Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
NatanaelMestre

Problemas d+ (NADADEVIRUS, PROTEJASEUDRIVE, ETC) Me ajudem

Recommended Posts

Estou com Problemas com nadadevirus, protejaseudrive e mais um monte de coisas que fazem o pc ficar Horrivel.

Executei o Combofix e rstou colocando o log para que alguem me possa ajudar, pois já fiz de tudo, o pc melhora e depois fica ruim, vários itens no menu iniciar, mas não consigo tirar do MSCONFIG, se possível me Ajudem.

-----------------------------------------------------------------------

Aqui está o Log do COMBOFIX

-----------------------------------------------------------------------

ComboFix 08-03-22.3 - Josué 2008-03-23 13:32:37.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.155 [GMT -3:00]

Executando de: D:\Meus documentos\Natanael\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMb7a45181.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\byxvtqo.dll

C:\WINDOWS\system32\byxvtrs.dll

C:\WINDOWS\system32\cbxwvtq.dll

C:\WINDOWS\system32\cenevofb.dll

C:\WINDOWS\system32\cvhckylc.dll

C:\WINDOWS\system32\ddcaywx.dll

C:\WINDOWS\system32\ddcbbby.dll

C:\WINDOWS\system32\ddcywut.dll

C:\WINDOWS\system32\edhwyedu.ini

C:\WINDOWS\system32\efcccaa.dll

C:\WINDOWS\system32\fccddcb.dll

C:\WINDOWS\system32\fjebtcou.dll

C:\WINDOWS\system32\gebxwxx.dll

C:\WINDOWS\system32\iiffggd.dll

C:\WINDOWS\system32\irsbddxu.ini

C:\WINDOWS\system32\jkkjjkk.dll

C:\WINDOWS\system32\ljjgebx.dll

C:\WINDOWS\system32\ljjgfdd.dll

C:\WINDOWS\system32\ljjijkh.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mljggdd.dll

C:\WINDOWS\system32\mljhifd.dll

C:\WINDOWS\system32\mlmoq.ini

C:\WINDOWS\system32\mlmoq.ini2

C:\WINDOWS\system32\mrvxtijv.ini

C:\WINDOWS\system32\nnnmnnl.dll

C:\WINDOWS\system32\nnnoonk.dll

C:\WINDOWS\system32\ooianhpx.dll

C:\WINDOWS\system32\pmnklll.dll

C:\WINDOWS\system32\pmnlige.dll

C:\WINDOWS\system32\qomjkjk.dll

C:\WINDOWS\system32\qomlm.dll

C:\WINDOWS\system32\rqrpolj.dll

C:\WINDOWS\system32\rqrqnmk.dll

C:\WINDOWS\system32\rqrqppp.dll

C:\WINDOWS\system32\rqrqqqn.dll

C:\WINDOWS\system32\tuvwutr.dll

C:\WINDOWS\system32\udeywhde.dll

C:\WINDOWS\system32\urqnkjh.dll

C:\WINDOWS\system32\urqnoml.dll

C:\WINDOWS\system32\urqrssq.dll

C:\WINDOWS\system32\uxddbsri.dll

C:\WINDOWS\system32\vjitxvrm.dll

C:\WINDOWS\system32\vsnpauic.dll

C:\WINDOWS\system32\vtuuuur.dll

C:\WINDOWS\system32\wvurspp.dll

C:\WINDOWS\system32\wvuurpq.dll

C:\WINDOWS\system32\xxyvvuu.dll

C:\WINDOWS\system32\xxywtqo.dll

C:\WINDOWS\system32\yayywur.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))

.

2008-03-23 09:11 . 2008-03-23 09:11 3,997 --a------ C:\WINDOWS\system32\dqogqskj.dll

2008-03-23 09:10 . 2008-03-23 09:10 4,001 --a------ C:\WINDOWS\system32\ykjkguyu.dll

2008-03-23 07:39 . 2008-03-23 07:39 4,011 --a------ C:\WINDOWS\system32\ihtqwvqs.dll

2008-03-23 07:36 . 2008-03-23 07:36 4,001 --a------ C:\WINDOWS\system32\gwxxyapi.dll

2008-03-22 21:51 . 2008-03-22 21:51 115,224 --a--c--- C:\img2-001.raw

2008-03-22 18:53 . 2008-03-22 18:53 4,011 --a------ C:\WINDOWS\system32\ubsgtuka.dll

2008-03-22 18:50 . 2008-03-22 18:50 4,001 --a------ C:\WINDOWS\system32\rwflpvoq.dll

2008-03-22 18:50 . 2008-03-22 18:50 3,997 --a------ C:\WINDOWS\system32\riefisyw.dll

2008-03-22 15:22 . 2008-03-22 15:22 4,011 --a------ C:\WINDOWS\system32\rhasdlil.dll

2008-03-22 15:21 . 2008-03-22 15:21 4,001 --a------ C:\WINDOWS\system32\iqvutfkn.dll

2008-03-22 07:33 . 2008-03-22 07:33 4,001 --a------ C:\WINDOWS\system32\dciksfcn.dll

2008-03-22 07:33 . 2008-03-22 07:33 3,997 --a------ C:\WINDOWS\system32\cmggewjw.dll

2008-03-21 16:05 . 2008-03-22 07:31 1,543,219 ---hs---- C:\WINDOWS\system32\keteltss.ini

2008-03-21 15:58 . 2008-03-21 15:58 4,001 --a------ C:\WINDOWS\system32\hifbjtjp.dll

2008-03-21 15:58 . 2008-03-21 15:58 3,997 --a------ C:\WINDOWS\system32\xpbxxnbr.dll

2008-03-20 17:43 . 2008-03-20 17:43 3,997 --a------ C:\WINDOWS\system32\iliaynvd.dll

2008-03-20 17:42 . 2008-03-20 17:42 4,011 --a------ C:\WINDOWS\system32\owjnvbti.dll

2008-03-20 17:36 . 2008-03-20 17:36 4,001 --a------ C:\WINDOWS\system32\yxvbvref.dll

2008-03-20 14:58 . 2008-03-20 14:58 4,011 --a------ C:\WINDOWS\system32\yjklgmmt.dll

2008-03-20 14:58 . 2008-03-20 14:58 4,001 --a------ C:\WINDOWS\system32\askcsmjs.dll

2008-03-20 10:45 . 2008-03-20 10:45 3,997 --a------ C:\WINDOWS\system32\kucxjtwr.dll

2008-03-20 10:44 . 2008-03-20 10:44 4,001 --a------ C:\WINDOWS\system32\kqgemfjc.dll

2008-03-19 17:27 . 2008-03-19 17:27 4,011 --a------ C:\WINDOWS\system32\qgqurohl.dll

2008-03-19 17:26 . 2008-03-19 17:26 4,001 --a------ C:\WINDOWS\system32\fpugxhtm.dll

2008-03-19 17:26 . 2008-03-19 17:26 3,997 --a------ C:\WINDOWS\system32\wqaensnq.dll

2008-03-19 10:49 . 2008-03-19 10:49 4,011 --a------ C:\WINDOWS\system32\xchwrrmi.dll

2008-03-19 10:49 . 2008-03-19 10:49 4,001 --a------ C:\WINDOWS\system32\ahvnbbey.dll

2008-03-19 10:49 . 2008-03-19 10:49 3,997 --a------ C:\WINDOWS\system32\brdmsjqp.dll

2008-03-18 18:29 . 2008-03-20 10:42 1,544,553 ---hs---- C:\WINDOWS\system32\futlispf.ini

2008-03-18 18:23 . <DIR> C:\Documents and Settings\JosuÚ\Configurações locais

2008-03-18 18:23 . <DIR> C:\Documents and Settings\JosuÚ\Configurações locais

2008-03-18 17:52 . 2008-03-18 17:52 4,001 --a------ C:\WINDOWS\system32\xpgnktmf.dll

2008-03-18 17:52 . 2008-03-18 17:52 3,997 --a------ C:\WINDOWS\system32\pftjrijx.dll

2008-03-17 16:19 . 2008-03-17 16:19 4,011 --a------ C:\WINDOWS\system32\tdeiptnc.dll

2008-03-17 16:19 . 2008-03-17 16:19 4,001 --a------ C:\WINDOWS\system32\sigiplfq.dll

2008-03-17 16:19 . 2008-03-17 16:19 3,997 --a------ C:\WINDOWS\system32\ybqtiusi.dll

2008-03-17 10:57 . 2008-03-17 10:57 3,997 --a------ C:\WINDOWS\system32\tfajtsdg.dll

2008-03-17 10:54 . 2008-03-17 10:54 4,011 --a------ C:\WINDOWS\system32\wduwclde.dll

2008-03-17 10:54 . 2008-03-17 10:54 4,001 --a------ C:\WINDOWS\system32\fpiwoodh.dll

2008-03-16 20:01 . 2008-03-16 20:01 39,936 --a------ C:\WINDOWS\system32\skeysw.exe

2008-03-16 09:47 . 2006-09-23 12:13 65,728 --------- C:\WINDOWS\system32\IE7Eula.rtf

2008-03-16 09:46 . 2008-03-16 09:46 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%

2008-03-16 09:43 . 2007-07-01 00:36 1,024,000 --a------ C:\WINDOWS\system32\ieframe.dll.mui

2008-03-16 09:42 . 2006-11-21 19:39 11,776 --------- C:\WINDOWS\system32\advpack.dll.mui

2008-03-15 12:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-03-15 12:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-03-15 12:44 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-03-15 12:44 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-03-15 12:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-03-15 12:44 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-03-15 12:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-03-15 11:05 . 2008-03-15 11:05 3,997 --a------ C:\WINDOWS\system32\fiwcwbxw.dll

2008-03-15 11:02 . 2008-03-15 11:02 4,011 --a------ C:\WINDOWS\system32\prummcua.dll

2008-03-15 10:59 . 2008-03-15 10:59 4,001 --a------ C:\WINDOWS\system32\bepekdlq.dll

2008-03-15 09:07 . 2008-03-15 09:07 3,997 --a------ C:\WINDOWS\system32\epdfloku.dll

2008-03-15 09:06 . 2008-03-15 09:06 4,001 --a------ C:\WINDOWS\system32\nqvnqdmy.dll

2008-03-14 18:51 . 2008-03-15 12:53 1,346 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-14 17:21 . 2008-03-14 17:21 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2008-03-14 17:21 . 2008-03-14 17:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-14 17:21 . 2008-03-14 17:22 2,162 --a------ C:\WINDOWS\system32\tmmute.ini

2008-03-14 11:00 . 2008-03-14 11:00 4,011 --a------ C:\WINDOWS\system32\vyuhpvss.dll

2008-03-14 11:00 . 2008-03-14 11:00 4,001 --a------ C:\WINDOWS\system32\ieyiwnff.dll

2008-03-13 17:46 . 2008-03-13 17:46 4,001 --a------ C:\WINDOWS\system32\twogygku.dll

2008-03-13 17:46 . 2008-03-13 17:46 3,997 --a------ C:\WINDOWS\system32\buoamrqd.dll

2008-03-13 17:45 . 2008-03-13 17:45 4,001 --a------ C:\WINDOWS\system32\cvnrdvfk.dll

2008-03-12 18:53 . 2008-03-12 18:53 127 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-12 14:42 . 2008-03-12 14:42 11 --a--c--- C:\AuResult.ini

2008-03-12 12:20 . 2008-03-12 12:37 <DIR> d----c--- C:\Arquivos de programas\4DiskcleanG

2008-03-12 12:18 . 2008-03-12 12:19 <DIR> d----c--- C:\Arquivos de programas\CCleaner

2008-03-12 09:38 . 2008-03-12 09:38 4,011 --a------ C:\WINDOWS\system32\llkvfwhe.dll

2008-03-12 09:35 . 2008-03-12 09:35 3,997 --a------ C:\WINDOWS\system32\maofqrfw.dll

2008-03-12 09:34 . 2008-03-12 09:34 4,001 --a------ C:\WINDOWS\system32\snjafupc.dll

2008-03-11 10:41 . 2008-03-11 10:41 4,011 --a------ C:\WINDOWS\system32\sfeuxmvn.dll

2008-03-11 10:40 . 2008-03-11 10:40 4,001 --a------ C:\WINDOWS\system32\fsiateju.dll

2008-03-11 10:40 . 2008-03-11 10:40 3,997 --a------ C:\WINDOWS\system32\jqunecmy.dll

2008-03-10 16:50 . 2008-03-10 16:50 4,011 --a------ C:\WINDOWS\system32\yblyiwcb.dll

2008-03-10 16:50 . 2008-03-10 16:50 4,001 --a------ C:\WINDOWS\system32\ugcdhhuh.dll

2008-03-10 09:12 . 2008-03-10 09:12 4,011 --a------ C:\WINDOWS\system32\ttuiisyg.dll

2008-03-10 09:12 . 2008-03-10 09:12 4,001 --a------ C:\WINDOWS\system32\shbnnnap.dll

2008-03-09 15:17 . 2008-03-09 15:17 4,011 --a------ C:\WINDOWS\system32\xkngirqq.dll

2008-03-09 15:17 . 2008-03-09 15:17 4,001 --a------ C:\WINDOWS\system32\bxdymqdq.dll

2008-03-08 18:04 . 2008-03-18 18:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-03-08 18:04 . 2008-03-18 18:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-03-08 18:04 . 2008-03-18 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-03-08 18:04 . 2008-03-18 18:23 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-03-08 17:52 . 2008-03-08 17:52 309,574 --a------ C:\catchme2008-03-10_ 93144,74.zip

2008-03-08 15:39 . 2008-03-08 15:39 3,975 --a------ C:\WINDOWS\system32\kjbtfsgu.dll

2008-03-08 13:52 . 2008-03-08 13:52 3,997 --a------ C:\WINDOWS\system32\mkevacoy.dll

2008-03-08 13:52 . 2008-03-08 13:52 3,975 --a------ C:\WINDOWS\system32\sknykfie.dll

2008-03-08 13:51 . 2008-03-08 13:51 4,011 --a------ C:\WINDOWS\system32\hnhlygwy.dll

2008-03-08 13:47 . 2008-03-08 13:47 3,997 --a------ C:\WINDOWS\system32\ljlpinjb.dll

2008-03-08 13:44 . 2008-03-08 13:44 3,975 --a------ C:\WINDOWS\system32\leochceg.dll

2008-03-07 17:00 . 2008-03-07 17:00 3,975 --a------ C:\WINDOWS\system32\ndtgoemk.dll

2008-03-07 11:56 . 2008-03-07 11:56 4,011 --a------ C:\WINDOWS\system32\qbrlfqqy.dll

2008-03-07 11:56 . 2008-03-07 11:56 3,975 --a------ C:\WINDOWS\system32\dmklxfbv.dll

2008-03-07 11:44 . 2008-03-16 10:13 <DIR> d----c--- C:\Arquivos de programas\Safer Networking

2008-03-07 10:47 . 2008-03-07 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-07 10:47 . 2008-03-07 11:52 <DIR> d----c--- C:\Arquivos de programas\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 16:38 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-20 21:52 --------- dc----w C:\Arquivos de programas\GbPlugin

2008-03-20 21:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-18 20:52 --------- dc----w C:\Arquivos de programas\Spyware Terminator

2008-03-18 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-03-12 15:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-03 21:21 --------- dc----w C:\Arquivos de programas\Winks Installer

2008-03-03 14:01 --------- dc-h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-29 14:25 --------- dc----w C:\Arquivos de programas\eMule

2008-02-28 20:38 --------- dc----w C:\Arquivos de programas\MSN Messenger

2008-02-19 21:45 --------- dc----w C:\Arquivos de programas\LimeWire

2008-02-17 20:45 --------- dc----w C:\Arquivos de programas\Shareaza

2008-02-09 20:22 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-09 20:20 --------- dc----w C:\Arquivos de programas\Nero

2008-02-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-02-08 20:55 --------- dc----w C:\Arquivos de programas\FastDictionary 2007

2008-02-07 23:27 --------- dc----w C:\Arquivos de programas\Download Yuotube

2008-02-07 20:23 --------- dc----w C:\Arquivos de programas\YouTubeSpider

2008-02-05 00:22 --------- dc----w C:\Arquivos de programas\Neoretix

2008-01-28 21:04 --------- dc----w C:\Arquivos de programas\Cequal Software

2007-12-25 05:06 155,995 ----a-w C:\WINDOWS\java\Packages\IG23XNZ9.ZIP

2007-12-24 22:45 3,532 -c--a-w C:\drmHeader.bin

2006-01-05 20:27 31,370 -c----r C:\Arquivos de programas\DVD SHRINK 3.2.EXE-15C7A414.pf

2004-07-26 05:16 598,086 -c----r C:\Arquivos de programas\DVD Shrink 3.2.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-24 19:10 185632]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-03 23:45 159744]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2007-12-24 18:01:33 770048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"= WinSpooler.exe

"WinUpdating"= WinUpdating.exe

"Windows Security Tool"= WinSecure.exe

"skeysw"= skeysw.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 14:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 14:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwvtq]

cbxwvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrppn]

urqrppn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Josué^Menu Iniciar^Programas^Inicializar^Trend Micro Anti-Spyware.lnk]

path=C:\Documents and Settings\Josué\Menu Iniciar\Programas\Inicializar\Trend Micro Anti-Spyware.lnk

backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b497621d]

C:\WINDOWS\system32\uxddbsri.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb7a45181]

C:\WINDOWS\system32\cvhckylc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahsc--- 2008-01-28 11:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a--c--- 2007-12-24 19:19 2834432 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a--c--- 2007-12-24 19:10 185632 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Download Express\\dep.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"D:\\Meus documentos\\Natanael\\aaa\\Mercury\\Mercury.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-24 19:20]

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 15:23]

R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 07:14]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-09-12 15:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d810cd0-c84d-11dc-82a4-000e2eab00b6}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 13:39:05

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinSecure.exe

C:\WINDOWS\system32\WinSpooler.exe

C:\WINDOWS\system32\WinSecure.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

.

**************************************************************************

.

Completion time: 2008-03-23 13:41:31 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-23 16:41:27

ComboFix2.txt 2008-03-18 21:23:27

.

2008-03-23 11:44:13 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do VundoFix

http://linhadefensiva.uol.com.br/dl/vundofix

Salve-o em sua área de trabalho.

  1. Rode o VundoFix.exe.
  2. Quando o VundoFix abrir novamente, clique em Scan for Vundo
  3. Quando ele terminar, clique em Remove Vundo
  4. Você receberá um prompt perguntando se você quer remover os arquivos. Confirme. Sua área de trabalho vai sumir.
  5. Você receberá um aviso dizendo que seu computador deve ser desligado. Clique em OK e depois ligue o computador novamente.
  6. É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.
    Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

Quando o VundoFix não encontrar mais nenhum arquivo que não consegue remover, cole o arquivo vundofix.txt na sua resposta.

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Executei o VundiFix 2 Vezes e não encontro nada!!

Aqui vai o Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:35, on 25/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe

O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe

O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Baixe usando Download &Express - C:\Arquivos de programas\Download Express\Add_Url.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198535818449

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198537447732

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: cbxwvtq - cbxwvtq.dll (file missing)

O20 - Winlogon Notify: urqrppn - urqrppn.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--

End of file - 6463 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-22.3 - Josué 2008-03-28 17:18:34.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.220 [GMT -3:00]

Executando de: C:\Documents and Settings\Josué\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))

.

2008-03-23 19:29 . 2008-03-23 19:29 <DIR> d----c--- C:\VundoFix Backups

2008-03-23 19:00 . 2008-03-23 19:22 <DIR> d----c--- C:\Arquivos de programas\Digital TV 2050

2008-03-23 09:11 . 2008-03-23 09:11 3,997 --a------ C:\WINDOWS\system32\dqogqskj.dll

2008-03-23 09:10 . 2008-03-23 09:10 4,001 --a------ C:\WINDOWS\system32\ykjkguyu.dll

2008-03-23 07:39 . 2008-03-23 07:39 4,011 --a------ C:\WINDOWS\system32\ihtqwvqs.dll

2008-03-23 07:36 . 2008-03-23 07:36 4,001 --a------ C:\WINDOWS\system32\gwxxyapi.dll

2008-03-22 21:51 . 2008-03-26 19:35 230,424 --a--c--- C:\img2-001.raw

2008-03-22 18:53 . 2008-03-22 18:53 4,011 --a------ C:\WINDOWS\system32\ubsgtuka.dll

2008-03-22 18:50 . 2008-03-22 18:50 4,001 --a------ C:\WINDOWS\system32\rwflpvoq.dll

2008-03-22 18:50 . 2008-03-22 18:50 3,997 --a------ C:\WINDOWS\system32\riefisyw.dll

2008-03-22 15:22 . 2008-03-22 15:22 4,011 --a------ C:\WINDOWS\system32\rhasdlil.dll

2008-03-22 15:21 . 2008-03-22 15:21 4,001 --a------ C:\WINDOWS\system32\iqvutfkn.dll

2008-03-22 07:33 . 2008-03-22 07:33 4,001 --a------ C:\WINDOWS\system32\dciksfcn.dll

2008-03-22 07:33 . 2008-03-22 07:33 3,997 --a------ C:\WINDOWS\system32\cmggewjw.dll

2008-03-21 16:05 . 2008-03-22 07:31 1,543,219 ---hs---- C:\WINDOWS\system32\keteltss.ini

2008-03-21 15:58 . 2008-03-21 15:58 4,001 --a------ C:\WINDOWS\system32\hifbjtjp.dll

2008-03-21 15:58 . 2008-03-21 15:58 3,997 --a------ C:\WINDOWS\system32\xpbxxnbr.dll

2008-03-20 17:43 . 2008-03-20 17:43 3,997 --a------ C:\WINDOWS\system32\iliaynvd.dll

2008-03-20 17:42 . 2008-03-20 17:42 4,011 --a------ C:\WINDOWS\system32\owjnvbti.dll

2008-03-20 17:36 . 2008-03-20 17:36 4,001 --a------ C:\WINDOWS\system32\yxvbvref.dll

2008-03-20 14:58 . 2008-03-20 14:58 4,011 --a------ C:\WINDOWS\system32\yjklgmmt.dll

2008-03-20 14:58 . 2008-03-20 14:58 4,001 --a------ C:\WINDOWS\system32\askcsmjs.dll

2008-03-20 10:45 . 2008-03-20 10:45 3,997 --a------ C:\WINDOWS\system32\kucxjtwr.dll

2008-03-20 10:44 . 2008-03-20 10:44 4,001 --a------ C:\WINDOWS\system32\kqgemfjc.dll

2008-03-19 17:27 . 2008-03-19 17:27 4,011 --a------ C:\WINDOWS\system32\qgqurohl.dll

2008-03-19 17:26 . 2008-03-19 17:26 4,001 --a------ C:\WINDOWS\system32\fpugxhtm.dll

2008-03-19 17:26 . 2008-03-19 17:26 3,997 --a------ C:\WINDOWS\system32\wqaensnq.dll

2008-03-19 10:49 . 2008-03-19 10:49 4,011 --a------ C:\WINDOWS\system32\xchwrrmi.dll

2008-03-19 10:49 . 2008-03-19 10:49 4,001 --a------ C:\WINDOWS\system32\ahvnbbey.dll

2008-03-19 10:49 . 2008-03-19 10:49 3,997 --a------ C:\WINDOWS\system32\brdmsjqp.dll

2008-03-18 18:29 . 2008-03-20 10:42 1,544,553 ---hs---- C:\WINDOWS\system32\futlispf.ini

2008-03-18 18:23 . 2008-03-23 13:41 <DIR> d-------- C:\Documents and Settings\JosuÚ\Configuraþ§es locais

2008-03-18 17:52 . 2008-03-18 17:52 4,001 --a------ C:\WINDOWS\system32\xpgnktmf.dll

2008-03-18 17:52 . 2008-03-18 17:52 3,997 --a------ C:\WINDOWS\system32\pftjrijx.dll

2008-03-17 16:19 . 2008-03-17 16:19 4,011 --a------ C:\WINDOWS\system32\tdeiptnc.dll

2008-03-17 16:19 . 2008-03-17 16:19 4,001 --a------ C:\WINDOWS\system32\sigiplfq.dll

2008-03-17 16:19 . 2008-03-17 16:19 3,997 --a------ C:\WINDOWS\system32\ybqtiusi.dll

2008-03-17 10:57 . 2008-03-17 10:57 3,997 --a------ C:\WINDOWS\system32\tfajtsdg.dll

2008-03-17 10:54 . 2008-03-17 10:54 4,011 --a------ C:\WINDOWS\system32\wduwclde.dll

2008-03-17 10:54 . 2008-03-17 10:54 4,001 --a------ C:\WINDOWS\system32\fpiwoodh.dll

2008-03-16 20:01 . 2008-03-16 20:01 39,936 --a------ C:\WINDOWS\system32\skeysw.exe

2008-03-16 13:04 . 2008-03-16 13:07 <DIR> d-------- C:\Documents and Settings\Josué\Mercury

2008-03-16 13:04 . 2008-03-16 13:07 <DIR> d-------- C:\Documents and Settings\Josué\Mercury

2008-03-16 13:04 . 2008-03-16 13:04 <DIR> d-------- C:\Documents and Settings\Josué\.jmf

2008-03-16 13:04 . 2008-03-16 13:04 <DIR> d-------- C:\Documents and Settings\Josué\.jmf

2008-03-16 09:47 . 2006-09-23 12:13 65,728 --------- C:\WINDOWS\system32\IE7Eula.rtf

2008-03-16 09:46 . 2008-03-16 09:46 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%

2008-03-16 09:43 . 2007-07-01 00:36 1,024,000 --a------ C:\WINDOWS\system32\ieframe.dll.mui

2008-03-16 09:42 . 2006-11-21 19:39 11,776 --------- C:\WINDOWS\system32\advpack.dll.mui

2008-03-15 12:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-03-15 12:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-03-15 12:44 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-03-15 12:44 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-03-15 12:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-03-15 12:44 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-03-15 12:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-03-15 11:05 . 2008-03-15 11:05 3,997 --a------ C:\WINDOWS\system32\fiwcwbxw.dll

2008-03-15 11:02 . 2008-03-15 11:02 4,011 --a------ C:\WINDOWS\system32\prummcua.dll

2008-03-15 10:59 . 2008-03-15 10:59 4,001 --a------ C:\WINDOWS\system32\bepekdlq.dll

2008-03-15 09:07 . 2008-03-15 09:07 3,997 --a------ C:\WINDOWS\system32\epdfloku.dll

2008-03-15 09:06 . 2008-03-15 09:06 4,001 --a------ C:\WINDOWS\system32\nqvnqdmy.dll

2008-03-14 18:51 . 2008-03-15 12:53 1,346 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-14 17:21 . 2008-03-23 18:25 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2008-03-14 17:21 . 2008-03-14 17:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-14 17:21 . 2008-03-14 17:22 2,162 --a------ C:\WINDOWS\system32\tmmute.ini

2008-03-14 11:00 . 2008-03-14 11:00 4,011 --a------ C:\WINDOWS\system32\vyuhpvss.dll

2008-03-14 11:00 . 2008-03-14 11:00 4,001 --a------ C:\WINDOWS\system32\ieyiwnff.dll

2008-03-13 17:46 . 2008-03-13 17:46 4,001 --a------ C:\WINDOWS\system32\twogygku.dll

2008-03-13 17:46 . 2008-03-13 17:46 3,997 --a------ C:\WINDOWS\system32\buoamrqd.dll

2008-03-13 17:45 . 2008-03-13 17:45 4,001 --a------ C:\WINDOWS\system32\cvnrdvfk.dll

2008-03-12 18:53 . 2008-03-12 18:53 127 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-12 14:42 . 2008-03-12 14:42 11 --a--c--- C:\AuResult.ini

2008-03-12 12:20 . 2008-03-12 12:37 <DIR> d----c--- C:\Arquivos de programas\4DiskcleanG

2008-03-12 12:18 . 2008-03-12 12:19 <DIR> d----c--- C:\Arquivos de programas\CCleaner

2008-03-12 09:38 . 2008-03-12 09:38 4,011 --a------ C:\WINDOWS\system32\llkvfwhe.dll

2008-03-12 09:35 . 2008-03-12 09:35 3,997 --a------ C:\WINDOWS\system32\maofqrfw.dll

2008-03-12 09:34 . 2008-03-12 09:34 4,001 --a------ C:\WINDOWS\system32\snjafupc.dll

2008-03-11 10:41 . 2008-03-11 10:41 4,011 --a------ C:\WINDOWS\system32\sfeuxmvn.dll

2008-03-11 10:40 . 2008-03-11 10:40 4,001 --a------ C:\WINDOWS\system32\fsiateju.dll

2008-03-11 10:40 . 2008-03-11 10:40 3,997 --a------ C:\WINDOWS\system32\jqunecmy.dll

2008-03-10 16:50 . 2008-03-10 16:50 4,011 --a------ C:\WINDOWS\system32\yblyiwcb.dll

2008-03-10 16:50 . 2008-03-10 16:50 4,001 --a------ C:\WINDOWS\system32\ugcdhhuh.dll

2008-03-10 09:12 . 2008-03-10 09:12 4,011 --a------ C:\WINDOWS\system32\ttuiisyg.dll

2008-03-10 09:12 . 2008-03-10 09:12 4,001 --a------ C:\WINDOWS\system32\shbnnnap.dll

2008-03-09 15:17 . 2008-03-09 15:17 4,011 --a------ C:\WINDOWS\system32\xkngirqq.dll

2008-03-09 15:17 . 2008-03-09 15:17 4,001 --a------ C:\WINDOWS\system32\bxdymqdq.dll

2008-03-08 18:04 . 2008-03-23 13:41 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-03-08 18:04 . 2008-03-23 13:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-03-08 18:04 . 2008-03-23 13:41 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-03-08 18:04 . 2008-03-23 13:41 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-03-08 17:52 . 2008-03-08 17:52 309,574 --a------ C:\catchme2008-03-10_ 93144,74.zip

2008-03-08 17:40 . 2008-03-12 16:08 <DIR> d-------- C:\Documents and Settings\Josué\.housecall6.6

2008-03-08 17:40 . 2008-03-12 16:08 <DIR> d-------- C:\Documents and Settings\Josué\.housecall6.6

2008-03-08 15:39 . 2008-03-08 15:39 3,975 --a------ C:\WINDOWS\system32\kjbtfsgu.dll

2008-03-08 13:52 . 2008-03-08 13:52 3,997 --a------ C:\WINDOWS\system32\mkevacoy.dll

2008-03-08 13:52 . 2008-03-08 13:52 3,975 --a------ C:\WINDOWS\system32\sknykfie.dll

2008-03-08 13:51 . 2008-03-08 13:51 4,011 --a------ C:\WINDOWS\system32\hnhlygwy.dll

2008-03-08 13:47 . 2008-03-08 13:47 3,997 --a------ C:\WINDOWS\system32\ljlpinjb.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 19:06 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-25 22:56 --------- d-----w C:\Documents and Settings\Josué\Dados de aplicativos\LimeWire

2008-03-24 01:24 --------- dc----w C:\Arquivos de programas\GbPlugin

2008-03-24 01:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-18 20:52 --------- dc----w C:\Arquivos de programas\Spyware Terminator

2008-03-18 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-03-12 15:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-05 19:43 --------- d-----w C:\Documents and Settings\Josué\Dados de aplicativos\WinButler

2008-03-03 21:21 --------- dc----w C:\Arquivos de programas\Winks Installer

2008-03-03 14:01 --------- dc-h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-29 19:58 --------- d-----w C:\Documents and Settings\Josué\Dados de aplicativos\FDRLab

2008-02-29 14:25 --------- dc----w C:\Arquivos de programas\eMule

2008-02-28 20:38 --------- dc----w C:\Arquivos de programas\MSN Messenger

2008-02-23 19:22 --------- dc----w C:\Arquivos de programas\MassTube

2008-02-19 21:45 --------- dc----w C:\Arquivos de programas\LimeWire

2008-02-17 20:45 --------- dc----w C:\Arquivos de programas\Shareaza

2008-02-09 20:24 --------- d-----w C:\Documents and Settings\Josué\Dados de aplicativos\Nero

2008-02-09 20:22 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-09 20:20 --------- dc----w C:\Arquivos de programas\Nero

2008-02-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-02-08 20:55 --------- dc----w C:\Arquivos de programas\FastDictionary 2007

2008-02-07 23:27 --------- dc----w C:\Arquivos de programas\Download Yuotube

2008-02-07 20:23 --------- dc----w C:\Arquivos de programas\YouTubeSpider

2008-02-05 00:22 --------- dc----w C:\Arquivos de programas\Neoretix

2008-01-28 21:04 --------- dc----w C:\Arquivos de programas\Cequal Software

2006-01-05 20:27 31,370 -c----r C:\Arquivos de programas\DVD SHRINK 3.2.EXE-15C7A414.pf

2004-07-26 05:16 598,086 -c----r C:\Arquivos de programas\DVD Shrink 3.2.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((( snapshot@2008-03-23_13.41.12.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2002-09-18 03:45:00 119,808 ----a-w C:\WINDOWS\lsb_un20.exe

+ 2008-03-27 00:52:01 188,906 ----a-w C:\WINDOWS\system32\drivers\etc\tmsshf.bin

+ 2008-03-27 00:49:52 227,891 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin

+ 2008-03-27 00:52:01 188,923 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin

+ 2008-03-27 20:49:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2007-12-24 18:01:33 770048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"= WinSpooler.exe

"WinUpdating"= WinUpdating.exe

"Windows Security Tool"= WinSecure.exe

"skeysw"= skeysw.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 14:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 14:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwvtq]

cbxwvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrppn]

urqrppn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Josué^Menu Iniciar^Programas^Inicializar^Trend Micro Anti-Spyware.lnk]

path=C:\Documents and Settings\Josué\Menu Iniciar\Programas\Inicializar\Trend Micro Anti-Spyware.lnk

backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b497621d]

C:\WINDOWS\system32\uxddbsri.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb7a45181]

C:\WINDOWS\system32\cvhckylc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahsc--- 2008-01-28 11:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a--c--- 2007-12-24 19:19 2834432 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a--c--- 2007-12-24 19:10 185632 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Download Express\\dep.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"D:\\Meus documentos\\Natanael\\aaa\\Mercury\\Mercury.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-24 19:20]

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 15:23]

R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 07:14]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-09-12 15:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d810cd0-c84d-11dc-82a4-000e2eab00b6}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 17:20:51

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-28 17:21:52

ComboFix-quarantined-files.txt 2008-03-28 20:21:34

ComboFix2.txt 2008-03-23 16:41:32

ComboFix3.txt 2008-03-18 21:23:27

.

2008-03-28 03:40:28 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

SDFix: Version 1.164

Run by Administrador on 30/03/2008 at 13:20

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\WinSecure.exe - Deleted

C:\WINDOWS\system32\WinSpooler.exe - Deleted

C:\WINDOWS\system32\WinUpdating.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-30 13:24:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:71,d8,b7,41,6c,cc,a8,51,03,8b,c8,2a,db,f0,77,65,4f,54,42,be,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,bf,de,31,21,84,95,1b,c0,53,4d,b3,49,81,3c,9d,35,21,..

"khjeh"=hex:aa,98,27,e8,00,8d,79,f3,1c,64,00,cc,3a,cf,9c,5a,ec,78,0d,03,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e6,33,80,4b,49,7e,4f,a7,15,7c,58,8e,c8,fb,a9,39,10,51,01,09,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:71,d8,b7,41,6c,cc,a8,51,03,8b,c8,2a,db,f0,77,65,4f,54,42,be,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,bf,de,31,21,84,95,1b,c0,53,4d,b3,49,81,3c,9d,35,21,..

"khjeh"=hex:aa,98,27,e8,00,8d,79,f3,1c,64,00,cc,3a,cf,9c,5a,ec,78,0d,03,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e6,33,80,4b,49,7e,4f,a7,15,7c,58,8e,c8,fb,a9,39,10,51,01,09,04,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Arquivos de programas\\Ares\\Ares.exe"="C:\\Arquivos de programas\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Download Express\\dep.exe"="C:\\Arquivos de programas\\Download Express\\dep.exe:*:Enabled:Browser download plugin"

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"="C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"="C:\\Arquivos de programas\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"="C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"D:\\Meus documentos\\Natanael\\aaa\\Mercury\\Mercury.exe"="D:\\Meus documentos\\Natanael\\aaa\\Mercury\\Mercury.exe:*:Enabled:Mercury"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Sat 29 Mar 2008 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"

Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"

Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"

Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"

Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"

Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"

Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"

Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"

Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"

Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"

Finished!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:26:41, on 30/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\notepad.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe

O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe

O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Baixe usando Download &Express - C:\Arquivos de programas\Download Express\Add_Url.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198535818449

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198537447732

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: cbxwvtq - cbxwvtq.dll (file missing)

O20 - Winlogon Notify: urqrppn - urqrppn.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--

End of file - 6851 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe

O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe

O20 - Winlogon Notify: cbxwvtq - cbxwvtq.dll (file missing)

O20 - Winlogon Notify: urqrppn - urqrppn.dll (file missing)

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:27:41, on 30/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\LimeWire\LimeWire.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Download Express\projectslist.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Baixe usando Download &Express - C:\Arquivos de programas\Download Express\Add_Url.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198535818449

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198537447732

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--

End of file - 6616 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\Arquivos de programas\Trend Micro\HijackThis;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×