[Arquivado] travamento no mozilla

victorws · Abril 27, 2008

salve salve... por favor meus amigos estou com um serio problemas de travamento do mozilla firafox, principalmente na mudança de abas... estou postando o log para uma avaliação.

saudações

victorws

Logfile of HijackThis v1.99.1

Scan saved at 00:07:23, on 27/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Comodo\Firewall\cfp.exe

C:\ARQUIV~1\LAUNCH~1\LManager.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Windows\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (file missing)

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vdvbrasil.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED5ADD18-933C-45A6-A82F-6FAB3A11E2FC}: NameServer = 201.10.120.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

jgarcia · Abril 27, 2008

Opa victorws,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

victorws · Abril 28, 2008

j obrigado pela força... preciso de um link para o combo.

saudações

victorws

jgarcia · Abril 28, 2008

j obrigado pela força... preciso de um link para o combo.
saudações

victorws

Baixe o ComboFix em:
ComboFix

;)

victorws · Abril 30, 2008

jota... rodei o combo... foi rápido, criou o relatório e em vez de copiar... eu fechei e fui na pasta e la tinha um relatório com extensão .cfexe - gerei o exe dele... não deu nada, apenas (vixi) uma tela em prompt, nao deu para ler... mas num futuro, será que irá dar em algo?

oq devo fazer?

saudações

victorws

opa recuperado...

ComboFix 08-04-29.3 - Victor W. Shtorache 2008-04-29 23:14:38.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1555 [GMT -3:00]

Executando de: C:\Documents and Settings\Windows\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))

.

2008-04-26 03:44 . 2008-04-29 21:51 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-04-26 03:44 . 2008-04-26 03:44 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 03:44 . 2008-04-26 03:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 03:43 . 2008-04-26 03:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-04-26 03:43 . 2008-04-26 03:43 <DIR> d-------- C:\Arquivos de programas\AVG

2008-04-26 00:52 . 2008-04-26 00:52 <DIR> d-------- C:\Program Files

2008-04-25 02:52 . 2008-04-25 02:52 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-04-24 00:44 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys

2008-04-24 00:44 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys

2008-04-22 18:06 . 2008-04-26 00:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 18:06 . 2008-04-22 18:06 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-22 17:59 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys

2008-04-22 17:59 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys

2008-04-22 17:59 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys

2008-04-22 17:59 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys

2008-04-22 17:59 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys

2008-04-22 17:59 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys

2008-04-22 17:59 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys

2008-04-22 17:57 . 2008-04-22 17:58 <DIR> d-------- C:\Documents and Settings\Windows\Dados de aplicativos\Teleca

2008-04-22 17:56 . 2008-04-22 17:56 <DIR> d-------- C:\Documents and Settings\Windows\Dados de aplicativos\Sony Ericsson

2008-04-22 17:49 . 2008-04-26 04:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-04-14 22:20 . 2008-04-14 22:39 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-03-20 23:28 . 2008-03-20 23:28 <DIR> d-------- C:\Arquivos de programas\Belarc

2008-03-20 23:28 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys

2008-03-15 02:11 . 2008-03-15 02:11 <DIR> d-------- C:\Arquivos de programas\Desktop YouTube

2008-03-14 19:19 . 2008-03-14 19:20 <DIR> d-------- C:\Documents and Settings\Windows\Dados de aplicativos\Media Player Classic

2008-03-14 19:18 . 2008-03-14 19:18 <DIR> d-------- C:\Arquivos de programas\Recode Media

2008-03-14 00:49 . 2008-03-14 00:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-09 21:42 . 2008-03-09 21:42 <DIR> d-------- C:\Documents and Settings\Windows\.fontconfig

2008-03-02 23:58 . 2008-03-02 23:58 <DIR> d-------- C:\Arquivos de programas\Synaptics

2008-03-02 23:58 . 2006-03-03 12:52 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-03-02 23:58 . 2006-03-03 12:55 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-03-02 23:58 . 2006-03-03 12:55 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-03-02 23:58 . 2006-03-03 12:55 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-03-02 23:58 . 2006-03-03 13:10 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2008-03-02 23:58 . 2006-03-03 13:08 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-03-02 22:20 . 2008-03-02 22:20 <DIR> d-------- C:\Arquivos de programas\Launch Manager

2008-03-02 22:20 . 2008-03-02 22:20 91 --a------ C:\WINDOWS\LManager.UNI

2008-03-02 22:19 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE

2008-03-02 22:19 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS

2008-03-02 22:19 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL

2008-03-02 15:19 . 2007-10-15 07:51 26,112 -----c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-03-02 14:13 . 2008-03-02 14:13 <DIR> d-------- C:\Documents and Settings\Windows\Dados de aplicativos\Apple Computer

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 01:31 --------- d-----w C:\Arquivos de programas\eMule

2008-04-26 06:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-04-26 06:53 --------- d-----w C:\Arquivos de programas\Skype

2008-04-26 06:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-20 15:34 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-04-20 15:34 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-04-20 15:34 139,008 ----a-w C:\WINDOWS\system32\guard32.dll

2008-04-16 03:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-04-15 23:09 --------- d-----w C:\Documents and Settings\Windows\Dados de aplicativos\gtk-2.0

2008-04-09 01:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 06:11 --------- d-----w C:\Arquivos de programas\DivX

2008-03-02 16:02 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-03 13:26 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-02-03 13:26 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll

2008-02-03 12:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-03 12:53 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-03 12:53 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-08 01:26 47,360 ----a-w C:\Documents and Settings\Windows\Dados de aplicativos\pcouffin.sys

2004-07-24 00:42 1,511,114 ----a-w C:\WINDOWS\inf\SET12.tmp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-10-23 18:18 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\cfp.exe" [2008-04-20 12:27 1572608]

"LManager"="C:\ARQUIV~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-26 00:52 185896]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-04-26 03:43 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Arquivos de programas\GbPlugin\gbieh.dll [2007-06-25 09:24 332616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 03:44]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-20 12:34]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-20 12:34]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 03:43]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-06-25 09:29]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1299cae4-8c9e-11dc-9cfc-0016d40f5321}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cc59ce-ac04-11dc-9d3e-0016d40f5321}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0244492-6dcd-11dc-9cc8-0016d40f5321}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-25 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2008\OneClick.exe

"2008-04-26 06:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"

- C:\Arquivos de programas\ErrorSmart\ErrorSmart.ex

- C:\Arquivos de programas\ErrorSmart

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-29 23:16:35

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\SYSTEM32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\guard32.dll

.

Tempo para conclusão: 2008-04-29 23:18:03

ComboFix-quarantined-files.txt 2008-04-30 02:17:32

Pre-Run: 41,757,769,728 bytes disponíveis

Post-Run: 41,767,186,432 bytes disponíveis

184 --- E O F --- 2008-04-25 05:52:51

jgarcia · Maio 8, 2008

Opa victorws,

Siga as instruções:

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::
C:\WINDOWS\inf\SET12.tmp

E:\LaunchU3.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1299cae4-8c9e-11dc-9cfc-0016d40f5321}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cc59ce-ac04-11dc-9d3e-0016d40f5321}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0244492-6dcd-11dc-9cc8-0016d40f5321}]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

2. Salve o arquivo como CFScript.txt;

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

victorws · Maio 8, 2008

jota como vai?

estou te encaminhando um novo relatório combofix. veja se devo arrastar o CFScript.txt, para suas orientações anteriores.

abaixo segue o hijack

ComboFix 08-05-08.1 - Victor W. Shtorache 2008-05-08 20:19:03.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1497 [GMT -3:00]

Executando de: C:\Documents and Settings\Windows\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))

.

2008-05-07 22:05 . 2008-05-07 22:05 <DIR> d--h----- C:\$AVG8.VAULT$

2008-04-26 03:44 . 2008-05-08 19:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-04-26 03:44 . 2008-04-26 03:44 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 03:44 . 2008-04-26 03:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 03:43 . 2008-04-29 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8