[Arquivado] Novo Log do HijackThis!

LFABER · Agosto 29, 2008

Olá, aqui vai o

Logfile of HijackThis v1.99.1

Scan saved at 10:22:40 AM, on 8/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\windows\system32\svchost.exe

C:\windows\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\windows\system32\RunDll32.exe

C:\windows\vsnpstd3.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\Odadir\CONFIG~1\Temp\Diretório temporário 8 para hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [snpstd3] C:\windows\vsnpstd3.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B9D3460-67BC-429B-A020-2DF00FB8B8CE}: NameServer = 200.225.197.34 200.225.197.37

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\windows\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvsvc32.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Este computador é o da minha casa!

Muito grata desde já!

jgarcia · Setembro 2, 2008

Opa LFABER,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

Abraços.

LFABER · Setembro 5, 2008

Olá JGARCIA,

muito bom receber a sua ajuda!

Aqui vai o Log do Combofix:

ComboFix 08-09-04.09 - Odadir 2008-09-05 19:51:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.251 [GMT -3:00]

Executando de: C:\Documents and Settings\Odadir\Meus documentos\Leila\Documents\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Documentos\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Meus v¡deos\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas imagens\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Amostra de m£sica\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\My Playlists\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sample Playlists\_desktop.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sync Playlists\_desktop.ini

C:\Documents and Settings\Odadir\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

C:\Documents and Settings\Odadir\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\FP_AX_CAB_INSTALLER.exe

C:\Documents and Settings\Odadir\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\swflash.inf

C:\windows\ponto.DLL

C:\windows\system32\actskn43.ocx

C:\windows\system32\MEGATRON.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((( Ficheiros criados de 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))

.

2008-09-05 18:03 . 2008-09-05 18:03 <DIR> d----c--- C:\Arquivos de programas\CCleaner

2008-09-04 18:11 . 2008-09-04 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-09-04 16:56 . 2008-09-05 19:48 <DIR> d----c--- C:\Arquivos de programas\Norton Security Scan

2008-09-04 16:51 . 2008-09-05 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-09-04 16:00 . 2008-09-04 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-09-04 16:00 . 2008-09-04 16:00 <DIR> d----c--- C:\Arquivos de programas\DVD Shrink

2008-09-04 15:11 . 2008-09-04 15:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-09-03 20:25 . 2008-09-04 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-09-03 17:24 . 2008-09-03 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo

2008-09-01 21:04 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-09-01 21:04 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-09-01 21:04 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-09-01 21:04 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-09-01 21:04 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-09-01 21:04 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-21 12:55 . 2008-08-21 12:55 162 --ah-c--- C:\~$usto132.doc

2008-08-18 14:32 . 2008-08-18 14:32 253,952 --------- C:\WINDOWS\Setup1.exe

2008-08-18 14:32 . 2008-08-18 14:32 74,240 --a------ C:\WINDOWS\ST6UNST.EXE

2008-08-12 11:13 . 2008-08-12 11:13 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\HP

2008-08-12 11:11 . 2008-08-12 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-08-12 11:06 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll

2008-08-12 11:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-12 11:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-08-12 11:03 . 2008-08-19 07:43 79,246 --a------ C:\WINDOWS\hpfins05.dat

2008-08-12 11:03 . 2005-05-23 14:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat

2008-08-12 10:56 . 2008-08-12 10:56 <DIR> d-------- C:\Documents and Settings\Odadir\Dados de aplicativos\HP

2008-08-09 16:55 . 2008-08-09 16:55 <DIR> d----c--- C:\Arquivos de programas\Sun

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-05 22:57 --------- dc----w C:\Arquivos de programas\lg_fwupdate

2008-09-05 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-09-04 21:42 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-04 19:51 --------- d-----w C:\Arquivos de programas\Google

2008-09-04 17:40 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-04 17:37 --------- dc----w C:\Arquivos de programas\Ahead

2008-09-02 00:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-29 21:08 --------- dc----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-29 21:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-12 14:13 --------- d-----w C:\Arquivos de programas\HP

2008-08-12 14:11 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-08-09 20:55 --------- d-----w C:\Arquivos de programas\Java

2008-07-19 22:05 --------- dc----w C:\Arquivos de programas\Motorola Phone Tools

2008-07-19 22:04 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared

2008-07-19 22:03 92,064 -c--a-w C:\Documents and Settings\Odadir\mqdmmdm.sys

2008-07-19 22:03 9,232 -c--a-w C:\Documents and Settings\Odadir\mqdmmdfl.sys

2008-07-19 22:03 79,328 -c--a-w C:\Documents and Settings\Odadir\mqdmserd.sys

2008-07-19 22:03 66,656 -c--a-w C:\Documents and Settings\Odadir\mqdmbus.sys

2008-07-19 22:03 6,208 -c--a-w C:\Documents and Settings\Odadir\mqdmcmnt.sys

2008-07-19 22:03 5,936 -c--a-w C:\Documents and Settings\Odadir\mqdmwhnt.sys

2008-07-19 22:03 4,048 -c--a-w C:\Documents and Settings\Odadir\mqdmcr.sys

2008-07-19 22:03 25,600 -c--a-w C:\Documents and Settings\Odadir\usbsermptxp.sys

2008-07-19 22:03 22,768 -c--a-w C:\Documents and Settings\Odadir\usbsermpt.sys

2008-07-19 20:09 --------- dc----w C:\Arquivos de programas\Avanquest update

2008-07-19 20:09 --------- d-----w C:\Documents and Settings\Odadir\Dados de aplicativos\InstallShield

2008-07-19 20:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-04-17 20:07 1,357,762 -c--a-w C:\Arquivos de programas\Receitanet2008_03.EXE

2008-04-17 19:13 3,349,634 -c--a-w C:\Arquivos de programas\irpfwin2008v1.0.exe

2008-04-17 19:08 5,001,934 -c--a-w C:\Arquivos de programas\SETUP.EXE

2008-04-09 18:04 9,722,720 -c--a-w C:\Arquivos de programas\spybotsd152.exe

2006-07-07 21:47 247,608 -c--a-w C:\Arquivos de programas\jre-1_5_0_07-windows-i586-p-iftw.exe

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

2001-08-23 16:00 13,107,200 -csha-r C:\windows\system32\oembios.bin

2001-08-23 16:00 4,463 -csha-r C:\windows\system32\oembios.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]

"snpstd3"="C:\windows\vsnpstd3.exe" [2004-07-30 286720]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"NeroFilterCheck"="C:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Synchronization Manager"="C:\windows\system32\mobsync.exe" [2004-08-04 143872]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

-----c--- 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-16 23:11 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a--c--- 2004-03-04 12:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

-----c--- 2005-06-02 16:03 1957888 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a--c--- 2004-07-30 18:50 286720 C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-05-02 04:15 75520 C:\Arquivos de programas\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

--a--c--- 2004-08-04 00:45 143872 C:\WINDOWS\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

R3 cmudax;C-Media High Definition Audio Interface;C:\windows\system32\drivers\cmudax.sys [2005-05-11 1287296]

S3 AntiAries;Anti Aries Helper Driver;C:\windows\System32\drivers\RKL2.tmp.sys [2006-12-05 7680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a355d02-ebaf-11dc-b596-0013d4e0dcad}]

\Shell\AutoRun\command - E:\diskdrive.exe

\Shell\open\command - E:\diskdrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fc0a3f8-d79c-11da-83bf-00038a000011}]

\Shell\AutoRun\command - E:\diskdrive.exe

\Shell\open\command - E:\diskdrive.exe

.

Conte£do da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKCU-Run-MSMSGS - C:\Arquivos de programas\Messenger\msmsgs.exe

HKLM-Run-SunJavaUpdateSched - C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

HKLM-Run-Cmaudio - cmicnfg.cpl

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399F83} - (no file)

MSConfigStartUp-Adobe Photo Downloader - C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-AVG7_CC - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

MSConfigStartUp-ccApp - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

MSConfigStartUp-MSMSGS - C:\Arquivos de programas\Messenger\msmsgs.exe

MSConfigStartUp-NvCplDaemon - C:\windows\system32\NvCpl.dll

MSConfigStartUp-osCheck - C:\Arquivos de programas\Norton AntiVirus\osCheck.exe

MSConfigStartUp-RealTray - C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

MSConfigStartUp-Skype - C:\Arquivos de programas\Skype\Phone\Skype.exe

MSConfigStartUp-swg - C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MSConfigStartUp-updateMgr - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

MSConfigStartUp-WinMsg - C:\windows\winmsgr.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Odadir\Dados de aplicativos\Mozilla\Firefox\Profiles\d9hehkoz.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-05 19:57:26

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-05 20:02:37 - Maquina reiniciou [Odadir]

ComboFix-quarantined-files.txt 2008-09-05 23:02:35

Pre-Run: 23 pasta(s) 71,284,920,320 bytes disponíveis

Post-Run: 26 pasta(s) 71,231,868,928 bytes dispon¡veis

206 --- E O F --- 2008-08-22 21:54:41

Abraços,

LFABER

jgarcia · Setembro 8, 2008

Opa LFABER,

1. Baixe o BankerFix 3.0.

2. Desative o seu anti-vírus temporariamente.

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

7. Habilite o seu anti-vírus.

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

Abraços.

LFABER · Setembro 17, 2008

Olá JGARCIA,

Coloco aqui outro Log do ComboFix, visto já passados vários dias desde o post do primeiro, descul-me se isto realmente não era necessário!

ComboFix 08-09-16.05 - Odadir 2008-09-17 20:41:28.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.248 [GMT -3:00]

Executando de: C:\Documents and Settings\Odadir\Meus documentos\Leila\Documents\ComboFixo.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Odadir\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))))

.

2008-09-15 10:37 . 2002-06-12 14:19 3,262 --------- C:\WINDOWS\system32\Mapcacd.ico

2008-09-15 10:37 . 1998-04-23 23:00 1,078 --------- C:\WINDOWS\system32\Trashpca.ico

2008-09-15 10:37 . 2008-09-15 10:37 75 --a------ C:\WINDOWS\system32\MAPCACD.INI

2008-09-15 10:31 . 1998-03-01 22:13 178,176 --------- C:\WINDOWS\system32\MP3ENC.OCX

2008-09-15 10:31 . 1997-01-24 08:52 19,968 --------- C:\WINDOWS\system32\Cpuinf32.dll

2008-09-15 10:31 . 1995-08-15 00:00 12,288 --------- C:\WINDOWS\system32\Regocx32.exe

2008-09-14 11:51 . 2008-09-14 11:51 <DIR> d----c--- C:\Arquivos de programas\Software WIDCOMM

2008-09-14 11:45 . 2008-09-14 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-09-14 11:24 . 2008-09-14 11:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-09-14 11:24 . 2008-09-14 11:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-09-14 11:14 . 2008-09-14 11:15 <DIR> d----c--- C:\Arquivos de programas\mobile PhoneTools

2008-09-10 00:06 . 2008-09-10 00:06 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-09-09 20:55 . 2008-09-09 21:09 <DIR> d-------- C:\LinhaDefensiva

2008-09-05 20:02 . 2008-09-05 20:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-05 20:02 . 2008-09-05 20:02 <DIR> d-------- C:\Documents and Settings\Odadir\Configurações locais

2008-09-05 20:02 . 2008-09-05 20:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-05 20:02 . 2008-09-05 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-09-05 18:03 . 2008-09-05 18:03 <DIR> d----c--- C:\Arquivos de programas\CCleaner

2008-09-04 18:11 . 2008-09-04 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-09-04 16:56 . 2008-09-10 23:42 <DIR> d----c--- C:\Arquivos de programas\Norton Security Scan

2008-09-04 16:51 . 2008-09-17 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater