Ir ao conteúdo
  • Cadastre-se
thais-zinha

Orkut enviando msg sozinho... log HijackThis

Posts recomendados

Por favor me ajudem!

Gente meu orkut tá mandando uma mensagem pros meus amigos pedindo para que eles vejam um vídeo com um link relacionado!

Diz que o conteudo da msg foi removido... mas tá todo mundo reclamando!

:(

Segue o log

Beijos e Obrigada

:*

Thais

Logfile of HijackThis v1.99.1

Scan saved at 18:12, on 2008-01-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\ARQUIV~1\Magentic\bin\MgApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Magentic] C:\ARQUIV~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Velox.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C146F24-0FE3-49DC-B4F8-96622BD8E1DD}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 07-12-31.4 - User 2008-01-04 19:08:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.126 [GMT -2:00]

Executando de: C:\Documents and Settings\User\Meus documentos\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\ActivationManager.dll

C:\Arquivos de programas\ActivationManager\ActivationManager.dll.bak

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\User\Dados de aplicativos\inst.exe

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\QCNE35BK\iforex.com

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\QCNE35BK\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\BrowserSearch\BrowserSearch.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\BrowserSearch\BrowserSearch.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Configurator\Configurator.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Configurator\Configurator.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\EbayKeyword\EbayKeywordOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\EbaySearch\EbaySearchOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\EbaySearch\EbaySearchOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ErrorSearch\ErrorSearchOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Games\GamesOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Games\GamesOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Games\images\active\Games0.bmp

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\HoroscopesMarketingSitePager\images\active\HoroscopesMarketingSitePager0.bmp

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Layouts\ToolbarLayout.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Layouts\ToolbarLayout.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Manager\ManagerOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Manager\ManagerOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Movies\images\active\Movies0.bmp

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Movies\MoviesOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Movies\MoviesOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Reference\ReferenceOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Reference\ReferenceOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\RelatedSearch\RelatedSearchOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Toolbar\TBProductsOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Toolbar\TBProductsOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ToolbarLogo\ToolbarLogoOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ToolbarSearch\ToolbarSearchOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\TravelSearch\TravelSearchOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\TravelSearch\TravelSearchOptions.xml.backup

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Weather\AlertArchive.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Weather\WeatherOptions.xml

C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\Starware349\Weather\WeatherOptions.xml.backup

C:\WINDOWS\system32\_000111_.tmp.dll

C:\WINDOWS\system32\_000115_.tmp.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_NPF

-------\NPF

((((((((((((((((((((((( Ficheiros criados de 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))

.

2008-01-02 15:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-20 18:11 . 2007-12-20 18:11 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-12-11 23:48 . 2007-12-11 23:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-12-11 23:48 . 2007-01-04 15:38 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys

2007-12-11 23:47 . 2007-12-11 23:50 <DIR> d-------- C:\Arquivos de programas\Philips

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 21:05 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\MegauploadToolbar

2008-01-04 20:58 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-01-04 19:08 --------- d-----w C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-01-04 04:01 --------- d-----w C:\Arquivos de programas\Winamp

2007-12-29 12:29 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\LimeWire

2007-12-25 14:19 --------- d-----w C:\Arquivos de programas\eMule

2007-12-24 00:52 --------- d-----w C:\Documents and Settings\Vá e Ceu\Dados de aplicativos\LimeWire

2007-12-20 20:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-12-20 20:05 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-12 01:47 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-12-01 05:01 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-21 22:09 12,288 ----a-w C:\WINDOWS\impborl.dll

2007-10-20 08:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-06-11 20:01 47,360 ----a-w C:\Documents and Settings\User\Dados de aplicativos\pcouffin.sys

2007-01-23 00:18 92,064 ----a-w C:\Documents and Settings\User\mqdmmdm.sys

2007-01-23 00:18 9,232 ----a-w C:\Documents and Settings\User\mqdmmdfl.sys

2007-01-23 00:18 79,328 ----a-w C:\Documents and Settings\User\mqdmserd.sys

2007-01-23 00:18 66,656 ----a-w C:\Documents and Settings\User\mqdmbus.sys

2007-01-23 00:18 6,208 ----a-w C:\Documents and Settings\User\mqdmcmnt.sys

2007-01-23 00:18 5,936 ----a-w C:\Documents and Settings\User\mqdmwhnt.sys

2007-01-23 00:18 4,048 ----a-w C:\Documents and Settings\User\mqdmcr.sys

2007-01-23 00:18 25,600 ----a-w C:\Documents and Settings\User\usbsermptxp.sys

2007-01-23 00:18 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"IncrediMail"="C:\Arquivos de programas\IncrediMail\bin\IncMail.exe" [2007-07-19 09:18 208946]

"Magentic"="C:\ARQUIV~1\Magentic\bin\Magentic.exe" [2007-07-10 11:34 475180]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-12 01:44 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"VTTimer"="VTTimer.exe" [2005-03-07 17:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-12 23:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 05:00 81920 C:\WINDOWS\SOUNDMAN.EXE]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"NWEReboot"="" []

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"SMSERIAL"="sm56hlpr.exe" [2004-12-28 20:01 544768 C:\WINDOWS\sm56hlpr.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52 1368064]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40 794624]

"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 12:56 61440]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-06-15 21:15 366400]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-10-11 21:45 180269]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2006-06-22 12:49:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAddPrinter"= 0 (0x0)

"NoDeletePrinter"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2006-11-09 15:33 226344]

R2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [1997-04-09 16:13]

R3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys [2005-10-27 14:34]

S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS [1997-04-09 16:56]

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2006-11-09 15:37]

S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 15:31]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 12:49]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 12:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 12:50]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-04 20:24:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-04 19:11:22

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-04 19:13:44

C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 21:13:40

.

2007-12-21 16:01:01 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 19:43:13, on 4/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\WgaTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\VM303_STI.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\ARQUIV~1\INCRED~1\bin\IMApp.exe

C:\ARQUIV~1\Magentic\bin\MgApp.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Magentic] C:\ARQUIV~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Velox.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C146F24-0FE3-49DC-B4F8-96622BD8E1DD}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada Jose Melo

Um beijão

:*

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...