Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Oi pessoal. Tô aqui com um PC infectado por uma praga que faz com que o IExplorer abra, constantemente, uma janela e tente acessar o endereço "http://www_getwindowinfo/" e toda vez que tento fechar a janela, abre uma nova, e outra, e mais outra e... Segue abaixo log do HiJack para análise.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:11, on 28/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\VMSnap3.exe
C:\Arquivos de programas\Java.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\ARQUIV~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\IExplore.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat
O4 - Global Startup: Java.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
--
End of file - 9246 bytes
Grande abraço,
Weick.
Opa, DigRam!
Saca só:
ComboFix
ComboFix 09-06-29.02 - Administrador 29/06/2009 20:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.580 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: ESET NOD32 sistema antivírus 2.70 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - drivers: deleted 308 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\svc.exe
c:\windows\system32\msconfig.exe
c:\windows\Tasks\startt.job
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))
.
2009-06-29 20:57 . 2009-06-29 20:58 -------- d-----w- c:\arquivos de programas\LG Electronics
2009-06-29 20:56 . 2009-06-29 20:56 -------- d-----w- C:\GSMULTI
2009-06-29 20:54 . 2009-06-29 20:55 -------- d-----w- C:\DOWNLOAD
2009-06-29 20:54 . 2009-06-29 20:54 -------- d-----w- C:\LG Electronics
2009-06-29 20:48 . 2009-06-29 20:48 -------- d-----w- C:\a
2009-06-29 20:09 . 2009-06-29 20:09 -------- d-----w- C:\install
2009-06-29 01:07 . 2009-06-29 01:08 401720 ----a-w- C:\HiJackThis.exe
2009-06-27 10:23 . 2008-11-03 12:45 3232373 ----a-w- c:\arquivos de programas\Java.exe
2009-06-26 19:24 . 2009-06-26 20:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-06-26 19:24 . 2009-06-26 19:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-26 19:19 . 2009-06-26 19:19 -------- d-----w- C:\Manual LG
2009-06-26 17:44 . 2009-06-26 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2009-06-26 17:39 . 2009-06-26 19:17 -------- d-----w- C:\VErsao d eSW - LG
2009-06-26 17:35 . 2009-06-16 09:25 104384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe
2009-06-26 16:53 . 2009-06-29 20:56 65536 ----a-w- c:\windows\IFinst27.exe
2009-06-26 16:52 . 2009-06-26 16:52 -------- d-----w- C:\Sistema LG
2009-06-26 16:35 . 2009-06-15 10:21 47048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2BLGMLauncher.exe
2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2009-06-26 16:35 . 2005-10-04 04:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-26 16:35 . 2009-06-17 09:12 124880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LiveUpdateAgent\B2BFileUpdateAgent.exe
2009-06-26 16:35 . 2009-06-24 10:28 210888 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BAppUninstall.exe
2009-06-26 16:35 . 2009-06-24 10:28 911296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BCheckApp.exe
2009-06-26 16:35 . 2009-06-24 10:26 458752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMUpgradeDL.dll
2009-06-26 16:35 . 2009-06-15 09:30 24576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDLRapi.dll
2009-06-26 16:35 . 2009-06-15 09:30 86016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDL.dll
2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\CommonDL.dll
2009-06-26 16:34 . 2009-06-26 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX
2009-06-26 16:34 . 2009-06-29 20:44 -------- d-----w- C:\Download LG
2009-06-20 03:09 . 2009-06-20 03:15 -------- d-----w- c:\arquivos de programas\MP4 Converter
2009-06-20 03:04 . 2009-06-20 03:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo
2009-06-20 02:53 . 2009-06-20 02:53 -------- d-----w- C:\MyDownloads
2009-06-20 01:46 . 2009-06-20 01:46 -------- d-----w- c:\arquivos de programas\Xilisoft
2009-06-12 04:04 . 2009-06-12 04:16 -------- d-----w- c:\arquivos de programas\ReadManiac
2009-06-07 22:24 . 2009-06-07 22:29 -------- d-----w- c:\arquivos de programas\All To AVI VCD SVCD DVD MPEG Converter Pro
2009-06-05 02:35 . 2009-06-05 02:35 -------- d-----w- c:\arquivos de programas\Intelore
2009-06-04 15:06 . 2009-06-04 15:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\dvdcss
2009-06-04 01:12 . 2009-06-22 06:34 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-06-01 00:26 . 2009-06-01 01:36 -------- d-----w- c:\arquivos de programas\MegaJogos
2009-05-31 21:24 . 2009-05-31 21:24 0 ----a-w- c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 20:58 . 2008-05-20 16:26 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-06-29 13:13 . 2008-05-29 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-06-29 00:47 . 2009-05-11 05:52 -------- d-----w- c:\arquivos de programas\jw
2009-06-27 14:03 . 2008-08-13 16:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-26 18:03 . 2008-05-29 21:59 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-06-26 17:48 . 2008-08-13 16:18 65536 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-06-26 17:48 . 2008-08-13 16:18 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-06-26 12:52 . 2008-05-26 14:46 -------- d-----w- c:\arquivos de programas\Motorola Service Tools
2009-06-25 19:57 . 2001-10-28 12:07 66614 ----a-w- c:\windows\system32\perfc016.dat
2009-06-25 19:57 . 2001-10-28 12:07 3260 ----a-w- c:\windows\system32\perfh016.dat
2009-06-22 14:08 . 2009-03-03 17:47 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2009-06-19 13:36 . 2008-05-21 14:20 -------- d-----w- c:\arquivos de programas\Motofone Reflash
2009-05-29 00:10 . 2009-05-29 00:06 103509 ------w- c:\windows\hpoins04.dat
2009-05-29 00:10 . 2009-05-29 00:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard
2009-05-25 23:33 . 2008-05-21 14:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-20 23:51 . 2008-05-21 14:01 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools
2009-05-20 23:45 . 2008-05-21 14:02 -------- d-----w- c:\arquivos de programas\Avanquest update
2009-05-16 17:53 . 2009-04-18 13:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-05-09 03:27 . 2009-05-09 03:05 -------- d-----w- c:\arquivos de programas\MIKSOFT
2009-05-07 23:48 . 2009-05-07 23:46 -------- d-----w- c:\arquivos de programas\Jasc Software Inc
2009-05-07 15:33 . 2008-09-25 13:56 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 01:05 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Go!Zilla
2009-05-03 20:47 . 2009-05-03 20:47 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Openworld Learning
2009-05-03 20:35 . 2009-05-03 20:35 -------- d-----w- c:\arquivos de programas\VIAudioi
2009-04-29 04:45 . 2004-08-04 05:45 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2008-09-25 13:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2008-09-25 13:56 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-09-25 13:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 13:01 . 2009-04-07 13:01 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
2009-04-07 13:00 . 2009-04-07 13:00 202827 -c--a-w- c:\windows\system32\atasnt40.dll
2009-04-01 14:50 . 2009-04-01 14:50 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"H/PC Connection Agent"="c:\arquiv~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"B2B_AGENT"="c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" [2009-06-16 104384]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2008-09-26 949376]
"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-11-05 61440]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Java"="c:\arquivos de programas\Java.exe" [2008-11-03 3232373]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
SIFT.lnk - c:\motorola\sift_startup.bat [2003-11-7 1923]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Java.exe [2008-11-3 3232373]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Motorola\\MotoConnect\\SWDL.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Arquivos de programas\\Motorola\\PST\\pst.exe"=
"c:\\Arquivos de programas\\Motofone Reflash\\F3_REFLASH.exe"=
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [3/3/2009 14:47 26984]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26/9/2008 17:09 15424]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [29/5/2008 18:59 53736]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [14/7/2008 14:56 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/12/2008 11:18 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/12/2008 11:18 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/12/2008 11:18 42112]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/8/2008 12:45 23296]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [14/7/2008 14:56 23680]
S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [14/7/2008 11:50 48896]
S3 UTS2pl;Foxlink Serial port driver;c:\windows\system32\drivers\UTS2pl.sys [25/5/2004 16:48 43264]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [28/5/2009 21:01 480128]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-06-29 c:\windows\Tasks\WGASetup.job
.
HKLM-Run-IMJPMIG8.2 - msime82.exe
HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.compartilhando.org/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: gigabyte.com.tw\download
TCP: {D636F3B8-7E95-42B0-A088-CBD4BDCCA67D} = 192.168.1.1
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/goldrush/sis/gamehouseplayer.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\gcdowtun.default\
FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 20:09
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.2 = msime82.exe???.
AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???c:\documents and???|???|????????????dor\Desktop\Vi
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquiv~1\GbPlugin\gbiehabn.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\imon.dll
c:\arquivos de programas\Eset\pr_imon.dll
c:\arquiv~1\GbPlugin\gbiehabn.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\arquivos de programas\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
c:\arquiv~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-06-29 20:13 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-06-29 23:13
Pré-execução: 47 pasta(s) 16.535.363.584 bytes disponíveis
Pós execução: 47 pasta(s) 16.532.922.368 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
251 --- E O F --- 2009-06-11 15:28
HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:34, on 29/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\VMSnap3.exe
C:\Arquivos de programas\Java.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\ARQUIV~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat
O4 - Global Startup: Java.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
--
End of file - 8589 bytes
Muito obrigado mais uma vez e vamo seguindo ;D
Weick.
Boa Noite! Weick
<@> Abra o Spybot Search & Destroy!
<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!
<@> Clique no botão Ferramentas e depois em Residente.
<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( *Proteção **geral** das configurações de sistema* )
<><><><><><><><><><>
<@> Baixe: < Malwarebytes >
<@> Atualize o programa!
<@> Escolha o escaneamento Completo!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.
<@> Para maiores detalhes: < Link >
<><><><><><><><><><>
<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.
Abraços!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Boa Noite! Weick
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: *O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!