Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

GunTZ

[Arquivado] Meu pc ta lento.....

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

GunTZ    0

GunTZ
Postado

olha o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:09:37, on 7/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: {e3aa65ab-4433-1feb-bf24-23d985d58101} - {10185d58-9d32-42fb-bef1-3344ba56aa3e} - C:\WINDOWS\system32\uuhjkrou.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tmgoxbto.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: (no name) - {E2044A13-2E05-4F5F-8A82-822B2740FCF3} - C:\WINDOWS\system32\ddccy.dll (file missing)

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [782ae590] rundll32.exe "C:\WINDOWS\system32\nkgbkvlk.dll",b

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200054958531

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{06578DBF-2E7C-47B5-ADC1-914B1AB76FEC}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{06578DBF-2E7C-47B5-ADC1-914B1AB76FEC}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CS2\Services\Tcpip\..\{06578DBF-2E7C-47B5-ADC1-914B1AB76FEC}: NameServer = 200.255.121.39 200.169.117.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: tmgoxbto - tmgoxbto.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia GunTZ!

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

GunTZ    0

GunTZ
Postado

olha o log do vundofix:

 

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:43:02 8/2/2008

 

Listing files found while scanning....

 

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\tmgoxbto.dll

C:\windows\system32\tmgoxbto.dllbox

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\tmgoxbto.dllbox

C:\windows\system32\tmgoxbto.dllbox Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:56:42 8/2/2008

 

Listing files found while scanning....

 

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

E agora o do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:08:25, on 8/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr .exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: {e3aa65ab-4433-1feb-bf24-23d985d58101} - {10185d58-9d32-42fb-bef1-3344ba56aa3e} - C:\WINDOWS\system32\uuhjkrou.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: (no name) - {E2044A13-2E05-4F5F-8A82-822B2740FCF3} - C:\WINDOWS\system32\ddccy.dll (file missing)

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200054958531

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

VLW!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite GunTZ!

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

>@< Esta entrada,no registro,indica que existem ítens desabilitados na inicialização.

>@< Vá ao Utilitário de configuração do sistema >> Clique na aba: Inicializar.

>@< Clique em: Ativar tudo >> Aplicar >> Fechar >> Reiniciar.

__________________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop! Mas,não execute-o ainda.

>@< Reinicie o computador,em Modo de Segurança. << Importante!

>@< Abra o HijackThis e clique em: Do a system scan only

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

O2 - BHO: {e3aa65ab-4433-1feb-bf24-23d985d58101} - {10185d58-9d32-42fb-bef1-3344ba56aa3e} - C:\WINDOWS\system32\uuhjkrou.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tmgoxbto.dll (file missing)

O2 - BHO: (no name) - {E2044A13-2E05-4F5F-8A82-822B2740FCF3} - C:\WINDOWS\system32\ddccy.dll (file missing)

O4 - HKLM\..\Run: [782ae590] rundll32.exe "C:\WINDOWS\system32\nkgbkvlk.dll",b

O20 - Winlogon Notify: tmgoxbto - tmgoxbto.dll (file missing)

>@< Ainda em Modo Seguro,execute o ComboFix.exe <!>

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no teclado ou mouse.

__________________________

 

>@< Poste o relatório: C:\ComboFix.txt + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

GunTZ    0

GunTZ
Postado

Olha o LOG do COMBOFIX:

 

ComboFix 08-02.05.3 - Fernando 2008-02-09 9:28:44.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.835 [GMT -2:00]

Executando de: C:\Documents and Settings\Fernando.HOME\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\klvkbgkn.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\yccdd.ini

C:\WINDOWS\system32\yccdd.ini2

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))

.

 

2008-02-09 09:14 . 2008-02-09 09:14 <DIR> d-------- C:\backups

2008-02-09 09:10 . 2008-01-10 23:10 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-02-09 09:10 . 2008-01-10 23:10 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-02-09 09:10 . 2008-02-09 09:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-02-09 09:10 . 2008-01-10 23:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-02-09 09:10 . 2008-01-10 23:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-02-09 09:09 . 2008-01-11 01:16 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-02-09 09:09 . 2008-01-10 23:10 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-02-09 09:09 . 2008-01-10 23:10 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-02-08 16:43 . 2008-02-08 16:54 <DIR> d-------- C:\VundoFix Backups

2008-02-07 21:07 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-02-07 18:35 . 2008-02-07 18:35 <DIR> d-------- C:\Arquivos de programas\Apostilas Objetiva

2008-02-07 08:57 . 2008-02-07 08:57 <DIR> d-------- C:\Arquivos de programas\PluginLetras

2008-02-06 14:33 . 2008-02-06 14:33 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2008-02-06 14:33 . 2008-02-09 08:59 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\AVG7

2008-02-06 14:33 . 2008-02-06 14:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-02-06 14:33 . 2008-02-06 14:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-02-06 14:32 . 2008-02-06 14:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Grisoft

2008-02-06 14:32 . 2008-02-06 15:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg7

2008-02-06 13:54 . 2008-02-06 13:54 <DIR> d-------- C:\Documents and Settings\FERNAN~1~HOM\CONFIG~1

2008-02-06 13:54 . 2008-02-08 21:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Digi338

2008-02-06 13:54 . 2003-01-21 15:45 114,688 --------- C:\WINDOWS\system32\JpegCode.dll

2008-02-06 13:54 . 2004-01-22 12:41 46,944 --------- C:\WINDOWS\system32\drivers\CoachUsb.sys

2008-02-06 13:54 . 2003-11-03 17:31 44,256 --------- C:\WINDOWS\system32\drivers\CoachVc.sys

2008-02-06 13:54 . 2004-02-03 15:09 41,984 --------- C:\WINDOWS\system32\CoachWia.dll

2008-02-06 13:54 . 2003-08-25 16:12 32,768 --a------ C:\WINDOWS\system32\infcpy.dll

2008-02-06 13:54 . 2003-11-04 17:54 16,896 --------- C:\WINDOWS\system32\CoachDlg.dll

2008-02-06 13:54 . 2004-01-06 13:10 8,192 --------- C:\WINDOWS\system32\CoachWrp.dll

2008-02-06 13:54 . 2003-05-08 16:58 5,632 --------- C:\WINDOWS\system32\CoachSti.dll

2008-02-06 13:54 . 2003-03-26 22:06 2,560 --------- C:\WINDOWS\system32\CoachTW.dll

2008-01-29 12:02 . 2008-01-29 12:42 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-01-29 12:01 . 2008-01-29 12:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2008-01-25 10:33 . 2008-01-25 10:33 <DIR> d-------- C:\WINDOWS\system32\AppData

2008-01-25 10:18 . 2008-01-25 10:18 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\585Soft

2008-01-24 16:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-24 16:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-23 15:19 . 2008-02-07 09:00 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Winamp

2008-01-23 15:19 . 2008-02-07 08:58 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-23 14:25 . 2008-01-23 14:28 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Tibia

2008-01-23 14:24 . 2008-02-08 01:05 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-01-23 01:56 . 2008-01-23 02:09 <DIR> d-------- C:\Arquivos de programas\DAP

2008-01-23 01:56 . 2008-01-23 01:56 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-01-23 01:56 . 2008-01-23 01:56 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-01-23 01:56 . 2008-01-23 01:56 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-01-22 17:01 . 2008-02-09 03:17 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2008-01-16 15:33 . 2008-01-16 15:34 <DIR> d-------- C:\WINDOWS\A3W_DATA

2008-01-16 15:33 . 2008-01-16 15:33 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\WINDOWS

2008-01-11 12:29 . 2008-01-11 12:29 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Contacts

2008-01-11 12:13 . 2008-01-11 12:13 <DIR> d-------- C:\Arquivos de programas\MSN Toolbar

2008-01-11 11:44 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-01-11 11:40 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-01-11 11:35 . 2008-01-11 11:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\nView_Profiles

2008-01-11 11:32 . 2008-01-11 11:47 <DIR> d-------- C:\WINDOWS\nview

2008-01-11 11:32 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-01-11 11:32 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-01-11 10:54 . 2008-01-11 10:54 101 --a------ C:\WINDOWS\CMMIXER.INI

2008-01-11 10:53 . 2008-02-09 03:36 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-11 10:42 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-01-11 10:42 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-01-11 10:42 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-01-11 10:42 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-01-11 10:42 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-01-11 09:57 . 2008-01-30 09:24 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

2008-01-11 09:49 . 2008-01-23 12:15 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Ahead

2008-01-11 09:47 . 2008-01-11 09:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2008-01-11 09:47 . 2008-01-11 09:47 <DIR> d-------- C:\Arquivos de programas\Nero

2008-01-11 09:26 . 2008-02-09 03:34 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\uTorrent

2008-01-11 09:26 . 2008-01-11 09:26 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-01-11 02:50 . 2008-01-11 02:50 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Talkback

2008-01-11 02:50 . 2008-01-11 02:50 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 02:39 . 2008-01-11 02:39 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Media Player Classic

2008-01-11 02:04 . 2008-01-11 09:42 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-01-11 01:58 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys

2008-01-11 01:58 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys

2008-01-11 01:39 . 2005-01-22 17:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-01-11 01:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-01-11 01:31 . 1998-11-13 13:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe

2008-01-11 01:25 . 2008-01-11 01:16 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Modelos

2008-01-11 01:25 . 2008-02-09 09:15 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Meus documentos

2008-01-11 01:25 . 2008-01-11 09:26 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Menu Iniciar

2008-01-11 01:25 . 2008-02-08 19:46 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Favoritos

2008-01-11 01:25 . 2008-02-06 14:33 <DIR> dr-h----- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos

2008-01-11 01:25 . 2008-02-06 15:11 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Configurações locais

2008-01-11 01:25 . 2008-01-10 23:10 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Ambiente de rede

2008-01-11 01:25 . 2008-01-10 23:10 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Ambiente de impressão

2008-01-11 01:24 . 2008-02-06 14:33 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2008-01-11 01:24 . 2008-01-11 01:24 <DIR> d--h----- C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais

2008-01-11 01:23 . 2008-01-11 01:23 <DIR> d-------- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2008-01-11 01:23 . 2008-01-11 01:23 <DIR> d--h----- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais

2008-01-11 01:23 . 2008-01-11 01:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-01-11 01:21 . 2001-10-28 16:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-01-11 01:20 . 2004-08-04 01:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-01-11 01:19 . 2008-01-11 01:19 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-01-11 01:19 . 2008-01-11 01:43 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 01:19 . 2008-01-11 01:43 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-11 01:19 . 2008-01-11 01:19 2,969 --a------ C:\WINDOWS\system32\CONFIG.NT

2008-01-11 01:19 . 2008-01-11 01:19 0 --a------ C:\WINDOWS\control.ini

2008-01-11 01:18 . 2008-01-11 01:43 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM

2008-01-11 01:18 . 2001-10-28 16:07 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex

2008-01-11 01:18 . 2008-01-11 01:18 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-09 04:57 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-02-06 17:02 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-06 15:54 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-11 03:58 --------- d-----w C:\Arquivos de programas\Mobile Partner

2008-01-11 03:32 --------- d-----w C:\Arquivos de programas\PCI Audio Applications

2008-01-11 03:31 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-01-11 00:47 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\uTorrent

2008-01-09 19:50 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Hamachi

2008-01-09 14:50 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Winamp

2008-01-07 21:36 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\mIRC

2008-01-05 22:48 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\InstallShield

2008-01-05 14:29 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\fretsonfire

2008-01-05 05:05 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Talkback

2008-01-05 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-01-05 04:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-01-05 00:49 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Media Player Classic

2008-01-04 22:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-01-04 21:06 --------- d-----w C:\Arquivos de programas\Infogrames Interactive

2008-01-04 20:42 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Yahoo!

2008-01-04 20:42 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\SiteAdvisor

2008-01-04 20:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-04 20:03 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Symantec

2008-01-04 19:57 --------- d-----w C:\Arquivos de programas\Media Player Classic

2008-01-04 19:06 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-01-04 15:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-01-04 15:11 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\InterTrust

2008-01-03 16:52 --------- d-----w C:\Arquivos de programas\7-Zip

2008-01-03 16:32 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Ahead

2008-01-03 16:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-01-03 16:16 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-01-03 15:45 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-01-03 15:44 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-01-03 15:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-01-03 15:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2008-01-03 13:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2008-01-03 13:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 03:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 03:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2002-07-29 08:24 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

<pre>----a-w		   155,648 2008-02-06 15:49:29  C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck .exe----a-w		   139,264 2008-02-06 15:49:32  C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor .exe----a-w			69,632 2008-01-09 05:07:05  C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch .exe----a-w		   196,608 2008-01-09 05:07:03  C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm .exe----a-w		 1,667,584 2008-01-29 14:53:43  C:\Arquivos de programas\Messenger\msmsgs .exe----a-w		 5,674,352 2008-02-06 15:49:37  C:\Arquivos de programas\MSN Messenger\msnmsgr .exe----a-w		   147,456 2008-02-06 15:49:28  C:\Arquivos de programas\PCI Audio Applications\Bin\EchoCtrl .exe----a-w			36,352 2008-01-24 13:19:41  C:\Arquivos de programas\Winamp\winampa .exe----a-w			15,360 2008-01-30 11:24:48  C:\WINDOWS\system32\ctfmon .exe</pre>

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" [2008-02-06 13:49 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 14:32 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GbPluginAbn"="C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2008-01-14 10:58 346536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-06 14:32 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-14 10:58 346536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-14 10:58 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

S3 DSCVc;Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 17:31]

S3 PciCon;PciCon;F:\PciCon.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e199696-bfe1-11dc-bf6c-806d6172696f}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725988-c94e-11dc-85a6-eb5b14a20242}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725989-c94e-11dc-85a6-eb5b14a20242}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba7902a9-bff6-11dc-8576-bc92af802700}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb81fdb-bff4-11dc-8575-0016ece9ce05}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c47-ca89-11dc-85ac-d915dca92c54}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c48-ca89-11dc-85ac-d915dca92c54}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-09 09:30:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-09 9:30:56

ComboFix-quarantined-files.txt 2008-02-09 11:30:47

ComboFix2.txt 2008-02-06 17:11:01

 

 

 

Olha agora o do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:34:14, on 9/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200054958531

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde GunTZ!

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

_____________________

 

>@< Selecione e copie,todo o conteúdo que está na área do Code,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

Killall::Folder::C:\VundoFix BackupsRenV::C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck .exeC:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor .exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch .exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm .exeC:\Arquivos de programas\Messenger\msmsgs .exeC:\Arquivos de programas\MSN Messenger\msnmsgr .exeC:\Arquivos de programas\PCI Audio Applications\Bin\EchoCtrl .exeC:\Arquivos de programas\Winamp\winampa .exeC:\WINDOWS\system32\ctfmon .exe

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt <!>

_____________________

 

>@< Como o Vundo,é uma infecção renitente,rode mais uma vez o VundoFix e poste o seu relatório.

_____________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Caso possa,procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

GunTZ    0

GunTZ
Postado

Olha o relatório do combofix:

 

ComboFix 08-02.05.3 - Fernando 2008-02-10 9:15:02.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.659 [GMT -3:00]

Executando de: C:\Documents and Settings\Fernando.HOME\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Fernando.HOME\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\VundoFix Backups

C:\VundoFix Backups\addmorefiles.txt

C:\VundoFix Backups\gbiehabn.dll.bad

C:\VundoFix Backups\tmgoxbto.dllbox.bad

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-09 23:26 . 2008-02-10 08:58 <DIR> d-------- C:\Downloads

2008-02-09 23:26 . 2008-02-09 23:26 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-02-09 23:25 . 2008-02-09 23:35 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-02-09 23:07 . 2008-02-09 23:08 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Tibia

2008-02-09 23:07 . 2008-02-09 23:07 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-02-09 08:14 . 2008-02-09 08:14 <DIR> d-------- C:\backups

2008-02-09 08:14 . 2004-08-04 00:45 400,384 --a------ C:\kmd.exe

2008-02-09 08:10 . 2008-01-10 22:10 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-02-09 08:10 . 2008-01-10 22:10 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-02-09 08:10 . 2008-02-09 08:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-02-09 08:10 . 2008-01-10 22:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-02-09 08:10 . 2008-01-10 22:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-02-09 08:09 . 2008-01-11 00:16 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-02-09 08:09 . 2008-01-10 22:10 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-02-09 08:09 . 2008-01-10 22:10 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-02-07 20:07 . 2005-02-16 10:06 218,112 --a------ C:\HijackThis.exe

2008-02-07 17:35 . 2008-02-07 17:35 <DIR> d-------- C:\Arquivos de programas\Apostilas Objetiva

2008-02-07 07:57 . 2008-02-07 07:57 <DIR> d-------- C:\Arquivos de programas\PluginLetras

2008-02-06 13:33 . 2008-02-06 13:33 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2008-02-06 13:33 . 2008-02-10 08:26 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\AVG7

2008-02-06 13:33 . 2008-02-06 13:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-02-06 13:33 . 2008-02-06 13:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-02-06 13:32 . 2008-02-06 13:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Grisoft

2008-02-06 13:32 . 2008-02-06 14:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg7

2008-02-06 12:54 . 2008-02-06 12:54 <DIR> d-------- C:\Documents and Settings\FERNAN~1~HOM\CONFIG~1

2008-02-06 12:54 . 2008-02-08 20:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Digi338

2008-02-06 12:54 . 2003-01-21 14:45 114,688 --------- C:\WINDOWS\system32\JpegCode.dll

2008-02-06 12:54 . 2004-01-22 11:41 46,944 --------- C:\WINDOWS\system32\drivers\CoachUsb.sys

2008-02-06 12:54 . 2003-11-03 16:31 44,256 --------- C:\WINDOWS\system32\drivers\CoachVc.sys

2008-02-06 12:54 . 2004-02-03 14:09 41,984 --------- C:\WINDOWS\system32\CoachWia.dll

2008-02-06 12:54 . 2003-08-25 15:12 32,768 --a------ C:\WINDOWS\system32\infcpy.dll

2008-02-06 12:54 . 2003-11-04 16:54 16,896 --------- C:\WINDOWS\system32\CoachDlg.dll

2008-02-06 12:54 . 2004-01-06 12:10 8,192 --------- C:\WINDOWS\system32\CoachWrp.dll

2008-02-06 12:54 . 2003-05-08 15:58 5,632 --------- C:\WINDOWS\system32\CoachSti.dll

2008-02-06 12:54 . 2003-03-26 21:06 2,560 --------- C:\WINDOWS\system32\CoachTW.dll

2008-01-29 11:02 . 2008-01-29 11:42 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-01-29 11:01 . 2008-01-29 11:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2008-01-25 09:33 . 2008-01-25 09:33 <DIR> d-------- C:\WINDOWS\system32\AppData

2008-01-25 09:18 . 2008-01-25 09:18 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\585Soft

2008-01-24 15:25 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-24 15:25 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-23 14:19 . 2008-02-07 08:00 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Winamp

2008-01-23 14:19 . 2008-02-10 09:15 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-23 00:56 . 2008-01-23 01:09 <DIR> d-------- C:\Arquivos de programas\DAP

2008-01-23 00:56 . 2008-01-23 00:56 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-01-23 00:56 . 2008-01-23 00:56 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-01-23 00:56 . 2008-01-23 00:56 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-01-22 16:01 . 2008-02-10 09:04 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2008-01-16 14:33 . 2008-01-16 14:34 <DIR> d-------- C:\WINDOWS\A3W_DATA

2008-01-16 14:33 . 2008-01-16 14:33 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\WINDOWS

2008-01-11 11:29 . 2008-01-11 11:29 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Contacts

2008-01-11 11:13 . 2008-01-11 11:13 <DIR> d-------- C:\Arquivos de programas\MSN Toolbar

2008-01-11 10:44 . 2007-12-05 01:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-01-11 10:40 . 2005-05-26 14:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-01-11 10:35 . 2008-01-11 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\nView_Profiles

2008-01-11 10:32 . 2008-01-11 10:47 <DIR> d-------- C:\WINDOWS\nview

2008-01-11 10:32 . 2007-12-05 00:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-01-11 10:32 . 2007-12-05 00:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-01-11 09:54 . 2008-01-11 09:54 101 --a------ C:\WINDOWS\CMMIXER.INI

2008-01-11 09:53 . 2008-02-10 08:59 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-11 09:42 . 2007-07-30 18:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-01-11 09:42 . 2007-07-30 18:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-01-11 09:42 . 2007-07-30 18:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-01-11 09:42 . 2007-07-30 18:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-01-11 09:42 . 2007-07-30 18:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-01-11 08:57 . 2008-01-30 08:24 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2008-01-11 08:57 . 2008-01-30 08:24 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2008-01-11 08:49 . 2008-01-23 11:15 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Ahead

2008-01-11 08:47 . 2008-01-11 08:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2008-01-11 08:47 . 2008-01-11 08:47 <DIR> d-------- C:\Arquivos de programas\Nero

2008-01-11 08:26 . 2008-02-10 02:53 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\uTorrent

2008-01-11 08:26 . 2008-01-11 08:26 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-01-11 01:50 . 2008-01-11 01:50 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Talkback

2008-01-11 01:50 . 2008-01-11 01:50 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 01:39 . 2008-01-11 01:39 <DIR> d-------- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos\Media Player Classic

2008-01-11 01:04 . 2008-01-11 08:42 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-01-11 00:58 . 2007-08-24 18:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys

2008-01-11 00:58 . 2007-08-24 18:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys

2008-01-11 00:39 . 2005-01-22 16:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-01-11 00:35 . 2006-09-25 16:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-01-11 00:31 . 1998-11-13 12:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe

2008-01-11 00:25 . 2008-01-11 00:16 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Modelos

2008-01-11 00:25 . 2008-02-09 08:15 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Meus documentos

2008-01-11 00:25 . 2008-01-11 08:26 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Menu Iniciar

2008-01-11 00:25 . 2008-02-09 23:11 <DIR> dr------- C:\Documents and Settings\Fernando.HOME\Favoritos

2008-01-11 00:25 . 2008-02-09 23:07 <DIR> dr-h----- C:\Documents and Settings\Fernando.HOME\Dados de aplicativos

2008-01-11 00:25 . 2008-02-09 08:31 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Configura‡äes locais

2008-01-11 00:25 . 2008-01-10 22:10 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Ambiente de rede

2008-01-11 00:25 . 2008-01-10 22:10 <DIR> d--h----- C:\Documents and Settings\Fernando.HOME\Ambiente de impressÆo

2008-01-11 00:24 . 2008-02-06 13:33 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2008-01-11 00:24 . 2008-02-09 08:30 <DIR> d--h----- C:\Documents and Settings\LocalService.AUTORIDADE NT\Configura‡äes locais

2008-01-11 00:23 . 2008-01-11 00:23 <DIR> d-------- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2008-01-11 00:23 . 2008-02-09 08:31 <DIR> d--h----- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configura‡äes locais

2008-01-11 00:23 . 2008-01-11 00:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-01-11 00:21 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-01-11 00:20 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-01-11 00:19 . 2008-01-11 00:19 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-01-11 00:19 . 2008-01-11 00:43 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 00:19 . 2008-01-11 00:43 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-11 00:19 . 2008-01-11 00:19 2,969 --a------ C:\WINDOWS\system32\CONFIG.NT

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 12:15 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-09 04:57 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-02-06 15:54 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-11 03:58 --------- d-----w C:\Arquivos de programas\Mobile Partner

2008-01-11 03:32 --------- d-----w C:\Arquivos de programas\PCI Audio Applications

2008-01-11 03:31 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-01-11 00:47 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\uTorrent

2008-01-09 19:50 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Hamachi

2008-01-09 14:50 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Winamp

2008-01-07 21:36 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\mIRC

2008-01-05 22:48 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\InstallShield

2008-01-05 14:29 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\fretsonfire

2008-01-05 05:05 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Talkback

2008-01-05 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-01-05 04:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-01-05 00:49 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Media Player Classic

2008-01-04 22:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-01-04 21:06 --------- d-----w C:\Arquivos de programas\Infogrames Interactive

2008-01-04 20:42 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Yahoo!

2008-01-04 20:42 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\SiteAdvisor

2008-01-04 20:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-04 20:03 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Symantec

2008-01-04 19:57 --------- d-----w C:\Arquivos de programas\Media Player Classic

2008-01-04 19:06 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-01-04 15:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-01-04 15:11 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\InterTrust

2008-01-03 16:52 --------- d-----w C:\Arquivos de programas\7-Zip

2008-01-03 16:32 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Ahead

2008-01-03 16:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-01-03 16:16 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-01-03 15:45 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-01-03 15:44 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-01-03 15:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-01-03 15:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2008-01-03 13:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2008-01-03 13:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 03:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 03:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2002-07-29 08:24 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-30 08:24 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 13:32 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-06 13:32 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-14 09:58 346536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-14 09:58 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

S3 DSCVc;Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 16:31]

S3 PciCon;PciCon;F:\PciCon.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e199696-bfe1-11dc-bf6c-806d6172696f}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b2886e-d775-11dc-85e2-98cb09f7ee48}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725988-c94e-11dc-85a6-eb5b14a20242}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725989-c94e-11dc-85a6-eb5b14a20242}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba7902a9-bff6-11dc-8576-bc92af802700}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba7902ac-bff6-11dc-8576-bc92af802700}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb81fdb-bff4-11dc-8575-0016ece9ce05}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c47-ca89-11dc-85ac-d915dca92c54}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c48-ca89-11dc-85ac-d915dca92c54}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 09:17:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-02-10 9:18:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-10 12:18:25

 

 

 

Olha o do Vundofix:

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 09:25:28 10/2/2008

 

Listing files found while scanning....

 

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 09:48:45 10/2/2008

 

Listing files found while scanning....

 

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 09:54:25 10/2/2008

 

Listing files found while scanning....

 

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

Beginning removal...

 

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

Olha agora o do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:02:24, on 10/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr .exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200054958531

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{06578DBF-2E7C-47B5-ADC1-914B1AB76FEC}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{06578DBF-2E7C-47B5-ADC1-914B1AB76FEC}: NameServer = 200.255.121.39 200.169.117.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

VLW !!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia GunTZ!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do code,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::G:\AutoRun.exeRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e199696-bfe1-11dc-bf6c-806d6172696f}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b2886e-d775-11dc-85e2-98cb09f7ee48}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725988-c94e-11dc-85a6-eb5b14a20242}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b725989-c94e-11dc-85a6-eb5b14a20242}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba7902a9-bff6-11dc-8576-bc92af802700}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba7902ac-bff6-11dc-8576-bc92af802700}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb81fdb-bff4-11dc-8575-0016ece9ce05}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c47-ca89-11dc-85ac-d915dca92c54}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce616c48-ca89-11dc-85ac-d915dca92c54}]

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito