[Arquivado] PC LENTO....

[GunTZ 0]

olha o log...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:46:15, on 15/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Temp\Rar$EX00.219\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204847715492

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7341606C-DC9B-4647-90D7-9E864DFAEECE}: NameServer = 200.255.121.39 200.169.117.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: hpdj - HP - C:\Temp\hpdj.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[jgarcia 1]

Opa GunTZ,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[GunTZ 0]

olha o log do hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 20:59:17, on 18/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Temp\Rar$EX00.531\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204847715492

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7341606C-DC9B-4647-90D7-9E864DFAEECE}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CCS\Services\Tcpip\..\{A11C8494-A708-4FB5-9980-CA8E8D77966E}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: hpdj - Unknown owner - C:\Temp\hpdj.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

 

 

 

OLHA AGORA O DO COMBO FIX:

 

 

ComboFix 08-03-17.1 - Kako 2008-03-18 20:53:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.599 [GMT -3:00]

Executando de: C:\Documents and Settings\Kako\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\bjam.dll

C:\WINDOWS\default.htm

C:\WINDOWS\mspphe.dll

C:\WINDOWS\salm.exe

C:\WINDOWS\system32\msixu.dll

C:\WINDOWS\TEMP\salm.exe

C:\WINDOWS\voiceip.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))

.

 

2008-03-18 09:40 . 2008-03-18 09:40 <DIR> d-------- C:\Temp\WPDNSE

2008-03-18 09:07 . 2008-03-18 09:07 <DIR> d-------- C:\Temp\hsperfdata_Kako

2008-03-17 22:14 . 2008-03-17 22:40 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Hamachi

2008-03-17 22:13 . 2008-03-17 22:14 <DIR> d-------- C:\Arquivos de programas\Hamachi

2008-03-17 22:13 . 2008-03-17 22:13 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-17 21:27 . 2008-03-17 21:27 <DIR> d-------- C:\Temp\OIS

2008-03-16 14:00 . 2008-03-16 14:33 <DIR> d-------- C:\Temp\msohtml1

2008-03-16 14:00 . 2008-03-16 14:00 <DIR> d-------- C:\Temp\msohtml

2008-03-16 12:29 . 2008-03-16 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-03-16 11:58 . 2004-12-29 02:57 17,505 -ra------ C:\DBI.EXE

2008-03-16 11:19 . 2008-03-16 11:19 <DIR> d-------- C:\Temp\VBE

2008-03-16 09:12 . 2008-03-18 20:25 <DIR> d-------- C:\Temp\MessengerCache

2008-03-13 21:17 . 2008-03-13 21:17 <DIR> d-------- C:\Arquivos de programas\Matroska Pack

2008-03-13 20:43 . 2008-03-13 20:49 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\DivX

2008-03-13 20:42 . 2008-03-13 20:57 <DIR> d-------- C:\Arquivos de programas\DivX

2008-03-13 20:08 . 2008-03-13 20:24 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\BSplayer PRO

2008-03-13 20:07 . 2008-03-13 20:24 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-03-13 07:20 . 2008-03-13 07:20 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Publish Providers

2008-03-13 07:16 . 2008-03-13 07:16 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Sony

2008-03-13 07:15 . 2008-03-13 07:15 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2008-03-13 07:14 . 2008-03-13 07:14 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-03-13 07:14 . 2008-03-13 07:15 <DIR> d-------- C:\Arquivos de programas\Sony

2008-03-12 22:11 . 2008-03-12 22:11 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-12 21:56 . 2008-03-12 21:56 <DIR> d-------- C:\Arquivos de programas\XeFlashPlayer

2008-03-12 18:47 . 2008-03-12 18:47 <DIR> d-------- C:\WINDOWS\system32\InstallShield Installation Information

2008-03-12 18:47 . 2008-03-12 18:47 <DIR> d-------- C:\Temp\Temporary Internet Files

2008-03-12 17:20 . 2008-03-12 19:19 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\SUPERAntiSpyware.com

2008-03-12 17:20 . 2008-03-12 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-03-12 17:20 . 2008-03-12 19:19 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-03-12 16:49 . 2008-03-12 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-03-12 16:45 . 2008-03-12 16:54 <DIR> d-------- C:\Arquivos de programas\real

2008-03-12 16:24 . 2008-03-12 16:24 20,736 --a------ C:\WINDOWS\123messenger.per

2008-03-12 15:32 . 2008-03-12 18:30 <DIR> d-------- C:\WINDOWS\FLEOK

2008-03-12 15:28 . 2008-03-12 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-03-12 15:28 . 2008-03-12 15:28 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-03-12 15:27 . 2008-03-16 12:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-12 14:47 . 2008-03-12 14:51 56 -r-hs---- C:\WINDOWS\system32\BAAEB96D13.sys

2008-03-12 14:42 . 2008-03-12 14:42 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Corel

2008-03-12 14:42 . 2008-03-12 15:17 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-12 14:40 . 2008-03-12 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-03-12 14:36 . 2008-03-12 14:36 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-12 14:36 . 2008-03-12 14:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-12 14:13 . 2008-03-12 14:13 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\PC Tools

2008-03-12 14:13 . 2008-03-12 15:02 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-03-12 14:13 . 2007-05-23 16:58 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-12 14:13 . 2007-05-23 16:58 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-12 14:13 . 2007-05-23 16:58 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-12 14:13 . 2007-05-23 16:58 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys

2008-03-12 14:13 . 2007-05-23 16:58 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-12 14:12 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-03-12 14:12 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-12 13:55 . 2008-03-12 13:55 4 --a------ C:\WINDOWS\system32\winfrun32.bin

2008-03-12 13:37 . 2008-03-12 14:11 <DIR> d-------- C:\Arquivos de programas\MagicISO

2008-03-10 00:48 . 2008-03-10 01:04 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-09 18:18 . 2008-03-10 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-09 18:18 . 2008-03-09 19:06 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-03-09 14:32 . 2005-01-22 16:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-03-08 18:39 . 2003-09-24 09:44 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll

2008-03-08 18:39 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2008-03-08 18:39 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2008-03-08 18:39 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2008-03-08 18:39 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2008-03-08 18:39 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2008-03-08 18:07 . 2008-03-08 18:07 <DIR> d-------- C:\Arquivos de programas\HP

2008-03-08 18:07 . 2008-03-08 18:07 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-03-08 18:06 . 2008-03-08 18:02 250,024 --a------ C:\WINDOWS\hpdj3600.hi1

2008-03-08 18:06 . 2008-03-08 18:02 9,265 --a------ C:\WINDOWS\hpdj3600.bu1

2008-03-08 18:05 . 2008-03-08 18:06 <DIR> d-------- C:\Arquivos de programas\0900a5a280314c4c

2008-03-08 17:57 . 2008-03-08 18:11 215,341 --a------ C:\WINDOWS\hpdj3600.his

2008-03-08 17:57 . 2008-03-08 18:11 10,031 --a------ C:\WINDOWS\hpdj3600.ini

2008-03-08 17:07 . 2008-03-16 00:29 <DIR> d-------- C:\Arquivos de programas\Registry Clean Expert

2008-03-08 15:09 . 2008-03-08 17:20 101 --a------ C:\WINDOWS\CMMIXER.INI

2008-03-08 10:32 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-08 10:32 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-03-08 10:31 . 2008-03-08 10:31 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-03-08 10:31 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys

2008-03-08 10:31 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys

2008-03-08 10:31 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys

2008-03-08 10:31 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys

2008-03-08 10:31 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys

2008-03-08 10:31 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys

2008-03-08 10:31 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys

2008-03-08 10:31 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-03-08 10:31 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d-------- C:\Arquivos de programas\Samsung

2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-08 10:29 . 2008-03-08 10:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-07 22:16 . 2008-03-07 22:16 <DIR> d-------- C:\Arquivos de programas\WinPcap

2008-03-07 22:16 . 2008-03-09 14:33 <DIR> d-------- C:\Arquivos de programas\WC3Banlist

2008-03-07 14:29 . 2008-03-18 20:54 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\uTorrent

2008-03-07 14:29 . 2008-03-12 17:15 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-07 12:38 . 2008-03-07 12:38 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Media Player Classic

2008-03-07 12:21 . 2008-03-07 12:21 268 --ah----- C:\sqmdata00.sqm

2008-03-07 12:21 . 2008-03-07 12:21 244 --ah----- C:\sqmnoopt00.sqm

2008-03-07 12:01 . 2008-03-07 12:59 <DIR> d-------- C:\Documents and Settings\Kako\Contacts

2008-03-07 11:44 . 2008-03-07 11:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-07 11:30 . 2008-03-08 18:45 62 --a------ C:\WINDOWS\CMSurround.ini

2008-03-07 11:11 . 2008-03-07 11:11 4,187,648 --a------ C:\WINDOWS\krn4.exe

2008-03-07 11:00 . 2008-03-08 11:47 32 --a------ C:\WINDOWS\go

2008-03-07 09:06 . 2008-03-07 09:06 <DIR> d-------- C:\Arquivos de programas\Programas RFB

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 20:17 --------- d-----w C:\Arquivos de programas\ESET

2008-03-06 22:03 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-03-06 21:43 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-06 21:42 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-03-06 21:42 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-03-06 21:41 --------- d-----w C:\Arquivos de programas\Foxit

2008-03-06 21:41 --------- d-----w C:\Arquivos de programas\Editpad

2008-03-06 21:40 --------- d-----w C:\Arquivos de programas\Java

2008-03-06 21:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-06 21:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-06 21:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2002-07-29 08:24 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-07-29 05:24 1228800 C:\WINDOWS\mixer.exe]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48 157592]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-14 10:58 346536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-14 10:58 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 19:04 139264 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-10-23 19:51 233472 C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 11:24 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2005-07-22 23:40 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]

--a------ 2008-03-08 17:08 601848 C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c5e6db4-eba5-11dc-919d-806d6172696f}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 20:55:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-18 20:55:37

ComboFix-quarantined-files.txt 2008-03-18 23:55:36

[jgarcia 1]

Opa GunTZ,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Reabilite o seu anti-vírus;

 

10. Poste o log do SmitfraudFix (opção 2) + log ComboFix (gerado em Modo Normal).

 

Abraços.

[GunTZ 0]

olha ai o log do SmitFraudFix:

 

SmitFraudFix v2.305

 

Scan done at 9:32:36,39, qui 20/03/2008

Run from C:\Documents and Settings\Kako\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\winfrun32.bin Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A11C8494-A708-4FB5-9980-CA8E8D77966E}: NameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A11C8494-A708-4FB5-9980-CA8E8D77966E}: NameServer=192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{A11C8494-A708-4FB5-9980-CA8E8D77966E}: NameServer=192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

OLHA AGORA O DO COMBOFIX:

 

ComboFix 08-03-17.1 - Kako 2008-03-20 10:09:00.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.640 [GMT -3:00]

Executando de: E:\Programas\Anti-virus\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))

.

 

2008-03-20 10:09 . 2008-03-20 10:09 <DIR> d-------- C:\Temp\WPDNSE

2008-03-20 09:56 . 2008-03-20 09:56 <DIR> d-------- C:\Temp\Rar$DR00.360

2008-03-20 09:46 . 2008-03-20 09:46 <DIR> d-------- C:\Temp\~nsu.tmp

2008-03-20 09:32 . 2008-03-20 09:32 2,198 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-19 19:09 . 2008-03-19 19:09 <DIR> d-------- C:\Temp\OIS

2008-03-18 20:58 . 2008-03-19 20:37 <DIR> d-------- C:\Temp\MessengerCache

2008-03-17 22:14 . 2008-03-17 22:40 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Hamachi

2008-03-17 22:13 . 2008-03-17 22:14 <DIR> d-------- C:\Arquivos de programas\Hamachi

2008-03-17 22:13 . 2008-03-17 22:13 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-16 12:29 . 2008-03-16 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-03-16 11:58 . 2004-12-29 02:57 17,505 -ra------ C:\DBI.EXE

2008-03-13 21:17 . 2008-03-13 21:17 <DIR> d-------- C:\Arquivos de programas\Matroska Pack

2008-03-13 20:43 . 2008-03-13 20:49 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\DivX

2008-03-13 20:42 . 2008-03-13 20:57 <DIR> d-------- C:\Arquivos de programas\DivX

2008-03-13 20:08 . 2008-03-13 20:24 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\BSplayer PRO

2008-03-13 20:07 . 2008-03-13 20:24 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-03-13 07:20 . 2008-03-13 07:20 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Publish Providers

2008-03-13 07:16 . 2008-03-13 07:16 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Sony

2008-03-13 07:15 . 2008-03-13 07:15 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2008-03-13 07:14 . 2008-03-13 07:14 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-03-13 07:14 . 2008-03-13 07:15 <DIR> d-------- C:\Arquivos de programas\Sony

2008-03-12 22:11 . 2008-03-12 22:11 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-12 21:56 . 2008-03-12 21:56 <DIR> d-------- C:\Arquivos de programas\XeFlashPlayer

2008-03-12 18:47 . 2008-03-12 18:47 <DIR> d-------- C:\WINDOWS\system32\InstallShield Installation Information

2008-03-12 17:20 . 2008-03-12 19:19 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\SUPERAntiSpyware.com

2008-03-12 17:20 . 2008-03-12 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-03-12 17:20 . 2008-03-12 19:19 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-03-12 16:49 . 2008-03-12 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-03-12 16:45 . 2008-03-12 16:54 <DIR> d-------- C:\Arquivos de programas\real

2008-03-12 16:24 . 2008-03-12 16:24 20,736 --a------ C:\WINDOWS\123messenger.per

2008-03-12 15:32 . 2008-03-12 18:30 <DIR> d-------- C:\WINDOWS\FLEOK

2008-03-12 15:28 . 2008-03-12 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-03-12 15:28 . 2008-03-12 15:28 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-03-12 15:27 . 2008-03-16 12:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-12 14:47 . 2008-03-12 14:51 56 -r-hs---- C:\WINDOWS\system32\BAAEB96D13.sys

2008-03-12 14:42 . 2008-03-12 14:42 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Corel

2008-03-12 14:42 . 2008-03-12 15:17 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-12 14:40 . 2008-03-12 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-03-12 14:36 . 2008-03-12 14:36 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-12 14:36 . 2008-03-12 14:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-12 14:13 . 2008-03-12 14:13 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\PC Tools

2008-03-12 14:13 . 2008-03-12 15:02 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-03-12 14:13 . 2007-05-23 16:58 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-12 14:13 . 2007-05-23 16:58 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-12 14:13 . 2007-05-23 16:58 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-12 14:13 . 2007-05-23 16:58 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys

2008-03-12 14:13 . 2007-05-23 16:58 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-12 14:12 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-03-12 14:12 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-12 13:37 . 2008-03-12 14:11 <DIR> d-------- C:\Arquivos de programas\MagicISO

2008-03-10 00:48 . 2008-03-10 01:04 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-09 18:18 . 2008-03-10 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-09 18:18 . 2008-03-09 19:06 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-03-09 14:32 . 2005-01-22 16:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-03-08 18:39 . 2003-09-24 09:44 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll

2008-03-08 18:39 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2008-03-08 18:39 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2008-03-08 18:39 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2008-03-08 18:39 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2008-03-08 18:39 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2008-03-08 18:07 . 2008-03-08 18:07 <DIR> d-------- C:\Arquivos de programas\HP

2008-03-08 18:07 . 2008-03-08 18:07 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-03-08 18:06 . 2008-03-08 18:02 250,024 --a------ C:\WINDOWS\hpdj3600.hi1

2008-03-08 18:06 . 2008-03-08 18:02 9,265 --a------ C:\WINDOWS\hpdj3600.bu1

2008-03-08 18:05 . 2008-03-08 18:06 <DIR> d-------- C:\Arquivos de programas\0900a5a280314c4c

2008-03-08 17:57 . 2008-03-08 18:11 215,341 --a------ C:\WINDOWS\hpdj3600.his

2008-03-08 17:57 . 2008-03-08 18:11 10,031 --a------ C:\WINDOWS\hpdj3600.ini

2008-03-08 17:07 . 2008-03-16 00:29 <DIR> d-------- C:\Arquivos de programas\Registry Clean Expert

2008-03-08 15:09 . 2008-03-08 17:20 101 --a------ C:\WINDOWS\CMMIXER.INI

2008-03-08 10:32 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-08 10:32 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-03-08 10:31 . 2008-03-08 10:31 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-03-08 10:31 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys

2008-03-08 10:31 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys

2008-03-08 10:31 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys

2008-03-08 10:31 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys

2008-03-08 10:31 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys

2008-03-08 10:31 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys

2008-03-08 10:31 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys

2008-03-08 10:31 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-03-08 10:31 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d-------- C:\Arquivos de programas\Samsung

2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-08 10:29 . 2008-03-08 10:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-07 22:16 . 2008-03-07 22:16 <DIR> d-------- C:\Arquivos de programas\WinPcap

2008-03-07 22:16 . 2008-03-09 14:33 <DIR> d-------- C:\Arquivos de programas\WC3Banlist

2008-03-07 14:29 . 2008-03-19 20:45 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\uTorrent

2008-03-07 14:29 . 2008-03-12 17:15 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-07 12:38 . 2008-03-07 12:38 <DIR> d-------- C:\Documents and Settings\Kako\Dados de aplicativos\Media Player Classic

2008-03-07 12:21 . 2008-03-07 12:21 268 --ah----- C:\sqmdata00.sqm

2008-03-07 12:21 . 2008-03-07 12:21 244 --ah----- C:\sqmnoopt00.sqm

2008-03-07 12:01 . 2008-03-07 12:59 <DIR> d-------- C:\Documents and Settings\Kako\Contacts

2008-03-07 11:44 . 2008-03-07 11:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-07 11:30 . 2008-03-08 18:45 62 --a------ C:\WINDOWS\CMSurround.ini

2008-03-07 11:11 . 2008-03-07 11:11 4,187,648 --a------ C:\WINDOWS\krn4.exe

2008-03-07 11:00 . 2008-03-08 11:47 32 --a------ C:\WINDOWS\go

2008-03-07 09:06 . 2008-03-07 09:06 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-06 23:52 . 2008-03-20 09:46 <DIR> d-------- C:\Arquivos de programas\Mozilla Firefox 3 Beta 4

2008-03-06 23:52 . 2008-03-06 23:52 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-06 23:38 . 2008-03-16 12:30 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 20:17 --------- d-----w C:\Arquivos de programas\ESET

2008-03-06 22:03 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-03-06 21:43 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-06 21:42 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-03-06 21:42 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-03-06 21:41 --------- d-----w C:\Arquivos de programas\Foxit

2008-03-06 21:41 --------- d-----w C:\Arquivos de programas\Editpad

2008-03-06 21:40 --------- d-----w C:\Arquivos de programas\Java

2008-03-06 21:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-06 21:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-06 21:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2002-07-29 08:24 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-07-29 05:24 1228800 C:\WINDOWS\mixer.exe]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48 157592]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-14 10:58 346536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-14 10:58 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 19:04 139264 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-10-23 19:51 233472 C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 11:24 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2005-07-22 23:40 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]

--a------ 2008-03-08 17:08 601848 C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c5e6db4-eba5-11dc-919d-806d6172696f}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 10:10:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-20 10:10:47

ComboFix-quarantined-files.txt 2008-03-20 13:10:45

 

VLWZÃO

[jgarcia 1]

Opa GunTZ,

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

Localize e delete a seguinte pasta:

 

{6c5e6db4-eba5-11dc-919d-806d6172696f}

 

Saia do Editor do Registro.

 

Poste um novo log do ComboFix.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.