS\system32\ooerbgby.dll

C:\WINDOWS\system32\oxxgpckv.ini

C:\WINDOWS\system32\oyerhomq.dll

C:\WINDOWS\system32\pskill.exe

C:\WINDOWS\system32\qmohreyo.ini

C:\WINDOWS\system32\rpjipakn.dll

C:\WINDOWS\system32\tvvwa.ini

C:\WINDOWS\system32\tvvwa.ini2

C:\WINDOWS\system32\vkcpgxxo.dll

C:\WINDOWS\system32\vtuutts.dll

C:\WINDOWS\system32\xcpbmwac.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((( Ficheiros criados de 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))

.

2007-12-29 21:33 . 2007-12-29 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2007-12-29 21:33 . 2007-12-29 21:33 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-12-29 18:48 . 2007-12-29 18:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-29 18:30 . 2007-12-29 19:11 <DIR> d-------- C:\Documents and Settings\Administrador\.housecall6.6

2007-12-28 21:14 . 2007-12-28 21:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-28 21:14 . 2007-12-28 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-12-28 21:04 . 2007-12-28 23:13 <DIR> d-------- C:\Arquivos de programas\PrevxCSI

2007-12-28 18:25 . 2007-12-28 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

2007-12-28 18:24 . 2007-12-28 21:05 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\PrevxCSI

2007-12-28 16:51 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\NVIDIA

2007-12-28 16:15 . 2007-12-29 10:39 <DIR> d-------- C:\VTPFiles

2007-12-28 16:10 . 2007-12-28 16:10 78,942 --a------ C:\WINDOWS\Icon_3.ico

2007-12-28 12:48 . 2007-12-28 12:48 78,942 --a------ C:\WINDOWS\Icon_2.ico

2007-12-28 11:19 . 2007-12-28 11:19 <DIR> d-------- C:\WINDOWS\system32\VITrans

2007-12-28 11:19 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2007-12-28 11:19 . 2007-12-28 11:19 78,942 --a------ C:\WINDOWS\Icon_1.ico

2007-12-28 11:19 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2007-12-28 11:19 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2007-12-28 11:05 . 2007-12-28 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-27 20:26 . 2007-12-27 20:26 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-12-27 20:26 . 2007-12-04 10:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-12-27 20:26 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2007-12-27 20:26 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-12-27 20:26 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-27 20:26 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-27 20:26 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-27 20:26 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-27 20:26 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-27 19:28 . 2007-12-27 19:28 108,330 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\firstlsp.reg.dat

2007-12-27 18:56 . 2007-12-27 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2007-12-26 15:41 . 2007-12-26 15:41 280,128 --a------ C:\FlvPlayer_1.4.exe

2007-12-26 11:30 . 2007-12-27 17:58 1,031,551 ---hs---- C:\WINDOWS\system32\kvmaltym.ini

2007-12-22 22:26 . 2007-12-22 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-22 22:26 . 2007-12-22 22:35 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools

2007-12-22 21:32 . 2007-12-22 21:32 <DIR> d-------- C:\WINDOWS\all drivers

2007-12-22 18:07 . 2007-12-22 18:07 <DIR> d-------- C:\Arquivos de programas\GoldWave

2007-12-22 18:07 . 2007-12-29 19:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-22 18:07 . 2007-12-22 18:07 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-22 17:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-12-22 17:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-12-22 17:25 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-12-22 17:25 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2007-12-19 19:01 . 2007-12-19 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2007-12-19 19:01 . 2007-12-19 19:01 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-12-17 20:51 . 2007-12-17 20:53 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SoftPerfect Personal Firewall

2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\Arquivos de programas\HachaPro

2007-12-15 12:06 . 2007-12-15 12:06 92,672 --a------ C:\KillBox.exe

2007-12-15 01:28 . 2007-12-29 21:32 <DIR> d-------- C:\Documents and Settings\Administrador\Tracing

2007-12-14 21:23 . 2007-12-14 21:24 241 --a------ C:\WINDOWS\kaillera.ini

2007-12-12 07:59 . 2007-12-12 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2007-12-12 07:59 . 2007-12-12 07:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Comodo

2007-12-11 22:12 . 2007-12-16 08:17 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-12-11 22:12 . 2007-10-20 18:45 211 --a------ C:\boot.ini.comodofirewall

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-10 17:29 . 2007-12-10 17:29 1,017 --a------ C:\BIOSLOCK.INI

2007-12-09 20:11 . 2007-12-28 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-12-09 20:11 . 2007-12-28 19:01 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2007-12-09 20:11 . 2007-12-28 19:01 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2007-12-09 20:11 . 2007-12-28 19:01 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-07 18:57 . 2007-12-07 18:58 <DIR> d-------- C:\vdownloader

2007-12-05 01:41 . 2007-12-05 01:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll

2007-11-30 22:41 . 2007-11-30 22:41 <DIR> d-------- C:\Arquivos de programas\LizardTech

2007-11-30 21:38 . 2007-12-10 16:26 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-11-25 23:06 . 2007-12-27 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-11-25 23:06 . 2007-12-15 01:26 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-11-16 14:28 . 2007-11-16 14:28 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-11-16 13:23 . 2007-12-09 19:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2007-11-16 12:36 . 2007-12-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2007-11-16 12:14 . 2007-12-27 22:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2007-11-16 12:14 . 2007-11-16 12:14 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-11-15 18:02 . 2007-10-20 18:45 211 --ahs---- C:\BOOT.BKK

2007-11-15 13:07 . 2007-11-15 13:07 <DIR> d-------- C:\Arquivos de programas\TGTSoft

2007-11-07 15:34 . 2007-11-07 15:34 51,736 --a------ C:\WINDOWS\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-30 00:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-12-29 23:41 --------- d-----w C:\Arquivos de programas\Soulseek

2007-12-28 14:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AntiSpyware

2007-12-28 01:19 --------- d-----w C:\Arquivos de programas\eMule

2007-12-23 01:27 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-22 20:40 36,480 ----a-w C:\WINDOWS\system32\drivers\P2k.sys

2007-12-22 13:35 --------- d-----w C:\Arquivos de programas\DOSBox-0.70

2007-12-20 21:30 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2007-12-19 22:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-12-19 22:02 --------- d-----w C:\Arquivos de programas\QuickTime Alternative

2007-12-15 04:27 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-12 02:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-12-10 21:52 --------- d-----w C:\Arquivos de programas\Winamp

2007-12-10 21:50 --------- d--h--w C:\Arquivos de programas\Scpad

2007-12-10 21:48 --------- d-----w C:\Arquivos de programas\Microsoft Virtual PC

2007-12-10 21:44 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-12-10 20:37 --------- d-----w C:\Arquivos de programas\WinImage

2007-12-09 21:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\pdf995

2007-12-09 21:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-05 05:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 04:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 04:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 04:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 04:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 04:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-05 04:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 04:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 04:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 04:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 04:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 04:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 04:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 04:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 04:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 04:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 04:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 04:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 04:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 04:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 04:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 04:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 04:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 04:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 04:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 04:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 04:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 04:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 04:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 04:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 04:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 04:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 12:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-21 01:44 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

2007-07-18 23:29 20,589,462 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_18_20_28_34_full.dmp.zip

2007-07-14 13:05 20,575,588 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_20_38_16_full.dmp.zip

2007-07-08 12:10 21,735,853 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_08_01_20_10_full.dmp.zip

2006-04-26 17:59 22,760 ----a-w C:\WINDOWS\inf\usb2vcom.sys

2005-07-07 02:58 42,210 ----a-w C:\WINDOWS\inf\USBPORT.SYS

2005-01-05 05:05 82,768 ----a-w C:\WINDOWS\inf\slabser.sys

2005-01-05 05:05 6,704 ----a-w C:\WINDOWS\inf\slabwh95.sys

2005-01-05 05:05 6,112 ----a-w C:\WINDOWS\inf\slabcmnt.sys

2005-01-05 05:05 51,040 ----a-w C:\WINDOWS\inf\slabbus.sys

2005-01-05 05:05 5,776 ----a-w C:\WINDOWS\inf\slabwhnt.sys

2005-01-05 05:05 4,016 ----a-w C:\WINDOWS\inf\slabcr.sys

2005-01-05 05:05 10,640 ----a-w C:\WINDOWS\inf\slabcm95.sys

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2003-12-01 02:54 43,136 ----a-w C:\WINDOWS\inf\ser2pl.sys

2003-10-27 09:42 34,332 ----a-w C:\WINDOWS\inf\SER9PL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBBBA3BE-54EC-4896-863D-750DEADBA3D2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"SMSystemAnalyzer"="C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2006-12-07 16:46]

"discador"="C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE" [2003-11-26 07:58]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 C:\WINDOWS\SOUNDMAN.EXE]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft Setup Initialization"="rundll32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2007-11-20 16:51 347464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxutq]

xxyxutq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-11-20 16:51 347464 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 00:47 31016 --a------ C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]

R2 Dnscache;Cliente DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService []

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 11:58]

S2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys []

S3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys []

S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 14:03]

S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 14:03]

S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 14:03]

S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys [2006-03-10 14:03]

S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 14:03]

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 suscom;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\suscom.sys [2002-04-16 10:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4214ca-33a1-11dc-9492-00192104bebe}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

.

Conte£do da pasta 'Tarefas Agendadas'

"2007-10-13 00:20:54 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"

- C:\Arquivos de programas\AntiSpywareApp\AntiSpyware.ex

- C:\Arquivos de programas\AntiSpywareApp

"2007-12-22 20:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 14:37:36

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwQuerySystemInformation

Procurando processos ocultos ...

C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe [1004] 0x861C7020

Procurando entradas auto inicializ veis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? ot??6~??????????????????|?????S???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2007-12-30 14:38:30 - machine was rebooted [Administrador]

.

2007-12-13 03:01:26 --- E O F ---

================================================

Log do Hijackthis

================================================

Logfile of HijackThis v1.99.1

Scan saved at 15:10:53, on 30/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [discador] C:\Arquivos de programas\Velox\Discador Velox\DISCADOR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191787137750

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: jkhhg - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: xxyxutq - xxyxutq.dll (file missing)

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Arquivos de programas\iolo\Common\Lib\ioloDMVSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ShowVundo e execute-o;

- Cole na sua resposta o log que estará em c:\vundo-bho.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do ShowVundo

=================================================

Relatório | BHOs, Winlogon Notify e AppInit_DLLs

=================================================

AppInit_DLLs

-------------------------------------------------

[Vazia]

-------------------------------------------------

Authentication Packages

-------------------------------------------------

[1] msv1_0

-------------------------------------------------

Security Providers

-------------------------------------------------

msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

-------------------------------------------------

Explorer Execute Hooks

-------------------------------------------------

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="shell32.dll"

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL"

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll"

-------------------------------------------------

Browser Helper Objects

-------------------------------------------------

[HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\]

Yahoo! Toolbar Helper | [indefinido]

C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

[HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\]

Facilitador de Leitor de Link Adobe PDF | [indefinido]

C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKLM\SOFTWARE\Classes\CLSID\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}\]

ssh2 Class | [indefinido]

C:\Arquivos de programas\Scpad\scpsssh2.dll

[HKLM\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\]

BitComet Helper | [indefinido]

C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

[HKLM\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\]

[indefinido] | [indefinido]

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

[HKLM\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\]

[indefinido] | [indefinido]

[indefinido]

[HKLM\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\]

Groove GFS Browser Helper | [indefinido]

C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\]

SSVHelper Class | [indefinido]

C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

[HKLM\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\]

Windows Live Sign-in Helper | [indefinido]

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\]

GbIehObj Class | G-Buster Browser Defense

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

[HKLM\SOFTWARE\Classes\CLSID\{EBBBA3BE-54EC-4896-863D-750DEADBA3D2}\]

[indefinido] | [indefinido]

[indefinido]

-------------------------------------------------

Winlogon Notify

-------------------------------------------------

[Padrão] crypt32chain : crypt32.dll

[Padrão] cryptnet : cryptnet.dll

[Padrão] cscdll : cscdll.dll

[Nova] iifedbb : cscdll.dll

[Nova] jkhhg : cscdll.dll

[Padrão] ScCertProp : wlnotify.dll

[Padrão] Schedule : wlnotify.dll

[Padrão] sclgntfy : sclgntfy.dll

[Padrão] SensLogn : WlNotify.dll

[Padrão] termsrv : wlnotify.dll

[Nova] WgaLogon : wlnotify.dll

[Padrão] wlballoon : wlnotify.dll

[Nova] xxyxutq : xxyxutq.dll

[Nova] __GbPluginBb : C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

Esta NÃO É uma lista de arquivos maliciosos!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O20 - Winlogon Notify: jkhhg - C:\WINDOWS\

O20 - Winlogon Notify: xxyxutq - xxyxutq.dll (file missing)

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- No mais, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado, José. Quanto à "Executar Limpeza", aparece um aviso dizendo que os arquivos do sistema serão apagados. Pode-se ignorar esse aviso?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nenhum arquivo do sistema será apagado. Apenas os arquivos temporários e desnecessários.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...