Logo Hardware.com.br
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas

Análise do log do HiJackThis

#1 Por Gabibaa 10/09/2010 - 19:14
Aê rapaziada, firmeza?

To precisando da ajuda de vcs mano !
Meu PC ta meio estranho acho que ele pode estar infectado

Será que por gentileza alquem poderia da uma olhada no log do HiJackThis
e ver se o PC está infectado?

Obrigado a Todos, pela ajuda ou não !
Ta aê o log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:05:48, on 10/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Gabriel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.aveclesaidants.fr/fichiers/UserFiles/edf5d6af01f22a1e7ec2c1b3d06657d6.txt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TaskServ.exe] C:\Users\Gabriel\AppData\TaskServ.exe
O4 - HKCU\..\Run: [msnmsgrs] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\msoobe32.exe
O4 - HKCU\..\Run: [Gbp Service] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\dchcp.exe
O4 - HKCU\..\Run: [Persistence ! System] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe
O4 - HKCU\..\Run: [SunJavaMdb] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\svchosf.exe
O4 - HKCU\..\Run: [explorer] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\bootcfgx.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca7dcbe7559860) (gupdate1ca7dcbe7559860) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6707 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#2 Por Espírita
10/09/2010 - 21:30
Faça o Download do AD-Remover.
http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe
* Salve-o no desktop.
* Execute-o
Clique em clean – Aguarde.

faça o download do HostsXpert:
http://www.funkytoad.com/download/HostsXpert.zip

* Extraia o arquivo.
* Execute-o., clique em Restore Ms Hosts e em seguida clique em make hosts read-only.

Obs-> Antes de executar o HostsXpert clique sobre o mesmo com botão direito do Mouse., vá em propriedades->modo de compatibilidade... escolha windows XP (SP3) e clique em aplicar.

-- acesse o site descrito abaixo e efetue uma verificação online:
http://www.eset.com/online-scanner

** http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html **
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas
#3 Por Gabibaa
10/09/2010 - 23:49
olha eu nao sei se vc vai precisar mas ta ai o log do AD-Remover

======= REPORT FROM AD-REMOVER 2.0.0.1,E | ONLY XP/VISTA/7 =======

Updated by C_XX on 06/09/10 at 15:20
Contact: AdRemover.contact[AT]gmail.com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:42:03 on 10/09/2010, Normal boot

Microsoft Windows 7 Ultimate (X86)
Gabriel@GABRIEL-PC (To Be Filled By O.E.M. To Be Filled By O.E.M.)

============== ACTION(S) ==============


0,Folder deleted: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
0,File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
0,Folder deleted: C:\Users\Gabriel\AppData\Roaming\Mozilla\FireFox\Profiles\i0ta5iqw.default\extensions\toolbar@ask.com
0,File deleted: C:\Users\Gabriel\AppData\Roaming\Mozilla\FireFox\Profiles\i0ta5iqw.default\searchplugins\conduit.xml
0,Folder deleted: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant
0,Folder deleted: C:\Program Files\Ask Search Assistant
0,Folder deleted: C:\Program Files\Ask.com
3,File deleted: C:\Windows\Installer\20d45b.msi

(!) -- Temporary files deleted.


-- File opened: C:\Users\Gabriel\AppData\Roaming\Mozilla\FireFox\Profiles\i0ta5iqw.default\Prefs.js --
Line deleted: user_pref("CT2406863.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...
Line deleted: user_pref("CT2406863.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...
Line deleted: user_pref("browser.search.defaultthis.engineName", "Bitroad BR Customized Web Search");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2406863&Sea...
Line deleted: user_pref("extensions.asktb.cbid", "NL");
Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&...
Line deleted: user_pref("extensions.asktb.first-launch-url", "hxxp://g.msn.com/0AD00002/1654658.1??PID=7232560&amp...
Line deleted: user_pref("extensions.asktb.l", "dis");
Line deleted: user_pref("extensions.asktb.last-config-req", "1271281453464");
Line deleted: user_pref("extensions.asktb.locale", "pt_BR");
Line deleted: user_pref("extensions.asktb.o", "14300");
Line deleted: user_pref("extensions.asktb.options-lang", "pt");
Line deleted: user_pref("extensions.asktb.options-locale", "UK");
Line deleted: user_pref("extensions.asktb.qsrc", "2871");
Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{3252b9ae-c69a-...
Line deleted: user_pref("extensions.testpilot.searchbar_study.originalMenu", "[\"Google\",\"Yahoo\",\"Bitroad BR C...
Line deleted: user_pref("extensions.toolbar@ask.com.install-event-fired", true);
-- File closed --


1,Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Key deleted: HKCU\Software\Ask.com
0,Key deleted: HKCU\Software\AskSearchAsst


E o log do scanner online

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c896aee13e7c5942907ecb96f563c826
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-11 02:44:27
# local_time=2010-09-10 11:44:27 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 16860151 16860151 0 0
# compatibility_mode=5893 16776573 100 94 0 35715813 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=101899
# found=3
# cleaned=3
# scan_time=2045
C:\Users\Gabriel\AppData\Winthkill.exe a variant of Win32/Delf.PJZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Gabriel\AppData\Local\temp\jar_cache8421971869217836606.tmp a variant of Win32/TrojanDownloader.Delf.PWJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Gabriel\Desktop\Nova pasta\Programas\017- Nero-7.8.5.0\Nero-7.8.5.0_ptb_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas
#6 Por Gabibaa
11/09/2010 - 00:02
log do Hijackthis saindo

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:01:56, on 11/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Gabriel\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.aveclesaidants.fr/fichiers/UserFiles/edf5d6af01f22a1e7ec2c1b3d06657d6.txt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TaskServ.exe] C:\Users\Gabriel\AppData\TaskServ.exe
O4 - HKCU\..\Run: [msnmsgrs] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\msoobe32.exe
O4 - HKCU\..\Run: [Gbp Service] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\dchcp.exe
O4 - HKCU\..\Run: [Persistence ! System] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe
O4 - HKCU\..\Run: [SunJavaMdb] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\svchosf.exe
O4 - HKCU\..\Run: [explorer] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\bootcfgx.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca7dcbe7559860) (gupdate1ca7dcbe7559860) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6463 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#7 Por Espírita
11/09/2010 - 00:11
hijackthis -> do a system scan only. selecione os itens:


O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKCU\..\Run: [TaskServ.exe] C:\Users\Gabriel\AppData\TaskServ.exe

O4 - HKCU\..\Run: [msnmsgrs] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\msoobe32.exe

O4- HKCU\..\Run: [Gbp Service] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\dchcp.exe

O4 - HKCU\..\Run: [Persistence ! System] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe

O4 - HKCU\..\Run: [SunJavaMdb] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\svchosf.exe

O4 - HKCU\..\Run: [explorer] C:\Users\Gabriel\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\bootcfgx.exe


clique em fix checked.

* faça o download do ComboFix., salve-o no desktop:
http://rapidshare.com/files/417101573/ComboFix.exe
ou
http://www.easy-share.com/1912151986/ComboFix.exe

* Desative temporariamente o seu Antivirus.
* Execute-o - Aceite o contrato.

Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!.
– O programa será fechado automaticamente. --

* envie o relatório criado em C:\combofix.txt e um novo Log do hijackthis.
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas
#8 Por Gabibaa
11/09/2010 - 09:05
ei wolf09 desculpa nao ter feito isso logo quando vc pediu e que eu estava com sono

mas olha ai o log do combofix

ComboFix 10-09-09.04 - Gabriel 11/09/2010 8:52.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2047.1448 [GMT -3:00]
Executando de: c:\users\Gabriel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Gabriel\ie_inf.log
c:\users\Gabriel\InstallShield Installation Information
c:\windows\system32\vbzlib1.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-11 to 2010-09-11 ))))))))))))))))))))))))))))
.

2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\users\Gabriel\AppData\Local\temp
2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 01:54 . 2010-09-11 01:54 -------- d-----w- c:\program files\ESET
2010-09-11 01:42 . 2010-09-11 03:01 -------- d-----w- c:\program files\Ad-Remover
2010-09-09 13:25 . 2010-09-09 13:25 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 5
2010-09-08 16:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-05 03:59 . 2010-09-05 03:59 81920 ----a-w- c:\windows\system32\subinacl.exe
2010-09-05 03:14 . 2010-09-05 03:14 -------- d-----w- c:\windows\Sun
2010-09-05 03:11 . 2010-09-05 03:11 -------- d-----w- c:\users\Gabriel\inf
2010-09-04 13:55 . 2010-09-04 13:55 8854 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{A5553D3F-4E44-4386-9752-1FD555CF4560}\UNINST_Uninstall_M_A5553D3F4E44438697521FD555CF4560.exe
2010-09-04 13:55 . 2010-09-04 13:55 53248 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{A5553D3F-4E44-4386-9752-1FD555CF4560}\Metal_Slug_Antholo_A5553D3F4E44438697521FD555CF4560_1.exe
2010-09-04 13:55 . 2010-09-04 13:55 53248 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{A5553D3F-4E44-4386-9752-1FD555CF4560}\Metal_Slug_Antholo_A5553D3F4E44438697521FD555CF4560.exe
2010-09-04 13:55 . 2010-09-04 13:55 53248 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{A5553D3F-4E44-4386-9752-1FD555CF4560}\ARPPRODUCTICON.exe
2010-09-04 13:53 . 2010-09-04 13:53 -------- d-----w- c:\program files\SCSI
2010-08-25 19:35 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 11:48 . 2009-11-19 22:18 -------- d-----w- c:\programdata\NVIDIA
2010-09-10 17:59 . 2009-11-19 14:33 -------- d-----w- c:\users\Gabriel\AppData\Roaming\Orbit
2010-09-09 18:21 . 2009-11-20 00:13 -------- d-----w- c:\users\Gabriel\AppData\Roaming\uTorrent
2010-09-09 18:08 . 2010-03-11 17:41 -------- d-----w- c:\program files\JDownloader
2010-09-07 15:11 . 2010-02-26 22:47 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-26 22:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-26 22:48 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-26 22:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-26 22:48 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-02-26 22:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-31 13:43 . 2009-11-29 17:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-23 21:45 . 2009-11-21 01:43 -------- d-----w- c:\program files\DsNET Corp
2010-08-11 23:47 . 2009-11-19 14:36 -------- d-----w- c:\programdata\Microsoft Help
2010-08-09 14:17 . 2010-08-09 14:15 -------- d-----w- c:\program files\Megacubo
2010-08-09 14:16 . 2010-08-09 14:16 -------- d-----w- c:\program files\SopCast
2010-08-06 01:49 . 2009-07-14 08:31 663766 ----a-w- c:\windows\system32\prfh0416.dat
2010-08-06 01:49 . 2009-07-14 08:31 129764 ----a-w- c:\windows\system32\prfc0416.dat
2010-08-03 21:30 . 2009-11-19 13:13 120792 ----a-w- c:\users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 17:12 . 2010-08-03 17:12 -------- d-----w- c:\program files\VirtualDJ
2010-07-31 14:33 . 2009-11-19 20:40 -------- d-----w- c:\programdata\DVD Shrink
2010-07-30 20:06 . 2010-05-19 12:59 -------- d-----w- c:\program files\Ubi Soft
2010-07-30 18:29 . 2009-12-03 22:57 -------- d-----w- c:\programdata\Ubisoft
2010-07-29 06:30 . 2010-08-11 17:34 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 17:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 19:13 . 2009-11-19 20:19 -------- d-----w- c:\program files\Windows Live
2010-07-13 17:44 . 2010-07-06 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-01 23:45 . 2010-06-13 15:03 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-01 23:44 . 2010-06-13 15:42 56 --sh--r- c:\windows\system32\7D5F2AA853.sys
2010-07-01 23:01 . 2010-06-13 15:22 65536 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-07-01 23:01 . 2010-06-13 15:22 10134 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2010-07-01 13:09 . 2010-07-01 13:09 0 ----a-w- c:\users\Gabriel\temp1.tmp
2010-06-30 06:25 . 2010-08-11 17:30 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 17:30 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 17:30 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 17:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-20 16:25 . 2010-06-20 16:25 1784 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-06-19 06:33 . 2010-08-11 17:37 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 17:37 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 17:34 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 17:30 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 17:30 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 17:35 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-08 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKLM\~\startupfolder\C:^Users^Gabriel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Patch Brazukas Ultimate - Pes2010.lnk]
path=c:\users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Patch Brazukas Ultimate - Pes2010.lnk
backup=c:\windows\pss\Patch Brazukas Ultimate - Pes2010.lnk.Startup
backupExtension=.Startup

R2 gupdate1ca7dcbe7559860;Google Update Service (gupdate1ca7dcbe7559860);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-19 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]

.
.
------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\i0ta5iqw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Gabriel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-419929674-745333116-3834294517-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,98,a9,fb,ed,23,35,70,51,3c,14,33,a3,0b,5f,be,af,72,5c,41,d8,
a7,6a,fc,29,d8,d7,d4,7f,9e,96,2e,32,b7,6a,60,dd,b7,2c,34,f1,41,08,d9,b0,02,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-09-11 09:02:37
ComboFix-quarantined-files.txt 2010-09-11 12:02

Pré-execução: 8.416.837.632 bytes disponíveis
Pós execução: 8.398.843.904 bytes disponíveis

- - End Of File - - D104D94D21D3352871F4F80020141C08

e ai o log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:03:19, on 11/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gabriel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca7dcbe7559860) (gupdate1ca7dcbe7559860) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5209 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#9 Por Espírita
11/09/2010 - 11:36
Iniciar->executar.... combofix /uninstall clique Ok ou tecle enter.

hijackthis -> log limpo.

* Mas vamos a uma contra-prova.

Avast->Escaneamento->Escaneamento ao Reiniciar.... selecione os itens a serem verificados... clique em agendar.... reiniciar o computador.

Faça o download do Malwarebytes:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Instale o aplicativo, atualiza-o e efetue uma verificação completa.
Quando terminar o scan., se algum "malware" foi detectado., clique em (Exibir resultado), e depois clique em (remover selecionados).
Abrirá um Relatório automatico, Copia e cole aqui.
As infecções serão enviadas para quarentena., e alguns tipos poderão exigir a reinicialização do sistema.
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas
#10 Por Gabibaa
11/09/2010 - 17:25
olha o log do malwarebyts ae

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4594

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/09/2010 17:14:26
mbam-log-2010-09-11 (17-14-26).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 226786
Tempo decorrido: 1 hora(s), 13 minuto(s), 14 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 2

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\Program Files\Alldj_DVD_To_AVI\crack.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows\System32\subinacl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#11 Por Espírita
11/09/2010 - 17:33
Execute o Malwarebytes->Aba quarentena....clique em apagar tudo.

faça o download do wise registry cleaner:
http://download.cnet.com/Wise-Registry-Cleaner-Free/3000-18512_4-10605508.html?tag=mncol

Instale o aplicativo., ao executá-lo selecione todas as opções a esquerda e clique em verificar. Encontrando erros selecione todos(sem excessão) e clique em corrigir.

faça o download do advanced system care:
http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html?tag=mncol

Instale o aplicativo e efetue uma limpeza e otimização no sistema.

após os procedimentos., novo log do hijackthis
Gabibaa
Gabibaa Novo Membro Registrado
45 Mensagens 0 Curtidas
#12 Por Gabibaa
11/09/2010 - 18:15
log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:00, on 11/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Users\Gabriel\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca7dcbe7559860) (gupdate1ca7dcbe7559860) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5271 bytes
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal