Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
jeff23ctba

Virus beep.sys

Recommended Posts

Bom dia, recentemente peguei um virus que ficava mandando mensgaem de atualizacao e tinha um icone do lado do relogio com um X vermelho, pesquisei na net e descobri que tinha haver com o beep.sys e um tal de blastk.exe, consegui tirar esse X , ai com muito custo instalei um novo antivirus o kaspersky, mas agora nao consigo atualizar ele , tentei usar o combofix ate mesmo em modo de segurança, e alguma coisa bloqueia ele e nao deixa eu passar a ferramenta, tentei instalar o MBAM e tambem nao consigo , to postando um log ai para alguem me dar uma luz, desde ja agradeco a mais uma coisa, sempre que tento baixar uma ferramenta , nao consigo , tentei baixar o SDFix.exe aqui do site e nao consigo abrir a pagina tambem , agradeco uma ajuda valeuu

Logfile of HijackThis v1.99.1

Scan saved at 07:21:23, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\Firebird 1.5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird 1.5\bin\fbserver.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = ?

O8 - Extra context menu item: Adicionar ao Bloqueador de Banners - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Estatísticas de protecção do Tráfego de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

Editado por jeff23ctba

Compartilhar este post


Link para o post
Compartilhar em outros sites

E ai galera, desculpe responder meu proprio topico , mas e o seguinte , ainda to com meu problema aqui mas percebi atraves do meu log e de pesquisas na net que eu to com o trojan GbPlugin\GbpSv e em um site descobri uma ferramenta que consegue arrancar essa porcaria , quem tiver com essa entrada no log " C:\Arquivos de programas\GbPlugin\GbpSv.exe " pode passar a ferramenta que ela retira o bicho , ainda peco para a galera analisar meu log que ainda nao acabou meus problemas valeuu, ta ai o link do site com a ferramenta, abraços

http://xcovil.blogspot.com/2008/10/removedor-gbplugin.html

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola amigos , consegui executar o combofix , como passei muita coisa aqui to postando o log do HijackThis tambem agradeco se puder me ajudar , obrigado

Logfile of HijackThis v1.99.1

Scan saved at 13:11, on 2008-11-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\Firebird 1.5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird 1.5\bin\fbserver.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = ?

O8 - Extra context menu item: Adicionar ao Bloqueador de Banners - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Estatísticas de protecção do Tráfego de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

ComboFix 08-11-13.01 - user 2008-11-15 12:51:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.611 [GMT -2:00]

Executando de: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\user\Cookies\inysa._dl

C:\Documents and Settings\user\Cookies\loqodi._sy

C:\Documents and Settings\user\Cookies\mynepesug.sys

C:\Documents and Settings\user\Cookies\qeje.inf

C:\Documents and Settings\user\Cookies\vuwyko.dll

C:\Documents and Settings\user\Cookies\vybomas.dll

C:\Documents and Settings\user\Cookies\xaseloxi.lib

C:\kmd.exe

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\IE4 Error Log.txt

C:\WINDOWS\karna.dat

C:\WINDOWS\system32\_scui.cpl

C:\WINDOWS\system32\dao350.dll

C:\WINDOWS\system32\DelSelf.bat

C:\WINDOWS\system32\Drivers\TDSSmqlt.sys

C:\WINDOWS\system32\TDSScfum.dll

C:\WINDOWS\system32\TDSSnrsr.dll

C:\WINDOWS\system32\TDSSofxh.dll

C:\WINDOWS\system32\TDSSosvd.dat

C:\WINDOWS\system32\TDSSriqp.dll

C:\WINDOWS\system32\TDSStkdv.log

C:\WINDOWS\system32\wini10806.exe

C:\WINDOWS\winhelp.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Legacy_TDSSSERV.SYS

-------\Service_TDSSserv.sys

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-15 to 2008-11-15 ))))))))))))))))))))))))))))

.

2011-12-14 12:00 . 2006-12-13 21:46 8,820 --a------ C:\WINDOWS\system32ctcxcx32.dll

2008-11-15 12:25 . 2008-11-15 12:59 860,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-11-15 12:25 . 2008-11-15 12:57 237,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-11-15 12:25 . 2008-11-15 12:59 7,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-11-15 12:25 . 2008-11-15 12:57 1,892 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-11-14 17:29 . 2008-11-14 17:46 <DIR> d-------- C:\!KillBox

2008-11-14 09:28 . 2008-11-14 09:28 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Grisoft

2008-11-14 09:27 . 2008-11-14 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-11-14 09:27 . 2007-05-30 10:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-11-13 12:03 . 2008-11-13 12:03 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-11-13 12:03 . 2008-11-13 12:03 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-11-13 12:02 . 2008-11-13 12:02 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-11-13 09:15 . 2008-11-13 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-11-12 11:14 . 2006-12-08 11:55 <DIR> d--h----- C:\Documents and Settings\Administrador.CASA1\Modelos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d-------- C:\Documents and Settings\Administrador.CASA1\Meus documentos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> dr------- C:\Documents and Settings\Administrador.CASA1\Menu Iniciar

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d-------- C:\Documents and Settings\Administrador.CASA1\Favoritos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> dr-h----- C:\Documents and Settings\Administrador.CASA1\Dados de aplicativos

2008-11-12 11:14 . 2008-11-15 12:53 <DIR> d--h----- C:\Documents and Settings\Administrador.CASA1\Configurações locais

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador.CASA1\Ambiente de rede

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador.CASA1\Ambiente de impressão

2008-11-12 11:14 . 2008-11-12 11:14 <DIR> d-------- C:\Documents and Settings\Administrador.CASA1

2008-11-12 10:47 . 2008-11-12 10:47 17,722 --a------ C:\WINDOWS\vasi._dl

2008-11-12 10:47 . 2008-11-12 10:47 17,368 --a------ C:\WINDOWS\system32\epaf.dl

2008-11-12 10:47 . 2008-11-12 10:47 16,888 --a------ C:\WINDOWS\jycawoselo.pif

2008-11-12 10:47 . 2008-11-12 10:47 15,343 --a------ C:\WINDOWS\system32\lizusuwe.dl

2008-11-12 10:47 . 2008-11-12 10:47 15,054 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\tilagawem.sys

2008-11-12 10:47 . 2008-11-12 10:47 14,716 --a------ C:\WINDOWS\fyjasyq.dl

2008-11-12 10:47 . 2008-11-12 10:47 14,676 --a------ C:\WINDOWS\system32\peruwuqi.bat

2008-11-12 10:47 . 2008-11-12 10:47 11,062 --a------ C:\WINDOWS\ovep.dll

2008-11-12 10:47 . 2008-11-12 10:47 10,773 --a------ C:\WINDOWS\sycaxuqide.vbs

2008-11-12 10:45 . 2008-11-12 10:45 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-11-12 08:04 . 2008-11-12 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-11-12 08:02 . 2008-11-12 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-11-11 18:13 . 2008-11-11 18:13 18,412 --a------ C:\WINDOWS\ebikumese.dl

2008-11-11 18:13 . 2008-11-11 18:13 17,959 --a------ C:\WINDOWS\pojekefexy.vbs

2008-11-11 18:13 . 2008-11-11 18:13 17,923 --a------ C:\WINDOWS\apyw.bat

2008-11-11 18:13 . 2008-11-11 18:13 16,204 --a------ C:\WINDOWS\system32\uzoc.pif

2008-11-11 18:13 . 2008-11-11 18:13 15,381 --a------ C:\WINDOWS\punesyniva.inf

2008-11-11 18:13 . 2008-11-11 18:13 13,540 --a------ C:\WINDOWS\mykap.reg

2008-11-11 18:13 . 2008-11-11 18:13 13,315 --a------ C:\WINDOWS\system32\exis.exe

2008-11-11 18:13 . 2008-11-11 18:13 12,379 --a------ C:\WINDOWS\system32\sucul.pif

2008-11-11 18:13 . 2008-11-11 18:13 12,131 --a------ C:\WINDOWS\fury._sy

2008-11-11 18:13 . 2008-11-11 18:13 11,698 --a------ C:\WINDOWS\cesohuz.dl

2008-11-11 13:23 . 2008-11-12 10:54 <DIR> d-------- C:\Arquivos de programas\AntivirusPro2009

2008-11-11 13:23 . 2008-11-11 13:23 19,960 --a------ C:\Documents and Settings\user\Dados de aplicativos\usonemirux.bat

2008-11-11 13:23 . 2008-11-11 13:23 19,185 --a------ C:\WINDOWS\icugip.exe

2008-11-11 13:23 . 2008-11-11 13:23 18,987 --a------ C:\WINDOWS\ypevo.sys

2008-11-11 13:23 . 2008-11-11 13:23 18,751 --a------ C:\Arquivos de programas\Arquivos comuns\naqom.bin

2008-11-11 13:23 . 2008-11-11 13:23 16,848 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ovycosyny.scr

2008-11-11 13:23 . 2008-11-11 13:23 16,735 --a------ C:\WINDOWS\kenugigahe.exe

2008-11-11 13:23 . 2008-11-11 13:23 16,502 --a------ C:\Documents and Settings\user\Dados de aplicativos\dafimoxag.pif

2008-11-11 13:23 . 2008-11-11 13:23 16,485 --a------ C:\WINDOWS\fymetohax.db

2008-11-11 13:23 . 2008-11-11 13:23 14,522 --a------ C:\Documents and Settings\user\Dados de aplicativos\adydir.exe

2008-11-11 13:23 . 2008-11-11 13:23 14,306 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\asysyxo.dll

2008-11-11 13:23 . 2008-11-11 13:23 14,058 --a------ C:\WINDOWS\ykafefi.vbs

2008-11-11 13:23 . 2008-11-11 13:23 13,893 --a------ C:\WINDOWS\tafoqukiq.com

2008-11-11 13:23 . 2008-11-11 13:23 13,636 --a------ C:\Documents and Settings\user\Dados de aplicativos\irokyc.dll

2008-11-11 13:23 . 2008-11-11 13:23 12,571 --a------ C:\Documents and Settings\user\Dados de aplicativos\pubuwin.pif

2008-11-11 13:23 . 2008-11-11 13:23 11,768 --a------ C:\WINDOWS\cyju.dat

2008-11-11 13:23 . 2008-11-11 13:23 11,673 --a------ C:\Arquivos de programas\Arquivos comuns\ihino.bin

2008-11-11 12:54 . 2008-11-15 07:09 2,444 --a------ C:\WINDOWS\system32\TDSSlxwp.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 14:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-11-14 11:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-14 10:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-11-12 12:47 16,482 ----a-w C:\Arquivos de programas\Arquivos comuns\ygyf._dl

2008-11-12 10:25 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\SolidWorks

2008-11-12 10:25 --------- d-----w C:\Arquivos de programas\eMule

2008-10-13 20:35 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-10-11 16:06 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Zylom

2008-10-11 16:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-10-09 10:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-18 10:33 65,408 ----a-w C:\config.bin

2008-09-17 11:46 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\dxdlls

2008-01-16 23:28 8 ---ha-w C:\Arquivos de programas\dbisam.lck

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 11:50 413696]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 18:30 172032]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 18:30 49152]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 07:25 6731312]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

"VTTimer"="VTTimer.exe" [2005-03-08 01:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2005-04-05 03:49 159744 C:\WINDOWS\system32\S3Trayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 07:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-07-03 03:23 116040 C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-02-13 21:09 486856 C:\Documents and Settings\user\Desktop\daemon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-09 14:30 289064 C:\Arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]

--a------ 2008-01-02 16:38 8770864 C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"GbpSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29 32784]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird 1.5\bin\fbguard.exe [2004-12-13 02:05 65536]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;C:\WINDOWS\System32\Drivers\fle5wnnt.sys [2004-07-27 15:37 33404]

R2 FLSIFACE;FLSIface;C:\WINDOWS\System32\Drivers\flsiface.sys [2004-07-27 15:38 12736]

R2 FLSPAR;FLSPar;C:\WINDOWS\System32\Drivers\flspar.sys [2004-07-27 15:39 17178]

R2 FLSSER;FLSSer;C:\WINDOWS\System32\Drivers\flsser.sys [2003-10-16 15:02 17880]

R2 FLSVCOM;FLSVCom;C:\WINDOWS\System32\Drivers\flsvcom.sys [2004-08-11 12:47 32762]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird 1.5\bin\fbserver.exe [2004-12-13 02:05 1527893]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06 24592]

R3 S3G700;S3G700;C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-10-15 02:19 792576]

S3 GNCT511;Genius VideoCAM NB;C:\WINDOWS\system32\DRIVERS\gnct511.sys [2002-11-14 14:30 229376]

S3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\rtl8180.SYS [2003-12-03 01:47 184320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a954b5-a243-11dc-a232-0018f35d0769}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

\Shell\explore\Command - autorun.exe

\Shell\open\Command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8015075-d953-11dc-a2aa-0018f35d0769}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "CODE":

http://forum.clubedohardware.com.br/virus-beep-sys/601148

Collect::[4]
C:\WINDOWS\system32ctcxcx32.dll
C:\WINDOWS\vasi._dl
C:\WINDOWS\system32\epaf.dl
C:\WINDOWS\jycawoselo.pif
C:\WINDOWS\system32\lizusuwe.dl
C:\Documents and Settings\All Users\Dados de aplicativos\tilagawem.sys
C:\WINDOWS\fyjasyq.dl
C:\WINDOWS\system32\peruwuqi.bat
C:\WINDOWS\ovep.dll
C:\WINDOWS\sycaxuqide.vbs
C:\WINDOWS\ebikumese.dl
C:\WINDOWS\pojekefexy.vbs
C:\WINDOWS\apyw.bat
C:\WINDOWS\system32\uzoc.pif
C:\WINDOWS\punesyniva.inf
C:\WINDOWS\mykap.reg
C:\WINDOWS\system32\exis.exe
C:\WINDOWS\system32\sucul.pif
C:\WINDOWS\fury._sy
C:\WINDOWS\cesohuz.dl
C:\Documents and Settings\user\Dados de aplicativos\usonemirux.bat
C:\WINDOWS\icugip.exe
C:\WINDOWS\ypevo.sys
C:\Arquivos de programas\Arquivos comuns\naqom.bin
C:\Documents and Settings\All Users\Dados de aplicativos\ovycosyny.scr
C:\WINDOWS\kenugigahe.exe
C:\Documents and Settings\user\Dados de aplicativos\dafimoxag.pif
C:\WINDOWS\fymetohax.db
C:\Documents and Settings\user\Dados de aplicativos\adydir.exe
C:\Documents and Settings\All Users\Dados de aplicativos\asysyxo.dll
C:\WINDOWS\ykafefi.vbs
C:\WINDOWS\tafoqukiq.com
C:\Documents and Settings\user\Dados de aplicativos\irokyc.dll
C:\Documents and Settings\user\Dados de aplicativos\pubuwin.pif
C:\WINDOWS\cyju.dat
C:\Arquivos de programas\Arquivos comuns\ihino.bin
C:\WINDOWS\system32\TDSSlxwp.dll
C:\Arquivos de programas\Arquivos comuns\ygyf._dl
Folder::
C:\Arquivos de programas\AntivirusPro2009
C:\Documents and Settings\user\Dados de aplicativos\dxdlls
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a954b5-a243-11dc-a232-0018f35d0769}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8015075-d953-11dc-a2aa-0018f35d0769}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um arquivo zipado chamado de: Submit [Date Time].zip e também será criado um arquivo: CF-Submit-Previous.htm
  • Certifique-se que tem conexão à internet, pois terá de enviar uns arquivos para análise mais detalhada.
  • No seu computador, localize a pasta C:\Qoobox. Dentro dessa pasta verá um arquivo como nome "CF-Submit-Previous.htm", terá um icone semelhante a este: icon_html.png
  • my.php?image=iconhtmlmt3.png
  • Dê duplo clique nesse arquivo e uma página será aberta no seu Internet Explorer
  • Na caixa por baixo de "Submeter o malware para análise em Bleeping Computer", copie e cole o caminho para o arquivo que está a frente de "File path ---> (exemplo: C:\Qoobox\Quarantine\Submit [Date Time].zip)
  • Clique agora em "Send" para o arquivo ser enviado.
  • Cole o arquivo C:\ComboFix.txt na sua resposta.

Editado por Lusitano

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa tarde amigo , consegui fazer tudo que você pediu , ta ai o log do combo fix , mais uma vez obrigado e abraços

ComboFix 08-11-13.02 - user 2008-11-15 16:27:35.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.549 [GMT -2:00]

Executando de: c:\documents and settings\user\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\user\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\AntivirusPro2009

c:\arquivos de programas\Arquivos comuns\ihino.bin

c:\arquivos de programas\Arquivos comuns\naqom.bin

c:\arquivos de programas\Arquivos comuns\ygyf._dl

c:\documents and settings\All Users\Dados de aplicativos\asysyxo.dll

c:\documents and settings\All Users\Dados de aplicativos\ovycosyny.scr

c:\documents and settings\All Users\Dados de aplicativos\tilagawem.sys

c:\documents and settings\user\Dados de aplicativos\adydir.exe

c:\documents and settings\user\Dados de aplicativos\dafimoxag.pif

c:\documents and settings\user\Dados de aplicativos\dxdlls

c:\documents and settings\user\Dados de aplicativos\dxdlls\ActMon.ini

c:\documents and settings\user\Dados de aplicativos\dxdlls\dxdlg.exe

c:\documents and settings\user\Dados de aplicativos\dxdlls\imapdc.dll

c:\documents and settings\user\Dados de aplicativos\dxdlls\imapdd.dll

c:\documents and settings\user\Dados de aplicativos\irokyc.dll

c:\documents and settings\user\Dados de aplicativos\pubuwin.pif

c:\documents and settings\user\Dados de aplicativos\usonemirux.bat

c:\windows\apyw.bat

c:\windows\cesohuz.dl

c:\windows\cyju.dat

c:\windows\ebikumese.dl

c:\windows\fury._sy

c:\windows\fyjasyq.dl

c:\windows\fymetohax.db

c:\windows\icugip.exe

c:\windows\jycawoselo.pif

c:\windows\kenugigahe.exe

c:\windows\mykap.reg

c:\windows\ovep.dll

c:\windows\pojekefexy.vbs

c:\windows\punesyniva.inf

c:\windows\sycaxuqide.vbs

c:\windows\system32\epaf.dl

c:\windows\system32\exis.exe

c:\windows\system32\lizusuwe.dl

c:\windows\system32\peruwuqi.bat

c:\windows\system32\sucul.pif

c:\windows\system32\TDSSlxwp.dll

c:\windows\system32\uzoc.pif

c:\windows\system32ctcxcx32.dll

c:\windows\tafoqukiq.com

c:\windows\vasi._dl

c:\windows\ykafefi.vbs

c:\windows\ypevo.sys

.

---- Previous Run -------

.

c:\arquivos de programas\ActivationManager

c:\arquivos de programas\ActivationManager\Uninstall.exe

c:\documents and settings\user\Cookies\inysa._dl

c:\documents and settings\user\Cookies\loqodi._sy

c:\documents and settings\user\Cookies\mynepesug.sys

c:\documents and settings\user\Cookies\qeje.inf

c:\documents and settings\user\Cookies\vuwyko.dll

c:\documents and settings\user\Cookies\vybomas.dll

c:\documents and settings\user\Cookies\xaseloxi.lib

C:\kmd.exe

c:\windows\Downloaded Program Files\setup.inf

c:\windows\IE4 Error Log.txt

c:\windows\karna.dat

c:\windows\system32\_scui.cpl

c:\windows\system32\dao350.dll

c:\windows\system32\DelSelf.bat

c:\windows\system32\Drivers\TDSSmqlt.sys

c:\windows\system32\TDSScfum.dll

c:\windows\system32\TDSSnrsr.dll

c:\windows\system32\TDSSofxh.dll

c:\windows\system32\TDSSosvd.dat

c:\windows\system32\TDSSriqp.dll

c:\windows\system32\TDSStkdv.log

c:\windows\system32\wini10806.exe

c:\windows\winhelp.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Legacy_TDSSSERV.SYS

-------\Service_TDSSserv.sys

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-15 to 2008-11-15 ))))))))))))))))))))))))))))

.

2008-11-15 12:25 . 2008-11-15 14:12 2,218,528 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-11-15 12:25 . 2008-11-15 14:12 311,328 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2008-11-15 12:25 . 2008-11-15 14:12 18,412 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-11-15 12:25 . 2008-11-15 14:12 2,144 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2008-11-14 17:29 . 2008-11-14 17:46 <DIR> d-------- C:\!KillBox

2008-11-14 09:28 . 2008-11-14 09:28 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\Grisoft

2008-11-14 09:27 . 2008-11-14 09:27 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-14 09:27 . 2007-05-30 10:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys

2008-11-13 12:03 . 2008-11-13 12:03 96,976 --a------ c:\windows\system32\drivers\klin.dat

2008-11-13 12:03 . 2008-11-13 12:03 87,855 --a------ c:\windows\system32\drivers\klick.dat

2008-11-13 12:02 . 2008-11-13 12:02 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-11-13 09:15 . 2008-11-13 09:36 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-11-12 11:14 . 2006-12-08 11:55 <DIR> d--h----- c:\documents and settings\Administrador.CASA1\Modelos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d-------- c:\documents and settings\Administrador.CASA1\Meus documentos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> dr------- c:\documents and settings\Administrador.CASA1\Menu Iniciar

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d-------- c:\documents and settings\Administrador.CASA1\Favoritos

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> dr-h----- c:\documents and settings\Administrador.CASA1\Dados de aplicativos

2008-11-12 11:14 . 2008-11-15 16:29 <DIR> d--h----- c:\documents and settings\Administrador.CASA1\Configurações locais

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d--h----- c:\documents and settings\Administrador.CASA1\Ambiente de rede

2008-11-12 11:14 . 2006-12-08 09:50 <DIR> d--h----- c:\documents and settings\Administrador.CASA1\Ambiente de impressão

2008-11-12 11:14 . 2008-11-12 11:14 <DIR> d-------- c:\documents and settings\Administrador.CASA1

2008-11-12 10:45 . 2008-11-12 10:45 <DIR> d-------- c:\arquivos de programas\VS Revo Group

2008-11-12 08:04 . 2008-11-12 08:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg7

2008-11-12 08:02 . 2008-11-12 08:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 15:08 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-11-14 11:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-14 10:59 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2008-11-12 10:25 --------- d-----w c:\documents and settings\user\Dados de aplicativos\SolidWorks

2008-11-12 10:25 --------- d-----w c:\arquivos de programas\eMule

2008-10-13 20:35 --------- d-----w c:\arquivos de programas\Zylom Games

2008-10-11 16:06 --------- d-----w c:\documents and settings\user\Dados de aplicativos\Zylom

2008-10-11 16:06 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Zylom

2008-10-09 10:53 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-09-18 10:33 65,408 ----a-w C:\config.bin

2008-01-16 23:28 8 ---ha-w c:\arquivos de programas\dbisam.lck

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-05-27 413696]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152]

"!AVG Anti-Spyware"="c:\arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2005-04-05 c:\windows\system32\S3Trayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehCef.dll" [bU]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

c:\arquiv~1\GbPlugin\gbiehabn.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

c:\arquivos de programas\GbPlugin\gbieh.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

c:\arquivos de programas\GbPlugin\gbiehCef.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-07-03 03:23 116040 c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-02-13 21:09 486856 c:\documents and settings\user\Desktop\daemon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-09 14:30 289064 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]

--a------ 2008-01-02 16:38 8770864 c:\arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]

brastk.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"GbpSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird 1.5\bin\fbguard.exe -s []

R2 FLE5WNNT;FLE-5 WindowsNT Driver;\??\c:\windows\System32\Drivers\fle5wnnt.sys [2007-06-28 33404]

R2 FLSIFACE;FLSIface;\??\c:\windows\System32\Drivers\flsiface.sys [2007-06-28 12736]

R2 FLSPAR;FLSPar;\??\c:\windows\System32\Drivers\flspar.sys [2007-06-28 17178]

R2 FLSSER;FLSSer;\??\c:\windows\System32\Drivers\flsser.sys [2007-06-28 17880]

R2 FLSVCOM;FLSVCom;\??\c:\windows\System32\Drivers\flsvcom.sys [2007-06-28 32762]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird 1.5\bin\fbserver.exe -s []

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

R3 S3G700;S3G700;c:\windows\system32\DRIVERS\S3G700m.sys [2006-12-08 792576]

S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\DRIVERS\gnct511.sys [2006-12-28 229376]

S3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;c:\windows\system32\DRIVERS\rtl8180.SYS [2008-02-04 184320]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 16:29:46

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-11-15 16:32:38

ComboFix-quarantined-files.txt 2008-11-15 18:31:34

Pré-execução: 21 pasta(s) 17,891,815,424 bytes disponíveis

Pós execução: 21 pasta(s) 17,883,566,080 bytes disponíveis

212

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola amigo , agraco muito pela sua ajuda , vocês sao feras mesmo, meu computador voltou ao normal , obrigado e continuem assim valeuu

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×