Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
marcelneres

Zlob.brx,Small.avu, Dialer.rt, Banload.evk 1

Recommended Posts

Estou dando uma olhada no laptop do meu amigo, 24.000 warnings,estava lento demais,completamente carregado.

apos uma geral, rodei um kaspersky on-line, apareceram algumas infeccoes.

tentei rodar o combofix, o computador desliga e liga sozinho.

Estou postando um log do hijackthis eo resultadodo kaspersky on line.

grato pela ajuda.

KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, August 12, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, August 12, 2008 16:47:33

Records in database: 1086287

Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes

Scan area My Computer C:\

D:\

E:\

F:\

G:\

Scan statistics Files scanned 46398 Threat name 4 Infected objects 6 Suspicious objects 0 Duration of the scan 00:49:26

File name Threat name Threats count C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292083.dllInfected: Trojan-Downloader.Win32.Zlob.brx1

C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292084.dllInfected: Trojan-Downloader.Win32.Zlob.brx1

C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292085.dllInfected: Trojan-Downloader.Win32.Zlob.brx1

C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292086.exeInfected: Trojan-Dropper.Win32.Small.avu1

C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292087.exeInfected: Trojan.Win32.Dialer.rt1

C:\System Volume Information\_restore{1278987F-4F6C-400F-85EA-0848131690A9}\RP291\A0292088.scrInfected: Trojan-Downloader.Win32.Banload.evk1

The selected area was scanned.

Logfile of HijackThis v1.99.1

Scan saved at 23:19, on 2008-08-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\b\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: Bloqueados

O1 - Hosts: 210.245.168.132 www.cef.com.br

O1 - Hosts: 210.245.168.132 www.cef.gov.br

O1 - Hosts: 210.245.168.132 www.caixa.com.br

O1 - Hosts: 210.245.168.132 www.terra.com.br

O1 - Hosts: 210.245.168.132 cef.gov.br

O1 - Hosts: 210.245.168.132 caixa.gov.br

O1 - Hosts: 210.245.168.132 www.bb.com.br

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Programmi\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: www.my-securedoc.com

O15 - Trusted Zone: www.mycreditoweb.com

O15 - Trusted Zone: www.mysessoblog.com

O15 - Trusted Zone: www.super-contenuti.com

O15 - Trusted Zone: www.www.ragazze-spiate.com

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB58B80-4168-4888-B703-49CC850E5C77}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C4DB5A1-94E3-4495-A265-0216505895C1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

Obrigado pelo help....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do ComboFix

É importante que o salve no seu desktop (ambiente de trabalho)

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
  • É um pouco demorado, por favor seja paciente.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Renato, obrigado pelo help

Primeiro: nao consigo passar o combofix, apos instala-lo e dar o comando 1,apos alguns segundos o computador restarta e aparece aquela tela azul para checkar de memoria.

Segundo: Ja aconteceu tres vezes, toda a tela do laptop parece que move pra esquerda aparecendo um fundo preto (dois centimetros) e abaixo da barra de status aparece algumas listras brancas.

Terceiro: O AVG nao realiza update, diz: A .bin file is missing.

Obrigado pelo help.

estou mandando um log do hijckthis.

Logfile of HijackThis v1.99.1

Scan saved at 23:32, on 2008-08-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\b\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: Bloqueados

O1 - Hosts: 210.245.168.132 www.cef.com.br

O1 - Hosts: 210.245.168.132 www.cef.gov.br

O1 - Hosts: 210.245.168.132 www.caixa.com.br

O1 - Hosts: 210.245.168.132 www.terra.com.br

O1 - Hosts: 210.245.168.132 cef.gov.br

O1 - Hosts: 210.245.168.132 caixa.gov.br

O1 - Hosts: 210.245.168.132 www.bb.com.br

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Programmi\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O3 - Toolbar: AVG Security Toolbar -

valeu

Compartilhar este post


Link para o post
Compartilhar em outros sites

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Tente executar o ComboFix novamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segui log docombofix em modo seguro e um novo log do hijckthis

ComboFix 08-08-15.04 - b 2008-08-17 22:52:34.2 - FAT32x86 MINIMAL

Eseguito da: C:\Documents and Settings\b\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\config.ini

C:\WINDOWS\system32\drivers\etc\chosts

C:\WINDOWS\system32\drivers\etc\tmphosts

C:\WINDOWS\system32\URL(3).DLL

.

((((((((((((((((((((((((( Files Creati Da 2008-07-17 al 2008-08-17 )))))))))))))))))))))))))))))))))))

.

2008-08-17 22:51 . 2008-08-14 05:05 <DIR> d-------- C:\327882R2FWJFW

2008-08-17 22:43 . 2008-08-17 22:43 <DIR> d-------- C:\Documents and Settings\b\Dati applicazioni\Media Player Classic

2008-08-17 22:42 . 2008-08-17 22:42 <DIR> d-------- C:\Programmi\K-Lite Codec Pack

2008-08-17 15:19 . 2008-08-17 15:19 <DIR> d--hs---- C:\FOUND.063

2008-08-16 23:37 . 2008-08-16 23:37 <DIR> d-------- C:\Documents and Settings\b\.housecall6.6

2008-08-16 23:37 . 2008-08-16 23:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-08-16 23:21 . 2008-08-16 23:21 <DIR> d--hs---- C:\FOUND.062

2008-08-15 23:58 . 2008-08-15 23:58 <DIR> d-------- C:\Programmi\Uniblue

2008-08-15 23:58 . 2008-08-15 23:58 <DIR> d-------- C:\Documents and Settings\b\Dati applicazioni\Uniblue

2008-08-15 23:44 . 2008-08-15 23:44 <DIR> d--hs---- C:\FOUND.061

2008-08-15 23:37 . 2008-08-15 23:37 <DIR> d--hs---- C:\FOUND.060

2008-08-13 21:47 . 2008-08-13 21:47 <DIR> d-------- C:\Programmi\Marcos Velasco Security

2008-08-13 21:20 . 2008-08-13 21:20 <DIR> d--hs---- C:\FOUND.059

2008-08-13 01:51 . 2008-08-13 01:51 3,042 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-08-13 01:50 . 2004-08-19 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-13 01:33 . 2008-08-13 01:33 <DIR> d-------- C:\WINDOWS\system32\it

2008-08-13 01:33 . 2008-08-13 01:33 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-13 01:33 . 2008-08-13 01:33 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-13 01:28 . 2008-08-13 01:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-13 01:11 . 2008-08-13 01:11 <DIR> d-------- C:\WINDOWS\EHome

2008-08-13 00:52 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys

2008-08-13 00:52 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys

2008-08-13 00:52 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys

2008-08-13 00:51 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys

2008-08-12 23:58 . 2008-08-12 23:58 <DIR> d--hs---- C:\FOUND.058

2008-08-12 19:39 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-12 18:52 . 2008-08-12 18:52 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-08-12 17:20 . 2008-08-12 17:20 <DIR> d-------- C:\WINDOWS\Sun

2008-08-12 17:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-12 17:17 . 2008-08-12 17:17 <DIR> d-------- C:\Programmi\Java

2008-08-12 17:17 . 2008-08-12 17:17 <DIR> d-------- C:\Programmi\File comuni\Java

2008-08-12 16:22 . 2008-08-12 16:23 1,144 --a------ C:\WINDOWS\mozver.dat

2008-08-12 16:13 . 2008-08-12 16:13 <DIR> d-------- C:\Programmi\StuffPlug3

2008-08-12 16:08 . 2008-08-12 16:08 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-11 23:43 . 2008-08-11 23:43 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-11 22:55 . 2008-08-11 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-11 22:55 . 2008-08-11 22:55 <DIR> d-------- C:\Programmi\AVG

2008-08-11 22:55 . 2008-08-11 22:55 <DIR> d-------- C:\Documents and Settings\b\Dati applicazioni\AVGTOOLBAR

2008-08-11 22:55 . 2008-08-11 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8

2008-08-11 22:55 . 2008-08-12 15:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-11 22:55 . 2008-08-12 15:54 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-11 22:55 . 2008-08-12 15:54 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-11 20:18 . 2008-08-11 20:18 <DIR> d-------- C:\Programmi\CCleaner

2008-08-11 19:41 . 2008-08-11 19:41 <DIR> d-------- C:\Programmi\Realtek

2008-08-09 09:43 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-09 09:43 . 2007-03-08 06:11 1,032,192 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-01 15:38 . 2008-08-01 15:38 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy

2008-08-01 15:38 . 2008-08-01 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2008-08-01 14:58 . 2008-08-01 14:58 <DIR> d--hs---- C:\FOUND.057

2008-08-01 13:51 . 2008-08-01 13:51 <DIR> d--hs---- C:\FOUND.056

2008-07-31 21:06 . 2008-07-31 21:06 <DIR> d--hs---- C:\FOUND.055

2008-07-26 14:17 . 2008-07-26 14:17 <DIR> d-------- C:\WINDOWS\system32\it-it

2008-07-25 09:36 . 2008-07-25 09:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-07-25 09:36 . 2008-07-25 09:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-07-23 17:50 . 2008-07-23 17:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 17:48 . 2008-07-23 17:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-07-23 17:48 . 2008-07-23 17:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-07-23 17:47 . 2008-07-23 17:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax

2008-07-23 17:47 . 2008-07-23 17:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

2008-07-23 17:47 . 2008-07-23 17:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest

2008-07-23 17:47 . 2008-07-23 17:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

2008-07-23 17:46 . 2008-07-23 17:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:27 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-06-26 08:13 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2008-06-26 08:13 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:42 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-23 15:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-23 15:09 668,672 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2008-06-23 15:09 3,088,384 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-20 18:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 18:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 18:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 12:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 12:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 12:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 12:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 12:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 12:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 12:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles

2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-04-15 22:00 154 ----a-w C:\Documents and Settings\b\Dati applicazioni\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:14 15360]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-12 15:54 1232152]

"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"Uniblue SpeedUpMyPC"="C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-04-25 16:27 8828448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 07:02 5562368]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= "C:\Programmi\Scpad\scpLIB.dll" [2007-03-27 01:29 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\PROGRA~1\GbPlugin\gbiehCef.dll" [2008-03-05 11:29 341576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-03-05 11:29 341576 C:\PROGRA~1\GbPlugin\gbiehCef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-10-15 11:27 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ASUS ChkMail.lnk]

backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

--a------ 2003-09-19 12:54 172032 C:\Programmi\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]

--a------ 2004-10-15 11:31 356352 C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

--a------ 2005-05-12 00:15 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2004-10-15 11:27 385024 C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]

--a------ 2004-09-21 16:55 81920 C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2004-12-21 23:23 688218 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2004-12-21 23:23 98394 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2005-05-25 07:02 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-05-25 00:37 14477312 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programmi\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 16:26]

R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 16:26]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-12 15:54]

S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-12 15:54]

S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-12 15:54]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-12 15:54]

S2 NwSapAgent;Agente SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 03:14]

S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 19:45]

S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 19:45]

S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5796e3b8-e1c5-11db-b8e3-806d6172696f}]

\Shell\AutoRun\command - E:\starter.exe

*Newly Created Service* - CATCHME

.

Contenuto della cartella 'Scheduled Tasks'

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2008-08-15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

- C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-04-25 16:27]

2008-08-15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

- C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-04-25 16:27]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\b\Dati applicazioni\Mozilla\Firefox\Profiles\v5q5a5pw.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.br

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 22:55:47

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-08-17 22:56:42

ComboFix-quarantined-files.txt 2008-08-17 21:56:40

Pre-Run: 19,359,170,560 byte disponibili

Post-Run: 19,437,912,064 byte disponibili

211 --- E O F --- 2008-08-13 20:46:35

log hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 23:09:22, on 17/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\b\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: Bloqueados

O1 - Hosts: 210.245.168.132 www.cef.com.br

O1 - Hosts: 210.245.168.132 www.cef.gov.br

O1 - Hosts: 210.245.168.132 www.caixa.com.br

O1 - Hosts: 210.245.168.132 www.terra.com.br

O1 - Hosts: 210.245.168.132 cef.gov.br

O1 - Hosts: 210.245.168.132 caixa.gov.br

O1 - Hosts: 210.245.168.132 www.bb.com.br

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Programmi\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: www.my-securedoc.com

O15 - Trusted Zone: www.mycreditoweb.com

O15 - Trusted Zone: www.mysessoblog.com

O15 - Trusted Zone: www.super-contenuti.com

O15 - Trusted Zone: www.www.ragazze-spiate.com

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB58B80-4168-4888-B703-49CC850E5C77}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C4DB5A1-94E3-4495-A265-0216505895C1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

Obrigado pelo help

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 14:32:07, on 20/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\b\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: Bloqueados

O1 - Hosts: 210.245.168.132 www.cef.com.br

O1 - Hosts: 210.245.168.132 www.cef.gov.br

O1 - Hosts: 210.245.168.132 www.caixa.com.br

O1 - Hosts: 210.245.168.132 www.terra.com.br

O1 - Hosts: 210.245.168.132 cef.gov.br

O1 - Hosts: 210.245.168.132 caixa.gov.br

O1 - Hosts: 210.245.168.132 www.bb.com.br

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Programmi\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Programmi\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: www.my-securedoc.com

O15 - Trusted Zone: www.mycreditoweb.com

O15 - Trusted Zone: www.mysessoblog.com

O15 - Trusted Zone: www.super-contenuti.com

O15 - Trusted Zone: www.www.ragazze-spiate.com

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB58B80-4168-4888-B703-49CC850E5C77}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C4DB5A1-94E3-4495-A265-0216505895C1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRA~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

KASPERSKY LOG

Wednesday, August 20, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, August 19, 2008 22:03:55

Records in database: 1111719

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

C:\

D:\

E:\

F:\

G:\

Scan statistics

Files scanned 48035

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 00:50:03

No malware has been detected. The scan area is clean.

The selected area was scanned.

NO AGUARDO DE informações

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log limpo, mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso resolvido!

Movido para Casos Resolvidos, caso o autor deseje reabertura do mesmo, mande uma MP para um dos moderadores da seção.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×