Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Problema que nao consigo rodar nada no computador. Trava tudo e fica aparecendo uma solução para destruir os virus por nome SECURITY TOOL. Até mesmo o meu ANTI-VIRUS (o AVIRA) não consegue nem mesmo roda-lo. Com muito sacrificio consegui rodar o MALWAREBYTES (é bom lembrar que o mesmo não consegue ser atualizado pela internet pois acho eu que o VIRUS esta travando a atualização).
Portanto estou enviando o LOG do HIJACKTHIS.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:55, on 12/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\restorer64_a.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ESPI\restorer64_a.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ESPI\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\ESPI\CONFIG~1\Temp\Rar$EX04.187\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: HP Print Enhancer - {0347c33e-8762-4905-bf09-768834316c61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053f9267-dc04-4294-a72c-58f732d338c0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\ESPI\restorer64_a.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\ESPI\restorer32_a.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livro de recortes HP - {58ecb495-38f0-49cb-a538-10282abf65e7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259d7-1666-479a-93b1-3250410481e8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{868D875C-ACB3-46B2-9E7B-B0CF9A00C89E}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: PowerUtility TV Recording Reservation (eayeisuta94j0) - Unknown owner - C:\WINDOWS\system32\dawes.exe
O23 - Service: Firebird Guardian - DefaultInstance (firebirdguardiandefaultinstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (firebirdserverdefaultinstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\LBTServ.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 9071 bytes
eis o log do COMBOFIX
ComboFix 09-11-13.04 - ESPI 13/11/2009 9:37.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.446.183 [GMT -2:00]
Executando de: c:\documents and settings\ESPI\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - drivers: deleted 250 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\Arquivos comuns\fisi.pif
c:\arquivos de programas\Arquivos comuns\fyvo._dl
c:\arquivos de programas\Arquivos comuns\iqix.pif
c:\arquivos de programas\Arquivos comuns\omeb.pif
c:\arquivos de programas\Arquivos comuns\ovoxexuzoq.com
c:\arquivos de programas\Arquivos comuns\uwebyz._sy
c:\arquivos de programas\Arquivos comuns\wekajewoja.com
c:\documents and settings\All Users\Dados de aplicativos\dorykuwuhi._dl
c:\documents and settings\All Users\Dados de aplicativos\oqutizag._dl
c:\documents and settings\All Users\Dados de aplicativos\owoji.bin
c:\documents and settings\All Users\Dados de aplicativos\uhadozeb.com
c:\documents and settings\All Users\Dados de aplicativos\vycawid.bat
c:\documents and settings\All Users\Documentos\ebul._dl
c:\documents and settings\All Users\Documentos\emunirilu.dl
c:\documents and settings\All Users\Documentos\evivacafog.inf
c:\documents and settings\All Users\Documentos\iditywury.vbs
c:\documents and settings\All Users\Documentos\ukimuve.ban
c:\documents and settings\ESPI\Cookies\asimifok.sys
c:\documents and settings\ESPI\Cookies\cetafumeva.ban
c:\documents and settings\ESPI\Cookies\ciluroluz.dl
c:\documents and settings\ESPI\Cookies\pavym.dll
c:\documents and settings\ESPI\Cookies\qolowur.dat
c:\documents and settings\ESPI\Cookies\retohorara.scr
c:\documents and settings\ESPI\Cookies\sypys.com
c:\documents and settings\ESPI\Cookies\ymujez.bin
c:\documents and settings\ESPI\Dados de aplicativos\seres.exe
c:\documents and settings\ESPI\Dados de aplicativos\uhekotufaz.reg
c:\documents and settings\ESPI\Desktop\Security Tool.lnk
c:\documents and settings\ESPI\Menu Iniciar\Programas\Security Tool.lnk
c:\documents and settings\ESPI\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\memory
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-8116088116-0916891945-397709869-9543
c:\recycler\S-1-5-21-8665970460-9899661072-092570446-7401
c:\recycler\S-51-9-25-3434476501-1644491937-601003330-1214
c:\windows\idapyb.reg
c:\windows\oqyregolaf.dl
c:\windows\oruwaj._dl
c:\windows\poxuza.dl
c:\windows\system32\akiti.reg
c:\windows\system32\AutoRun.inf
c:\windows\system32\bususihiqa.vbs
c:\windows\system32\curi.bat
c:\windows\system32\cypazi._dl
c:\windows\system32\izyf.dll
c:\windows\system32\tuji.inf
c:\windows\system32\xoturivyc.bin
c:\windows\tuvigune.dl
c:\windows\winmgr
c:\windows\winmgr\licença.txt
c:\windows\winmgr\winmgr.chm
c:\windows\winmgr\winmgr.exe
c:\windows\yvoquvyf.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Service_AVPsys
(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))
.
2009-11-12 18:32 . 2009-11-06 19:32 586107 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-12 18:32 . 2009-10-03 01:15 479604 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-11-12 18:32 . 2009-09-15 18:58 106867 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-11-12 18:32 . 2009-09-03 18:24 127346 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-11-12 18:32 . 2009-11-11 18:08 364917 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-12 18:32 . 2009-11-06 19:32 2093432 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-12 18:32 . 2009-11-05 17:21 422261 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-12 18:32 . 2009-11-05 17:21 184694 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-12 18:32 . 2009-10-03 01:15 393587 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-11-12 18:32 . 2009-09-03 18:24 237940 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-11-12 18:32 . 2009-06-17 17:32 196987 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-11-12 18:32 . 2008-10-15 13:49 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-11-11 12:37 . 2009-03-30 12:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-11 12:37 . 2009-02-13 14:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-11 12:37 . 2009-02-13 14:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-11 12:37 . 2009-11-11 12:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-11-11 12:32 . 2009-10-01 11:38 33961728 ----a-w- c:\documents and settings\avira_antivir_personal_en(2).exe
2009-10-29 12:33 . 2009-11-10 23:10 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\HPAppData
2009-10-29 11:47 . 2009-10-29 11:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG
2009-10-29 11:45 . 2009-10-29 11:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY
2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant
2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP
2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP
2009-10-29 11:43 . 2009-10-29 11:43 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-10-29 11:43 . 2009-10-29 11:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard
2009-10-29 11:43 . 2009-10-29 11:45 -------- d-----w- c:\arquivos de programas\HP
2009-10-29 11:33 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-29 11:33 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-29 11:33 . 2009-10-29 11:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard
2009-10-29 11:33 . 2009-10-29 11:47 152122 ----a-w- c:\windows\hpoins14.dat
2009-10-29 11:33 . 2007-09-20 01:14 2000 ------w- c:\windows\hpomdl14.dat
2009-10-29 11:33 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-29 11:33 . 2007-03-28 16:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-10-29 11:33 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-29 11:33 . 2004-08-04 01:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-29 11:33 . 2004-08-04 01:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-29 11:32 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-29 11:32 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
2009-10-29 11:32 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2009-10-29 11:32 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-29 11:32 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2009-10-29 11:31 . 2004-08-04 01:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-29 11:31 . 2004-08-04 01:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-29 10:54 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 10:54 . 2009-11-12 20:09 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-10-29 10:54 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 12:56 . 2009-10-23 12:57 -------- d-----w- C:\BPA
2009-10-23 12:52 . 2009-10-23 12:52 -------- d-----w- c:\arquivos de programas\Datasus
2009-10-22 12:34 . 2005-11-14 13:00 383488 ----a-w- c:\windows\system32\midas.dll
2009-10-22 12:34 . 2009-10-22 12:34 -------- d-----w- C:\DATASUS
2009-10-22 12:34 . 2007-12-12 03:05 356437 ----a-w- c:\windows\system32\GDS32.DLL
2009-10-22 12:34 . 2009-10-22 12:34 -------- d-----w- c:\arquivos de programas\Firebird
2009-10-21 10:53 . 2009-10-21 10:53 11903 ----a-w- c:\windows\system32\onexodepe.dat
2009-10-20 17:26 . 2009-11-12 20:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\Malwarebytes
2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 12:37 . 2009-05-21 13:57 -------- d-----w- c:\arquivos de programas\Avira
2009-11-11 10:14 . 2009-06-12 12:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-11-11 10:14 . 2009-06-12 12:43 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-10-29 17:44 . 2009-09-22 16:24 0 ----a-w- c:\windows\system32\drivers\b2f1b0d9.sys
2009-10-23 14:46 . 2009-05-21 08:29 2970 ----a-w- c:\windows\system32\CONFIG.TMP
2009-10-19 10:59 . 2004-08-04 12:00 80328 ----a-w- c:\windows\system32\perfc016.dat
2009-10-19 10:59 . 2004-08-04 12:00 471354 ----a-w- c:\windows\system32\perfh016.dat
2009-10-15 17:48 . 2009-06-12 12:43 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2009-09-25 12:59 . 2009-09-25 12:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real
2009-09-25 12:59 . 2009-09-25 12:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared
2009-09-25 12:58 . 2009-09-25 12:58 -------- d-----w- c:\arquivos de programas\Real
2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\CyberLink
2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2009-09-22 19:47 . 2009-09-16 13:20 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\MassTube
2009-09-22 16:26 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-09-22 10:11 . 2009-05-21 11:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-22 10:08 . 2009-09-22 10:08 -------- d-----w- c:\arquivos de programas\Logitech
2009-09-22 10:08 . 2009-09-22 10:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogiShrd
2009-09-16 13:20 . 2009-09-16 13:20 -------- d-----w- c:\arquivos de programas\MassTube
2009-08-28 11:38 . 2009-05-21 13:58 71616 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-10-15 17:42 316192 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^nhaupd32.exe]
path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\nhaupd32.exe
backup=c:\windows\pss\nhaupd32.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^scandisk.dll]
path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\scandisk.dll
backup=c:\windows\pss\scandisk.dllStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^scandisk.lnk]
path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^uecupd32.exe]
path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\uecupd32.exe
backup=c:\windows\pss\uecupd32.exeStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4628:TCP"= 4628:TCP:rqwil
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/06/2009 10:43 30752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [11/11/2009 10:37 108289]
R2 firebirdguardiandefaultinstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/05/2009 14:43 55152]
R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [12/06/2009 10:43 54048]
R3 firebirdserverdefaultinstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S1 b2f1b0d9;b2f1b0d9;c:\windows\system32\drivers\b2f1b0d9.sys [22/09/2009 14:24 0]
S2 dbrwxux;Driver Task;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 10:00 14336]
S2 eayeisuta94j0;PowerUtility TV Recording Reservation;c:\windows\system32\dawes.exe --> c:\windows\system32\dawes.exe [?]
--- =Outros Serviços/Drivers Na Memória ---
NewlyCreated - MBR
Deregistered - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dbrwxux
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771}]
c:\c\Settings\cl.exe
.
.
------- Scan Suplementar -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {868D875C-ACB3-46B2-9E7B-B0CF9A00C89E} = 208.67.222.222
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\ESPI\Dados de aplicativos\Mozilla\Firefox\Profiles\1axfuva8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\documents and settings\ESPI\Dados de aplicativos\Mozilla\Firefox\Profiles\1axfuva8.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
Notify-LBTWlgn - c:\arquivos de programas\arquivos comuns\logishrd\bluetooth\LBTWlgn.dll
AddRemove-HijackThis - c:\docume~1\ESPI\CONFIG~1\Temp\Rar$EX00.969\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 09:46
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dbrwxux]
"ServiceDll"="c:\windows\system32\ybpfwlzm.dll"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\msi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-11-13 09:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-11-13 11:49
Pré-execução: 8 pasta(s) 20.657.803.264 bytes disponíveis
Pós execução: 18 pasta(s) 20.529.766.400 bytes disponíveis
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*Execute o Malwarebytes e faça uma atualização do programa.
*Terminada a atualização, feche-o.
*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro)
*Execute o Malwarebytes e na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.
*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt
*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
*Desative temporariamente seu antivírus
*Baixe o ComboFix e salve-o no desktop
*Feche o Internet Explorer e o Windows Explorer
*Duplo-clique no arquivo Combofix.exe
*Aceite o contrato
*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!! Para interromper o procedimento tecle [N]
*O programa será fechado automaticamente
*Cole o relatório criado em C:\combofix.txt