O PC está muito lento

[EMS_1001 0]

Logfile of HijackThis v1.99.1

Scan saved at 10:11:19, on 23/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\MMTray.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\apache\APACHE.EXE

C:\WINDOWS\system32\svchost.exe

c:\apache\APACHE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Adobe\Adobe InDesign CS3\InDesign.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ads/campanhas/gigante_botaotopo.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [40bed0cf] rundll32.exe "C:\WINDOWS\system32\fwefrwrw.dll",b

O4 - HKLM\..\Run: [bM438de353] Rundll32.exe "C:\WINDOWS\system32\lwhrasos.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br.toontown.com/sv1.4.8.1...-portuguese.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

[Sam Spade 2]

Olá EMS_1001! Tudo indica estar infectado pelo trojan Vundo (adware Virtumonde), por duas entradas em 04 e pela falta de BHOs e da chave Notify. O Vundo usa um filtro que esconde estas entradas do log do HijackThis.

 

Baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo log do HijackThis.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

[EMS_1001 0]

Segue o ComboFix.tex e hijackthis

 

ComboFix:

 

ComboFix 08-04-22.5 - gazetaN 2008-04-24 9:15:51.1 - NTFSx86

 

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.158 [GMT -3:00]

 

Executando de: C:\Documents and Settings\gazetaN\Desktop\ComboFix.exe

 

* Criado um novo ponto de restauro

 

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

.

 

 

Hijackthis:

 

Logfile of HijackThis v1.99.1

 

Scan saved at 09:23, on 2008-04-24

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

 

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

 

C:\Arquivos de programas\GbPlugin\GbpSv.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\WINDOWS\system32\LEXBCES.EXE

 

C:\WINDOWS\system32\LEXPPS.EXE

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\WINDOWS\system32\pctspk.exe

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

 

C:\WINDOWS\SOUNDMAN.EXE

 

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

C:\WINDOWS\system32\MMTray.exe

 

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

 

C:\WINDOWS\system32\rundll32.exe

 

C:\WINDOWS\system32\Rundll32.exe

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Arquivos de programas\Messenger\msmsgs.exe

 

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

 

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

 

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

 

c:\apache\APACHE.EXE

 

c:\apache\APACHE.EXE

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\sistray.exe

 

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

 

C:\WINDOWS\system32\wuauclt.exe

 

C:\WINDOWS\system32\wscntfy.exe

 

C:\Hijackthis\HijackThis.exe

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ads/campanhas/gigante_botaotopo.htm

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

 

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

 

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

 

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

 

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

 

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

 

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

 

O4 - HKLM\..\Run: [MMTray] MMTray.exe

 

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

 

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

 

O4 - HKLM\..\Run: [40bed0cf] rundll32.exe "C:\WINDOWS\system32\fcwilirj.dll",b

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

O4 - HKLM\..\Run: [bM438de353] Rundll32.exe "C:\WINDOWS\system32\hvodvmbb.dll",s

 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

 

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

 

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

 

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

 

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

 

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

 

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

 

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

 

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

 

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

 

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

 

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

 

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

 

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

 

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

 

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

 

O11 - Options group: [iNTERNATIONAL] International*

 

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

 

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br.toontown.com/sv1.4.8.1...-portuguese.cab

 

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

 

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

 

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

 

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

 

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

 

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

 

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

 

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

 

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

 

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

 

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

 

 

Por Favor Espero que me ajude.

Obrigado

[Sam Spade 2]

O ComboFix não rodou. Tente rodá-lo em modo de segurança:

 

Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro.

 

Se funcionar assim, poste os logs, incluindo um novo do HijackThis (gerado em modo normal).

[EMS_1001 0]

ComboFix 08-04-22.5 - gazetaN 2008-05-02 9:52:10.3 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\gazetaN\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\cdokdefc.dll

C:\WINDOWS\system32\dpxmvlqq.dll

C:\WINDOWS\system32\dwqxcgos.dll

C:\WINDOWS\system32\GOVDKkkj.ini

C:\WINDOWS\system32\GOVDKkkj.ini2

C:\WINDOWS\system32\hvodvmbb.dll

C:\WINDOWS\system32\jkkKDVOG.dll

C:\WINDOWS\system32\lwhrasos.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nfrcoobx.ini

C:\WINDOWS\system32\pixqxolg.dll

C:\WINDOWS\system32\rtpeygws.dll

C:\WINDOWS\system32\xboocrfn.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))

.

 

2008-04-30 14:57 . 2008-04-30 14:57 <DIR> d-------- C:\Arquivos de programas\SEGA

2008-04-30 14:52 . 2008-04-30 14:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-04-23 11:53 . 2008-04-24 11:56 1,504,592 ---hs---- C:\WINDOWS\system32\jriliwcf.ini

2008-04-23 10:04 . 2008-04-25 09:48 <DIR> d-------- C:\Hijackthis

2008-04-22 17:54 . 2008-04-22 17:54 1,044,168 --a------ C:\vbrun60sp5.exe

2008-04-22 15:30 . 2008-04-22 15:30 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2008-04-22 11:59 . 2008-04-23 11:29 1,541,158 ---hs---- C:\WINDOWS\system32\wrwrfewf.ini

2008-04-21 12:48 . 2008-04-21 12:48 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-04-21 12:23 . 2008-04-22 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-19 15:16 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-19 15:16 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Grisoft

2008-04-19 12:53 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-19 11:58 . 1998-01-23 12:21 305,152 --a------ C:\WINDOWS\IsUn040a.exe

2008-04-19 11:31 . 2008-04-24 12:32 109,762 --a------ C:\WINDOWS\BM438de353.xml

2008-04-12 14:28 . 2008-04-12 14:31 23 --a------ C:\WINDOWS\clofghls.dll

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\WINDOWS\Profiles

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\InterTrust

2008-04-09 18:19 . 2008-04-09 18:19 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\NetMedia Providers

2008-04-09 17:43 . 2008-04-09 17:43 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-04-05 14:26 . 2008-04-23 14:46 578 --a------ C:\WINDOWS\M3JPEG.INI

2008-04-05 14:24 . 2002-01-16 10:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll

2008-04-05 14:24 . 2002-02-12 16:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax

2008-04-05 14:24 . 2001-11-08 21:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe

2008-04-05 14:24 . 2001-11-14 12:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax

2008-04-05 13:03 . 2008-04-07 16:41 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Publish Providers

2008-04-05 13:02 . 2008-04-05 13:02 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Sony

2008-04-05 12:33 . 2008-04-22 10:53 <DIR> d-------- C:\Arquivos de programas\Sony

2008-04-05 12:07 . 2008-04-05 12:07 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Sony Setup

2008-04-05 12:06 . 2008-04-09 17:29 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-04-04 11:44 . 2008-04-04 11:44 <DIR> d-------- C:\WINDOWS\Replay Media Catcher

2008-04-04 11:44 . 2008-04-04 11:45 <DIR> d-------- C:\Arquivos de programas\Replay Media Catcher

2008-04-04 10:41 . 2008-04-05 10:14 <DIR> d-------- C:\Arquivos de programas\Video Joiner

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-23 13:42 225,680 ----a-w C:\Documents and Settings\gazetaN\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-04-22 13:18 --------- d-----w C:\Arquivos de programas\Macromedia

2008-04-22 13:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-04-22 12:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-04-22 12:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-22 12:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESTsoft

2008-04-22 12:40 --------- d-----w C:\Arquivos de programas\ESTsoft

2008-04-21 14:48 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\AVG7

2008-04-10 23:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-09 21:19 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\uTorrent

2008-04-05 13:24 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-05 13:24 --------- d-----w C:\Arquivos de programas\Mouse Driver

2008-04-05 13:16 --------- d-----w C:\Arquivos de programas\Acelerador Terra

2008-04-04 22:14 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\Download Manager

2008-04-04 17:01 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-01 12:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-29 13:00 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-10 18:51 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-06 14:14 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\My Star World

2008-02-07 12:08 2,241 ----a-w C:\WINDOWS\panose.bin

2005-04-01 01:17 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 08:17 68856]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 19:38 1957888]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 05:22 577536 C:\WINDOWS\soundman.exe]

"SiSPower"="SiSPower.dll" [2006-05-05 10:13 49152 C:\WINDOWS\system32\SiSPower.dll]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 18:54 623992]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"MMTray"="MMTray.exe" [2001-11-08 21:19 53248 C:\WINDOWS\system32\MMTray.exe]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-11-30 15:36:33 262144]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeecb]

hggeecb.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywvwxx]

yaywvwxx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"=

"C:\\apache\\Apache.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice []

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-10-07 12:32]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e27247a-e139-11dc-a1d9-001921195ded}]

\Shell\AutoRun\command - E:\gqsk.bat

\Shell\explore\Command - E:\gqsk.bat

\Shell\open\Command - E:\gqsk.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade561b8-76d5-11dc-a0fe-000d87d47e97}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-02 09:59:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\gbpsv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-02 10:09:22 - machine was rebooted [gazetaN]

ComboFix-quarantined-files.txt 2008-05-02 13:09:03

 

Pre-Run: 8,853,909,504 bytes disponíveis

Post-Run: 17,247,473,664 bytes dispon¡veis

 

185 --- E O F --- 2008-04-19 15:29:36

 

 

 

O Novo Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:16:49, on 02/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\apache\APACHE.EXE

C:\WINDOWS\system32\svchost.exe

c:\apache\APACHE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\MMTray.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\explorer.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ads/campanhas/gigante_botaotopo.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador Terra\components\NOWImaging.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br.toontown.com/sv1.4.8.1...-portuguese.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: hggeecb - hggeecb.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: yaywvwxx - yaywvwxx.dll (file missing)

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

[Sam Spade 2]

Ok, o ComboFix mostrou também um vírus de pendrive que infecta drives removíveis. A infecção está no drive que usa em E:\

 

Conecte-o ao PC agora, para seguir as instruções abaixo:

 

1 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix -> C:\combofix.txt

 

2 - Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

3 - Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\system32\jriliwcf.ini

C:\WINDOWS\system32\wrwrfewf.ini

C:\WINDOWS\BM438de353.xml

C:\WINDOWS\clofghls.dll

E:\gqsk.bat

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeecb]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywvwxx]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e27247a-e139-11dc-a1d9-001921195ded}]

4 - Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta, juntamente com um novo log do HijackThis.

[EMS_1001 0]

Conforme solicitado segue combofix:

 

 

ComboFix 08-04-22.5 - gazetaN 2008-05-03 12:32:17.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.270 [GMT -3:00]

Executando de: C:\Documents and Settings\gazetaN\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\gazetaN\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\BM438de353.xml

C:\WINDOWS\clofghls.dll

C:\WINDOWS\system32\jriliwcf.ini

C:\WINDOWS\system32\wrwrfewf.ini

E:\gqsk.bat

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\WINDOWS\BM438de353.xml

C:\WINDOWS\clofghls.dll

C:\WINDOWS\system32\jriliwcf.ini

C:\WINDOWS\system32\wrwrfewf.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))

.

 

2008-05-02 13:58 . 2008-05-02 14:21 <DIR> d-------- C:\Arquivos de programas\nLite

2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\Documents and Settings\gazetaN\Configuraþ§es locais

2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-04-30 14:57 . 2008-04-30 14:57 <DIR> d-------- C:\Arquivos de programas\SEGA

2008-04-30 14:52 . 2008-04-30 14:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-04-23 10:04 . 2008-05-02 10:16 <DIR> d-------- C:\Hijackthis

2008-04-22 17:54 . 2008-04-22 17:54 1,044,168 --a------ C:\vbrun60sp5.exe

2008-04-22 15:30 . 2008-04-22 15:30 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2008-04-21 12:48 . 2008-04-21 12:48 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-04-21 12:23 . 2008-04-22 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-19 15:16 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-19 15:16 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Grisoft

2008-04-19 12:53 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-19 11:58 . 1998-01-23 12:21 305,152 --a------ C:\WINDOWS\IsUn040a.exe

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\WINDOWS\Profiles

2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\InterTrust

2008-04-09 18:19 . 2008-04-09 18:19 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\NetMedia Providers

2008-04-09 17:43 . 2008-04-09 17:43 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-04-05 14:26 . 2008-05-02 10:51 578 --a------ C:\WINDOWS\M3JPEG.INI

2008-04-05 14:24 . 2002-01-16 10:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll

2008-04-05 14:24 . 2002-02-12 16:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax

2008-04-05 14:24 . 2001-11-08 21:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe

2008-04-05 14:24 . 2001-11-14 12:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax

2008-04-05 13:03 . 2008-04-07 16:41 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Publish Providers

2008-04-05 13:02 . 2008-04-05 13:02 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Sony

2008-04-05 12:33 . 2008-04-22 10:53 <DIR> d-------- C:\Arquivos de programas\Sony

2008-04-05 12:07 . 2008-04-05 12:07 <DIR> d-------- C:\Documents and Settings\gazetaN\Dados de aplicativos\Sony Setup

2008-04-05 12:06 . 2008-04-09 17:29 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-04-04 11:44 . 2008-04-04 11:44 <DIR> d-------- C:\WINDOWS\Replay Media Catcher

2008-04-04 11:44 . 2008-04-04 11:45 <DIR> d-------- C:\Arquivos de programas\Replay Media Catcher

2008-04-04 10:41 . 2008-04-05 10:14 <DIR> d-------- C:\Arquivos de programas\Video Joiner

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-23 13:42 225,680 ----a-w C:\Documents and Settings\gazetaN\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-04-22 13:18 --------- d-----w C:\Arquivos de programas\Macromedia

2008-04-22 13:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-04-22 12:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-04-22 12:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-22 12:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESTsoft

2008-04-22 12:40 --------- d-----w C:\Arquivos de programas\ESTsoft

2008-04-21 14:48 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\AVG7

2008-04-10 23:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-09 21:19 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\uTorrent

2008-04-05 13:24 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-05 13:24 --------- d-----w C:\Arquivos de programas\Mouse Driver

2008-04-05 13:16 --------- d-----w C:\Arquivos de programas\Acelerador Terra

2008-04-04 22:14 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\Download Manager

2008-04-04 17:01 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-01 12:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-29 13:00 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-10 18:51 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-06 14:14 --------- d-----w C:\Documents and Settings\gazetaN\Dados de aplicativos\My Star World

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-07 12:08 2,241 ----a-w C:\WINDOWS\panose.bin

2005-04-01 01:17 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2001-11-23 15:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 08:17 68856]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 19:38 1957888]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 05:22 577536 C:\WINDOWS\soundman.exe]

"SiSPower"="SiSPower.dll" [2006-05-05 10:13 49152 C:\WINDOWS\system32\SiSPower.dll]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 18:54 623992]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"MMTray"="MMTray.exe" [2001-11-08 21:19 53248 C:\WINDOWS\system32\MMTray.exe]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-11-30 15:36:33 262144]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"=

"C:\\apache\\Apache.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice []

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-10-07 12:32]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade561b8-76d5-11dc-a0fe-000d87d47e97}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-03 12:34:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-05-03 12:38:00

ComboFix-quarantined-files.txt 2008-05-03 15:37:20

 

Pre-Run: 18,531,094,528 bytes disponíveis

Post-Run: 18,587,021,312 bytes disponíveis

 

171 --- E O F --- 2008-04-19 15:29:36

 

 

E o Novo Log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:46, on 2008-05-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\apache\APACHE.EXE

C:\WINDOWS\system32\svchost.exe

c:\apache\APACHE.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\MMTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\sistray.exe

C:\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\wscntfy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ads/campanhas/gigante_botaotopo.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador Terra\components\NOWImaging.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br.toontown.com/sv1.4.8.1...-portuguese.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: hggeecb - hggeecb.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: yaywvwxx - yaywvwxx.dll (file missing)

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

[Sam Spade 2]

Opa, desculpe a demora, mas o tempo apertou.

 

• Abra o HijackThis e clique em Do a system scan only
  Aguarde o exame acabar.
  Cada entrada tem uma caixa do lado esquerdo.
  Marque apenas as caixas das entradas abaixo:
   
  O20 - Winlogon Notify: hggeecb - hggeecb.dll (file missing)
   
  O20 - Winlogon Notify: yaywvwxx - yaywvwxx.dll (file missing)
   
  Ficará com um sinal V dentro de cada caixa.
   
  Clique então em . Dê o Ok para a pergunta e depois feche o HijackThis.
  

Após ter feito isso, o log estará OK. Leia estes artigos sobre segurança:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Para finalizar, Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraço.

[EMS_1001 0]

Segue novo log e espero que esteje limpo, a net está tudo ok de novo.

 

Muito Obrigado! Te devo essa Sam Spade!

 

Abraços!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:02, on 2008-05-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\apache\APACHE.EXE

C:\WINDOWS\system32\svchost.exe

c:\apache\APACHE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\MMTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ads/campanhas/gigante_botaotopo.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador Terra\components\NOWImaging.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br.toontown.com/sv1.4.8.1...-portuguese.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

[Sam Spade 2]

Olá, apareceu uma nova infecção. Baixe > KillBox

 

Rode-o, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

C:\WINDOWS\SYSTEM32\winghy32.dll

 

Clique no botão . Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

Faça um scan com o HijackThis, marque a entrada abaixo, se ainda a encontrar e clique em

 

O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll

 

Reinicie em modo normal, gere um novo log com o HijackThis e poste.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.