Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Leo_MM

Log!

Posts recomendados

Pessoal,

estou com esse problema aí que o pessoal está tendo com o gerenciador de tarefas, mas no meu caso não consigo mais nem abrir o gpedit.msc. Pediram então para eu postar o logo do Hijackthis, então se alguém poder dar uma olhada, já agradeço!

Logfile of HijackThis v1.99.1

Scan saved at 7:59:28 PM, on 12/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\Win2x.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\Win2x.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Leo\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Win2x] C:\WINDOWS\system32\Win2x.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7404D63-0388-48DF-9D41-89786019420F}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - ACTIV Software Ltd - C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Win2x - Unknown owner - C:\WINDOWS\system32\save.exe

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

José,

esse aqui foi o resultado:

Antivírus Versão Última Atualização Resultado

AhnLab-V3 - - Win-Trojan/Xema.variant

AntiVir - - TR/Crypt.CFI.Gen

Authentium - - -

Avast - - Win32:Agent-IRZ

AVG - - -

BitDefender - - -

CAT-QuickHeal - - Backdoor.Agent.alo

ClamAV - - -

DrWeb - - Trojan.Romeo

eSafe - - -

eTrust-Vet - - Win32/Moriogu.A

Ewido - - Worm.VB.nju

FileAdvisor - - -

Fortinet - - -

F-Prot - - -

F-Secure - - Backdoor.Win32.Agent.alo

Ikarus - - Worm.Win32.VB.cj

Kaspersky - - Backdoor.Win32.Agent.alo

McAfee - - Montague

Microsoft - - Worm:Win32/Moriogu.A

NOD32v2 - - Win32/VB.NJU

Norman - - -

Panda - - Trj/Romeo.A

Prevx1 - - -

Rising - - Backdoor.Agent.ijf

Sophos - - Mal/Behav-043

Sunbelt - - -

Symantec - - Trojan Horse

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - Trojan.Crypt.CFI.Gen

Informações adicionais

MD5: 2de4a34c99aed40d33bd0ce86f1e290d

Deu pra perceber que esse arquivo tá infectado mesmo... o que devo fazer agora?

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\WINDOWS\system32\Win2x.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O4 - HKLM\..\Run: [Win2x] C:\WINDOWS\system32\Win2x.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose,

desculpa aí estar te aperriando em pleno dia de ano novo, mas ai vai o novo log do Hijack

Logfile of HijackThis v1.99.1

Scan saved at 8:08:03 PM, on 12/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Leo\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7404D63-0388-48DF-9D41-89786019420F}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - ACTIV Software Ltd - C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Win2x - Unknown owner - C:\WINDOWS\system32\save.exe (file missing)

Aproveito pra desejar feliz ano novo!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\Documents and Settings\Leo\Desktop e C:\!Killbox;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose,

fiz tudo que você colocou ai, mas ainda estou com uns "probleminhas"

O gerenciador de tarefas ainda continua sem abrir;

As pastas que estavam no meu computador estão todas ocultas, quando eu coloco o caminho delas no Iniciar/Executar elas aparecem, mas não aparecem quando eu abro o Meu Computador. Eu procurei na internet como fazer para exibir arquivos ocultos (Ferramentas/Opções da pasta/Modo de exibição) mas no meu caso quando eu clico em ferramentas só aparecem 3 opções (mapear unidade de rede/desconectar unidade de rede/sincronizar).

Aguardo sua resposta e mais uma vez obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose,

fiz o que você pediu, mas acho que o log está quase o mesmo.

E dessa vez consegui mostrar os arquivos ocultos que estavam no meu C:, mas as pastas que existiam antes continuam sem aparecer, a não ser que eu coloque o caminho no executar =/

Logfile of HijackThis v1.99.1

Scan saved at 11:52:10 PM, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Leo\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7404D63-0388-48DF-9D41-89786019420F}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - ACTIV Software Ltd - C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Win2x - Unknown owner - C:\WINDOWS\system32\save.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ops!

Aqui vai o log do Combofix Jose!

Estranhamente, o gerenciador de tarefas voltou a funcionar, e ao que me parece o computador voltou à normalidade. O único problema são as pastas que estão ocultas, e muitas eu não lembro o nome correto e estou sem conseguir acessar =/

Quando eu coloco o comando pelo executar, o windows me diz que a pasta está em modo oculto, mas como ja lhe disse, quando coloco para exibir pastas ocultas, nenhuma aparece.

Abraços!

ComboFix 07-12-31.4 - Leo 2008-01-01 23:31:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.162 [GMT -2:00]

Executando de: C:\Documents and Settings\Leo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))

.

2008-01-01 23:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 18:14 . 2008-01-01 18:14 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-01-01 17:50 . 2008-01-01 17:50 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-01-01 17:41 . 2008-01-01 17:41 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-12-31 17:34 . 2007-12-31 17:34 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-12-31 17:34 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-12-31 17:34 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-12-31 17:34 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-31 17:34 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-31 17:34 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-31 17:34 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-31 17:34 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-30 20:02 . 2007-12-30 20:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-30 20:02 . 2007-12-30 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-12-30 16:15 . 2007-12-31 17:04 0 --a------ C:\WINDOWS\system32\dll.sys

2007-12-30 16:11 . 2007-12-30 16:11 4 --a------ C:\WINDOWS\system32\Wink.dll

2007-12-29 13:50 . 2007-12-30 15:10 0 --a------ C:\WINDOWS\system32\emm.sys

2007-12-27 19:47 . 2007-12-27 19:47 <DIR> d-------- C:\Documents and Settings\Leo\Dados de aplicativos\Apple Computer

2007-12-26 20:28 . 2007-12-26 20:28 101 --a------ C:\WINDOWS\chessm.sav

2007-12-26 19:56 . 2007-12-26 19:56 <DIR> d-------- C:\Arquivos de programas\RkSoft

2007-12-21 18:49 . 2007-12-21 18:51 <DIR> drahs---- C:\nds1

2007-12-16 02:37 . 2007-12-27 19:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-16 02:37 . 2007-12-16 02:37 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-12 21:09 . 2007-12-13 18:39 <DIR> drahs---- C:\downtube

2007-12-07 22:09 . 2007-12-07 20:10 785,756 --a------ C:\WB32.jpg

2007-12-07 22:07 . 2007-12-07 20:08 762,392 --a------ C:\WB31.jpg

2007-12-06 14:09 . 2007-12-30 19:55 8,704 --ahs---- C:\Thumbs.db

2007-12-05 22:27 . 2007-12-05 22:27 11,104,408 --a------ C:\Bela.rar

2007-12-05 22:26 . 2007-12-06 14:09 <DIR> drahs---- C:\Mae Barbie

2007-12-03 08:06 . 2007-12-03 08:06 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-12-03 08:06 . 2007-12-03 08:07 <DIR> d-------- C:\Arquivos de programas\Monkey's Audio

2007-12-02 18:53 . 2007-12-05 22:26 <DIR> drahs---- C:\Bela

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-01 22:32 --------- d-----w C:\Documents and Settings\Rico\Dados de aplicativos\AVG7

2008-01-01 19:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-01-01 17:11 --------- d-----w C:\Documents and Settings\Cacilda\Dados de aplicativos\AVG7

2008-01-01 14:08 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-01 14:06 --------- d-----w C:\Documents and Settings\Claudio\Dados de aplicativos\AVG7

2007-12-31 21:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-31 05:44 --------- d-----w C:\Documents and Settings\Leo\Dados de aplicativos\AVG7

2007-12-25 20:14 --------- d-----w C:\Arquivos de programas\PokerStars

2007-12-13 20:50 --------- d-----w C:\Arquivos de programas\eMule

2007-12-10 03:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-11-30 20:07 --------- d-----w C:\Arquivos de programas\Easy Video Joiner

2007-11-17 23:10 --------- d-----w C:\Documents and Settings\Cacilda\Dados de aplicativos\Skype

2007-11-14 20:28 12,323,045 ------w C:\avg7qt.dat

2007-11-13 18:36 --------- d-----w C:\Arquivos de programas\Nokia

2007-11-13 18:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2007-11-13 18:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2007-11-13 18:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-08 16:24 --------- d-----w C:\Documents and Settings\Leo\Dados de aplicativos\DivX

2007-10-31 16:39 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-31 16:39 249,856 ------w C:\WINDOWS\Setup1.exe

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-20 08:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 13:36 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 00:10 579072]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-09-03 20:35 185632]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 10:41 282624]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-22 20:11 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 19:02 341928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivDRVAutostart]

C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-05-16 10:27 153136 --a------ C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 08:50 155648 --a------ C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 16:57 153136 --a------ C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2007-08-06 22:05 200704 --a------ C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 05:00 132496 --a------ C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-18 19:18 68856 --a------ C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

R0 ACTIVdrv;ACTIV Device pen drive;C:\WINDOWS\system32\drivers\ACTIVdrv.sys [2006-02-21 15:04]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 01:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 01:39]

R2 ActivDRVcontrol;ACTIVdriver Control;"C:\Arquivos de programas\ACTIV Software\ACTIVdriver\ActivDRVservice.exe" [2005-11-24 19:14]

R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2007-08-26 23:59]

R3 CCCP106;D-Link CIF Webcam;C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S2 Win2x;Win2x;C:\WINDOWS\system32\save.exe []

S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;C:\WINDOWS\system32\Drivers\ActivDRV_USB.sys [2006-02-21 15:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8be927c-30d3-11dc-9aee-0019217c3f6e}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-12-23 17:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-01 23:38:37

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-01 23:41:36

.

2007-12-22 04:16:53 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose,

desculpe a demora para responder, mas estava viajando. Passei o scan no site que você disse e durante o processo observei que ele escaneou as pastas que estão ocultas agora no meu computador. Aqui vai o relatório:

KASPERSKY ONLINE SCANNER REPORT

Friday, January 18, 2008 1:07:45 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 18/01/2008

Kaspersky Anti-Virus database records: 519236

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

Scan Statistics

Total number of scanned objects 151139

Number of viruses found 5

Number of infected objects 8

Number of suspicious objects 1

Duration of the scan process 01:42:43

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.gdt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.mnn Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\bank.gbl.14.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\bank.gbl.38.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\bank.gbl.40.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.12.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.14.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.17.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.19.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.2.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.22.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.24.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.25.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.27.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.29.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.31.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.32.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.33.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.35.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.38.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.39.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.5.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.50.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.52.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.6.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.64.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.71.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.8.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.83.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh.gbl.9.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.104.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.11.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.13.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.18.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.20.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.26.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.32.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.33.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.37.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.39.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.4.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.41.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.43.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.48.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.51.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.54.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.57.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.60.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.61.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.63.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.66.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.67.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.69.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.73.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.74.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.79.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.8.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.82.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.86.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.9.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.90.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.91.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.93.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Abn\gbieh2.gbl.96.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\Bb.gdt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\Bb.mnn Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\bin.stu Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh.gbl.47.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh.gbl.56.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh.gbl.88.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.101.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.103.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.104.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.105.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.107.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.11.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.13.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.14.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.15.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.17.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.18.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.23.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.28.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.33.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.36.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.37.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.39.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.4.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.41.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.42.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.43.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.45.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.48.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.50.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.54.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.57.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.63.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.67.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.69.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.73.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.74.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.8.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.84.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.86.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.89.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.90.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.91.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.93.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.96.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.98.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh2.gbl.99.upd.AD53E7B0 Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Histórico\History.IE5\MSHist012008011820080119\index.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Leo\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Leo\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Leo\Meus documentos\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\aliases.zip/radlight35.exe/data0013/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\aliases.zip/radlight35.exe/data0013/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\aliases.zip/radlight35.exe/data0013 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\aliases.zip/radlight35.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\aliases.zip ZIP: infected - 4 skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\mirc.zip/MoneyVf2/money.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped

C:\Documents and Settings\Leo\Meus documentos\The\The\Money6\mirc.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Leo\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Leo\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Leo\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{07891E71-0422-40D7-9D09-6CBD3BEAC74C}\RP16\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\gbieh.gmd Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{785CBE4F-E766-4C80-8320-ECE3D9F0E734}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os problemas encontrados são o adware WhenU e acompanham os programas Daemon Tools e The Money. Para excluir o adware terá que desinstalar os programas.

No mais, o log está limpo :)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...