[Arquivado] Enviando emails com Virus

[jorgebaggio 0]

Ola preciso de ajuda,

Estava viajando e cheguei ontem, e meus amigos receberam a seguinte mensagem. nao sei se e do meu computador ou de outro q usei..

por isso estou enviando o log..

q devo fazer na sequencia por favor.. se precisar baixar mais algum programa alem desse qfaz o log.. me avisem onde posso baixar por favor.

Muito Obrigado

Abração!

 

MENSAGEM enviada:>

 

ta ai as fotos da minha mulher... ( 17/6/2008 11:12:10 )‏

De: jorgebag@terra.com.br (fgoetten@terra.com.br)

Você pode não conhecer este remetente.Marcar como confiável|Marcar como não confiável

Enviada: terça-feira, 17 de junho de 2008 19:23:03

Para: wickerzed@hotmail.com

 

Logfile of HijackThis v1.99.1

Scan saved at 07:51:46, on 18/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\msmsn.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\process.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\eMule\eMule.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Premiere Pro 1.5\Adobe Premiere Pro.exe

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\jorge\LOCALS~1\Temp\~e5d141.tmp

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\jorge\Desktop\Kijacksthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buoyweather.com/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [RemoveWGA] E:\RemoveWGA.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [msshell] C:\WINDOWS\system32\msshell.exe

O4 - HKLM\..\Run: [msmsn] C:\WINDOWS\system32\msmsn.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - HKCU\..\Run: [explorer] C:\WINDOWS\system32\process.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[jgarcia 1]

Opa jorgebaggio,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[jorgebaggio 0]

Ai esta passei o combofix

abração

 

 

ComboFix 08-06-16.5 - jorge 2008-06-19 0:07:39.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.946 [GMT -7:00]

Running from: C:\Documents and Settings\jorge\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\jorge\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

C:\Documents and Settings\jorge\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

C:\WINDOWS\ponto.DLL

C:\WINDOWS\system32\msghot.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))

.

 

2008-06-19 00:06 . 2008-06-19 00:06 244 --ah----- C:\sqmnoopt02.sqm

2008-06-19 00:06 . 2008-06-19 00:06 232 --ah----- C:\sqmdata02.sqm

2008-06-18 19:42 . 2008-06-18 19:42 850 --a------ C:\WINDOWS\system32\configex.dll

2008-06-18 12:47 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys

2008-06-18 12:47 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys

2008-06-18 08:23 . 2008-06-18 08:25 <DIR> d-------- C:\LinhaDefensiva

2008-06-18 06:29 . 2008-06-18 06:29 <DIR> d-------- C:\Documents and Settings\jorge\Application Data\MainConcept

2008-06-18 06:26 . 2008-06-18 06:26 <DIR> d-------- C:\Program Files\Common Files\MainConcept

2008-06-17 15:35 . 2008-06-17 15:35 0 --a------ C:\WINDOWS\system32\jorgebag.terra

2008-06-17 10:53 . 2008-06-17 10:53 0 --a------ C:\WINDOWS\system32\yahoo

2008-06-06 19:15 . 2008-06-06 19:15 286,726 --a------ C:\WINDOWS\system32\msmsn.exe

2008-06-06 19:15 . 2008-06-18 19:42 2,000 --a------ C:\WINDOWS\system32\autentic.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 07:11 --------- d-----w C:\Documents and Settings\jorge\Application Data\Skype

2008-06-19 02:42 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-06-18 13:32 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-06-18 13:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-13 07:59 --------- d-----w C:\Program Files\GbPlugin

2008-05-04 02:53 --------- d-----w C:\Program Files\Safari

2008-04-30 05:37 --------- d-----w C:\Program Files\CCleaner

2008-04-28 19:09 --------- d-----w C:\Program Files\Advanced Registry Optimizer

2008-04-28 11:45 --------- d-----w C:\Program Files\MSN Messenger

2008-04-28 11:43 --------- d-----w C:\Program Files\iTunes

2008-04-28 11:42 --------- d-----w C:\Program Files\DVD Region+CSS Free

2008-04-28 11:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-28 09:27 --------- d-----w C:\Program Files\Lavasoft

2008-04-28 09:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-28 09:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-28 09:18 --------- d-----w C:\Documents and Settings\jorge\Application Data\Sammsoft

2008-04-28 09:09 --------- d-----w C:\Program Files\Google

2008-04-28 02:55 --------- d-----w C:\Documents and Settings\jorge\Application Data\Apple Computer

2008-04-26 05:26 --------- d-----w C:\Program Files\Apple Software Update

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2005-04-01 06:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-28_13.47.50,06 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-28 20:30:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-19 02:40:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 15:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe

+ 2008-05-04 02:53:22 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe

+ 1998-11-13 18:18:04 308,224 ----a-w C:\WINDOWS\IsUn0416.exe

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-04-30 05:37:13 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2006-09-04 18:41:01 18,044 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-05-22 23:56:45 40,856 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]

"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-03-13 09:46 3610192]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09 23395880]

"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

"PowerBar"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360]

"nwiz"="nwiz.exe" [2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 07:20 1397760]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:54 3735552]

"RemoveWGA"="E:\RemoveWGA.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"msmsn"="C:\WINDOWS\system32\msmsn.exe" [2008-06-06 19:15 286726]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 13:48 439872]

 

C:\Documents and Settings\jorge\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-01-17 16:52:50 25214]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-01-10 17:45:25 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRA~1\GbPlugin\gbieh.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\PROGRA~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.divxa32"= divxa32.acm

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"vidc.3ivx"= 3ivxVfWCodec.dll

"SENTINEL"= snti386.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\eMule.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-04-15 05:00]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-06-08 02:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 00:11:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????<???D??sh?????A~????h???Z?A~(???*?A~t?@?l?@?`?h???????????????????????????2???????????????????A~????W?D~0?A~????*?A~??A~????D??sL?v???????A~????l?@???????A~????t?@???o?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-06-19 0:14:08

ComboFix-quarantined-files.txt 2008-06-19 07:13:05

ComboFix2.txt 2008-04-30 01:04:16

ComboFix3.txt 2008-04-29 20:36:27

ComboFix4.txt 2008-04-28 20:49:47

ComboFix5.txt 2008-04-28 19:57:52

 

Pre-Run: 3,925,995,520 bytes free

Post-Run: 4,215,549,952 bytes free

 

155 --- E O F --- 2008-04-28 18:14:37

 

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\msmsn.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\process.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\eMule\eMule.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Premiere Pro 1.5\Adobe Premiere Pro.exe

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\jorge\LOCALS~1\Temp\~e5d141.tmp

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\jorge\Desktop\Kijacksthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buoyweather.com/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [RemoveWGA] E:\RemoveWGA.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [msshell] C:\WINDOWS\system32\msshell.exe

O4 - HKLM\..\Run: [msmsn] C:\WINDOWS\system32\msmsn.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - HKCU\..\Run: [explorer] C:\WINDOWS\system32\process.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[jgarcia 1]

Opa jorgebaggio,

 

Siga as instruções:

 

1. Reinicie o PC em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\DOCUME~1\jorge\LOCALS~1\Temp\~e5d141.tmp

C:\WINDOWS\system32\configex.dll

C:\WINDOWS\system32\autentic.dll

C:\WINDOWS\system32\jorgebag.terra

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\msmsn.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\process.exe

C:\WINDOWS\fdsv.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\bootstat.dat

E:\RemoveWGA.exe

Folder::

C:\Program Files\GbPlugin

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoveWGA"=-

"msmsn"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 3. Salve o arquivo como CFScript.txt;
   
  4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  5. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
  

Abraços.

[jorgebaggio 0]

Ai esta..

abração!

 

ComboFix 08-06-16.5 - jorge 2008-06-19 15:56:19.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.907 [GMT -7:00]

Running from: C:\Documents and Settings\jorge\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\jorge\Desktop\CFScript.txt.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\DOCUME~1\jorge\LOCALS~1\Temp\~e5d141.tmp

C:\WINDOWS\bootstat.dat

C:\WINDOWS\fdsv.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\system32\autentic.dll

C:\WINDOWS\system32\configex.dll

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\jorgebag.terra

C:\WINDOWS\system32\msmsn.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\process.exe

E:\RemoveWGA.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\GbPlugin

C:\WINDOWS\bootstat.dat

C:\WINDOWS\fdsv.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\system32\autentic.dll

C:\WINDOWS\system32\configex.dll

C:\WINDOWS\system32\jorgebag.terra

C:\WINDOWS\system32\msmsn.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))

[jgarcia 1]

Opa jorgebaggio,

 

O log está incompleto. Retorne com um log na íntegra.

 

Abraços.

[jorgebaggio 0]

Ai esta o log.. acho q esta completo agora...

fico no aguardo

acho q ainda esta com virus, pq o antivirus acho aquele ghbt... e colocou na quaranted past..

ta complicado o negócio aqui..

abração!

 

ComboFix 08-06-16.5 - jorge 2008-06-19 15:56:19.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.907 [GMT -7:00]

Running from: C:\Documents and Settings\jorge\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\jorge\Desktop\CFScript.txt.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\DOCUME~1\jorge\LOCALS~1\Temp\~e5d141.tmp

C:\WINDOWS\bootstat.dat

C:\WINDOWS\fdsv.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\system32\autentic.dll

C:\WINDOWS\system32\configex.dll

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\jorgebag.terra

C:\WINDOWS\system32\msmsn.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\process.exe

E:\RemoveWGA.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\GbPlugin

C:\WINDOWS\bootstat.dat

C:\WINDOWS\fdsv.exe

C:\WINDOWS\IsUn0416.exe

C:\WINDOWS\system32\autentic.dll

C:\WINDOWS\system32\configex.dll

C:\WINDOWS\system32\jorgebag.terra

C:\WINDOWS\system32\msmsn.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))

.

 

2008-06-19 00:37 . 2008-06-19 00:37 244 --ah----- C:\sqmnoopt05.sqm

2008-06-19 00:37 . 2008-06-19 00:37 232 --ah----- C:\sqmdata05.sqm

2008-06-19 00:27 . 2008-06-19 00:27 244 --ah----- C:\sqmnoopt04.sqm

2008-06-19 00:27 . 2008-06-19 00:27 232 --ah----- C:\sqmdata04.sqm

2008-06-19 00:16 . 2008-06-19 00:16 244 --ah----- C:\sqmnoopt03.sqm

2008-06-19 00:16 . 2008-06-19 00:16 232 --ah----- C:\sqmdata03.sqm

2008-06-19 00:06 . 2008-06-19 00:06 244 --ah----- C:\sqmnoopt02.sqm

2008-06-19 00:06 . 2008-06-19 00:06 232 --ah----- C:\sqmdata02.sqm

2008-06-18 12:47 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys

2008-06-18 12:47 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys

2008-06-18 08:23 . 2008-06-18 08:25 <DIR> d-------- C:\LinhaDefensiva

2008-06-18 06:29 . 2008-06-18 06:29 <DIR> d-------- C:\Documents and Settings\jorge\Application Data\MainConcept

2008-06-18 06:26 . 2008-06-18 06:26 <DIR> d-------- C:\Program Files\Common Files\MainConcept

2008-06-17 10:53 . 2008-06-17 10:53 0 --a------ C:\WINDOWS\system32\yahoo

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 22:47 --------- d-----w C:\Documents and Settings\jorge\Application Data\Skype

2008-06-19 02:42 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-06-18 13:32 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-06-18 13:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-04 02:53 --------- d-----w C:\Program Files\Safari

2008-04-30 05:37 --------- d-----w C:\Program Files\CCleaner

2008-04-28 19:09 --------- d-----w C:\Program Files\Advanced Registry Optimizer

2008-04-28 11:45 --------- d-----w C:\Program Files\MSN Messenger

2008-04-28 11:43 --------- d-----w C:\Program Files\iTunes

2008-04-28 11:42 --------- d-----w C:\Program Files\DVD Region+CSS Free

2008-04-28 11:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-28 09:27 --------- d-----w C:\Program Files\Lavasoft

2008-04-28 09:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-28 09:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-28 09:18 --------- d-----w C:\Documents and Settings\jorge\Application Data\Sammsoft

2008-04-28 09:09 --------- d-----w C:\Program Files\Google

2008-04-28 02:55 --------- d-----w C:\Documents and Settings\jorge\Application Data\Apple Computer

2008-04-26 05:26 --------- d-----w C:\Program Files\Apple Software Update

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2005-04-01 06:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-28_13.47.50,06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-05-04 02:53:22 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-04-30 05:37:13 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2006-09-04 18:41:01 18,044 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-05-22 23:56:45 40,856 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]

"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-03-13 09:46 3610192]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09 23395880]

"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

"PowerBar"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360]

"nwiz"="nwiz.exe" [2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 07:20 1397760]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:54 3735552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 13:48 439872]

 

C:\Documents and Settings\jorge\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-01-17 16:52:50 25214]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-01-10 17:45:25 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.divxa32"= divxa32.acm

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"vidc.3ivx"= 3ivxVfWCodec.dll

"SENTINEL"= snti386.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\eMule.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-04-15 05:00]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-06-08 02:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 15:57:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????<???D??sh?????A~????h???Z?A~(???*?A~t?@?l?@?`?h???????????????????????????2???????????????????A~????W?D~0?A~????*?A~??A~????D??sL?v???????A~????l?@???????A~????t?@???o?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-19 15:58:16

ComboFix-quarantined-files.txt 2008-06-19 22:58:10

ComboFix2.txt 2008-06-19 07:14:09

ComboFix3.txt 2008-04-30 01:04:16

ComboFix4.txt 2008-04-29 20:36:27

ComboFix5.txt 2008-04-28 20:49:47

 

Pre-Run: 4,176,859,136 bytes free

Post-Run: 4,170,579,968 bytes free

 

162 --- E O F --- 2008-04-28 18:14:37

[jgarcia 1]

Opa jorgebaggio,

 

Siga as instruções:

 

1. Baixe o MSNFix e salve-o em seu desktop.

• a. Extraia os arquivos. Será criada uma pasta MSNFix.
  b. Entre na pasta e dê um duplo-clique no MSNFix.bat. A janela MSN_Fix-menu irá se abrir.
  c. Primeiro tecle P para escolher o idioma Português (Brasil) e dê Enter.
  d. Depois tecle R e dê Enter para começar o exame. Se uma infecção for encontrada, aparecerá a mensagem Infecção Presente. Então aperte qualquer tecla, menos a Q que é para sair do programa.
  e. O processo de remoção comecará. Aguarde, pois o mesmo pode demorar alguns minutos.
  f. Ao final abrir-se-á o bloco de notas com um relatório. Selecione e copie o conteúdo relatório, colando-o em sua próxima resposta.
   
  PS.: Este relatório será salvo na pasta MSNFix sob o nome msnfix.txt.
  

2. Poste ainda um novo log do Hijackthis.

 

Abraços.

[jorgebaggio 0]

LA VAI

MSN SCAN

E O Hijack

 

MSNFix 1.725

 

C:\Documents and Settings\jorge\Desktop\casa\MSNFix

Fix lançado dia seg 23/06/2008 - 16:21:30,17 By jorge

modo normal

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:25:13, on 23/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\jorge\Desktop\Kijacksthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buoyweather.com/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[jgarcia 1]

Opa jorgebaggio,

 

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui 19 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Abraços.

[jorgebaggio 0]

Ai vai.. Scan da maquina feita pelo antivirus e pelo Hijack

So nao copiei e colei todos arquivos.. pesquisados.. q são 369.377

abração

 

----------

Scanned: 369377

Detected: 6

Untreated: 6

Start time: 24/6/2008 07:28:43

Duration: 07:18:06

Finish time: 24/6/2008 21:57:44

 

 

Detected

--------

Status Object

------ ------

detected: riskware not-a-virus:RiskTool.Win32.Hideit.a File: D:\Meus arquivos recebidos\_Za03056/Nova pasta/Adobe Premiere Pro 1.5 crack.msi//Cabs.w1.cab/Win32k.exe//UPX

detected: adware not-a-virus:AdWare.Win32.EShoper.p File: D:\Pastas Antingas\importante\InstalarMDC.exe

detected: Trojan program Backdoor.Win32.Hupigon.cfja File: C:\LinhaDefensiva\QUA\1\system32\msshell.exe//NSPack

detected: Trojan program Trojan-Downloader.Win32.Banload.nih File: C:\LinhaDefensiva\QUA\1\system32\process.exe//NSPack

detected: adware not-a-virus:AdWare.Win32.EShoper.p File: C:\Mundo da Criança\AtualizarMDC.exe

detected: Trojan program Trojan-Spy.Win32.Banbra.bah File: C:\QooBox\Quarantine\C\WINDOWS\system32\msmsn.exe.vir//NSPack

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 257201 6 6 1 0 18729 618 2 9

System memory 795 0 0 0 0 1 2 0 0

Startup objects 645 0 0 0 0 2 25 0 0

Disk boot sectors 7 0 0 0 0 0 0 0 0

My Documents 25065 1 2 0 0 622 46 0 4

Mail databases 29129 1 0 1 0 8559 27 0 0

My Computer 201560 4 4 0 0 9545 518 2 5

3.5 Floppy (A:) 0 0 0 0 0 0 0 0 0

System (C:) 0 0 0 0 0 0 0 0 0

Jorge (D:) 0 0 0 0 0 0 0 0 0

Local Disk (F:) 0 0 0 0 0 0 0 0 0

Baggio_HD3 (G:) 0 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:04:41, on 24/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\jorge\Desktop\Kijacksthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buoyweather.com/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [is-A7ME3] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-A7ME3\is-A7ME3.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: is-A7ME3 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-A7ME3\is-A7ME3.exe" -r (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[jorgebaggio 0]

Ai vai.. Scan da maquina feita pelo antivirus e pelo Hijack

So nao copiei e colei todos arquivos.. pesquisados.. q são 369.377

abração

 

----------

Scanned: 369377

Detected: 6

Untreated: 6

Start time: 24/6/2008 07:28:43

Duration: 07:18:06

Finish time: 24/6/2008 21:57:44

 

 

Detected

--------

Status Object

------ ------

detected: riskware not-a-virus:RiskTool.Win32.Hideit.a File: D:\Meus arquivos recebidos\_Za03056/Nova pasta/Adobe Premiere Pro 1.5 crack.msi//Cabs.w1.cab/Win32k.exe//UPX

detected: adware not-a-virus:AdWare.Win32.EShoper.p File: D:\Pastas Antingas\importante\InstalarMDC.exe

detected: Trojan program Backdoor.Win32.Hupigon.cfja File: C:\LinhaDefensiva\QUA\1\system32\msshell.exe//NSPack

detected: Trojan program Trojan-Downloader.Win32.Banload.nih File: C:\LinhaDefensiva\QUA\1\system32\process.exe//NSPack

detected: adware not-a-virus:AdWare.Win32.EShoper.p File: C:\Mundo da Criança\AtualizarMDC.exe

detected: Trojan program Trojan-Spy.Win32.Banbra.bah File: C:\QooBox\Quarantine\C\WINDOWS\system32\msmsn.exe.vir//NSPack

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 257201 6 6 1 0 18729 618 2 9

System memory 795 0 0 0 0 1 2 0 0

Startup objects 645 0 0 0 0 2 25 0 0

Disk boot sectors 7 0 0 0 0 0 0 0 0

My Documents 25065 1 2 0 0 622 46 0 4

Mail databases 29129 1 0 1 0 8559 27 0 0

My Computer 201560 4 4 0 0 9545 518 2 5

3.5 Floppy (A:) 0 0 0 0 0 0 0 0 0

System (C:) 0 0 0 0 0 0 0 0 0

Jorge (D:) 0 0 0 0 0 0 0 0 0

Local Disk (F:) 0 0 0 0 0 0 0 0 0

Baggio_HD3 (G:) 0 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:04:41, on 24/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\jorge\Desktop\Kijacksthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buoyweather.com/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [is-A7ME3] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-A7ME3\is-A7ME3.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\Software\..\Telephony: DomainName = local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: is-A7ME3 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-A7ME3\is-A7ME3.exe" -r (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[jgarcia 1]

Opa jorgebaggio,

 

Reinicie em Modo Seguro.

 

Localize e apague os seguintes arquivos / pastas:

 

D:\Meus arquivos recebidos\_Za03056/Nova pasta/Adobe Premiere Pro 1.5 crack.msi

D:\Pastas Antingas\importante\InstalarMDC.exe

C:\Mundo da Criança\AtualizarMDC.exe

 

C:\LinhaDefensiva

 

Apague o conteúdo da Lixeira.

 

Reinicie em Modo Normal.

 

Pronto. O seu log estará LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Atualize o seu Sistema Operacional urgentemente.

 

Para que tenha uma idéia, já foram lançados 03 (três) grandes pacotes de atualização (SP1, SP2 e SP3) e você só possui o segundo deles instalado (SP2). Utilize o Windows UpDate contido no menu Iniciar para atualizar o seu sistema (SP3).

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.