[Arquivado] Também tenho vírus no MSN

[LuísEduardo 0]

Olá...

 

Seguindo orientação do Mario Monteiro segue meu post com log do Hijackthis.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:07:20, on 1/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

c:\ARQUIV~1\mcafee\msc\mcuimgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [LMSXXD] LMSXXD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\RunOnce: [ GbPluginBb] RunDll32.exe C:\ARQUIV~1\GBPLUGIN\gbieh.dll,Gbieh

O4 - HKLM\..\RunOnce: [ GbPluginCef] RunDll32.exe C:\ARQUIV~1\GBPLUGIN\gbiehcef.dll,Gbieh

O4 - HKLM\..\RunOnce: [ GbPluginUni] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehuni.dll,Gbieh

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213635090453

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[LuísEduardo 0]

Fiz o que foi pedido, mas o relatório do ComboFix foi este:

 

ComboFix 08-10-01.02 - Luis 2008-10-02 9:13:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.596 [GMT -3:00]

Executando de: C:\Documents and Settings\Luis\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

 

Creio que algo de errado aconteceu, confere???

 

Luís

[LuísEduardo 0]

Executei agora o ComboFix em modo de segurança....

Segue o log:

 

ComboFix 08-10-01.02 - Administrador 2008-10-02 10:00:21.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.754 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Luis\Configurações locais\Temporary Internet Files\

.

---- Previous Run -------

.

C:\Documents and Settings\Luis\Configurações locais\Temporary Internet Files\

C:\WINDOWS\winhelp.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))))

.

 

2008-10-01 18:30 . 2008-10-01 18:30 <DIR> d-------- C:\SCAN

2008-10-01 16:58 . 2008-10-01 16:58 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-10-01 16:58 . 2008-04-13 19:21 45,056 --a------ C:\WINDOWS\system32\ftp.exe

2008-10-01 16:58 . 2008-04-13 19:21 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe

2008-10-01 16:58 . 2003-03-30 11:06 17,408 --a------ C:\WINDOWS\system32\tftp.exe

2008-10-01 16:57 . 2008-10-01 16:57 <DIR> d-------- C:\WINDOWS\ERUNT

2008-10-01 16:54 . 2008-10-01 17:09 <DIR> d-------- C:\SDFix

2008-10-01 16:39 . 2008-10-01 16:40 <DIR> d-------- C:\Temp\Hijack

2008-10-01 15:49 . 2008-10-01 15:49 76,288 -r-hs---- C:\WINDOWS\system32\drivers\FmMgr.exe

2008-09-30 18:14 . 2008-10-02 10:04 16,277 --a------ C:\WINDOWS\system32\Config.MPF

2008-09-30 15:20 . 2008-09-30 15:20 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-09-26 14:18 . 2008-09-26 14:26 <DIR> d-------- C:\Arquivos de programas\Avant Browser

2008-09-19 08:48 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-19 08:48 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-19 08:48 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-19 08:48 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-19 08:48 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-19 08:48 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-19 08:48 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-18 16:06 . 2008-09-18 16:08 5,321 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-09-18 10:33 . 2008-09-18 10:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-18 10:30 . 2008-04-13 09:34 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-09-18 10:27 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003038_.tmp

2008-09-15 15:14 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-09-15 15:14 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-09-13 10:56 . 2008-06-16 12:01 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-13 10:56 . 2008-06-16 08:54 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-13 10:56 . 2008-06-16 08:54 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-13 10:56 . 2008-10-01 18:19 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-13 10:56 . 2008-10-01 16:40 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-13 10:56 . 2008-09-13 10:56 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-09-13 10:56 . 2008-06-16 08:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-13 10:56 . 2008-06-16 08:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-09-13 10:56 . 2008-09-13 10:56 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-10 12:52 . 2008-09-10 13:00 <DIR> d-------- C:\VBDP

2008-09-08 18:49 . 2008-09-08 18:49 57,344 --a------ C:\WINDOWS\system32\crviewer.oca

2008-09-02 17:45 . 2008-10-01 13:20 0 --a------ C:\BettyRem.rem

2008-09-02 10:38 . 2008-09-02 10:43 58 --a------ C:\WINDOWS\crw.ini

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-02 12:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-02 11:28 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-09-30 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-09-18 19:08 71,958 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-09-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-12 13:09 --------- d-----w C:\Arquivos de programas\McAfee

2008-09-09 20:26 --------- d-----w C:\Arquivos de programas\THAIS

2008-09-04 14:17 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-25 17:40 137 ----a-w C:\Print_use.bat

2008-08-25 16:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-18 21:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-18 14:37 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-08-18 14:37 --------- d-----w C:\Arquivos de programas\MSBuild

2008-08-18 14:33 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-08-13 12:13 --------- d-----w C:\Arquivos de programas\PhotoFiltre

2008-08-11 19:00 --------- d-----w C:\Arquivos de programas\MGI

2008-08-05 11:15 --------- d-----w C:\Arquivos de programas\GbPlugin

.

 

------- Sigcheck -------

 

2008-04-23 01:20 827392 7282f35cba5770795325f4b55e992f8f C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 12:40 827904 8cfd66cc90f966333cfa8d8161e185df C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2004-08-04 00:45 658432 398a619ce60090303042d1f8cc68f712 C:\WINDOWS\ie7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

2008-04-23 04:14 817152 86309ec6f9699d02efe77ff2508e4470 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 13:29 817152 3222b60bf562cda0fe49091331a1817a C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-06-23 13:29 817152 3222b60bf562cda0fe49091331a1817a C:\WINDOWS\system32\wininet.dll

2008-06-23 13:29 817152 3222b60bf562cda0fe49091331a1817a C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-13 19:21 977920 732946eeaa1d8ee2a4fc24370827617b C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 19:21 977920 732946eeaa1d8ee2a4fc24370827617b C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe

2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe

2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-11-22 704512]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"mcagent_exe"="C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"Detector"="C:\WINDOWS\twain_32\600x1200\Detector.exe" [2000-08-07 38400]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"VTTimer"="VTTimer.exe" [2006-08-03 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3Trayp.exe" [2006-07-10 C:\WINDOWS\system32\S3Trayp.exe]

"LMSXXD"="LMSXXD.exe" [2001-09-27 C:\WINDOWS\system32\LMSXXD.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GbPluginBb"="C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2008-04-15 378696]

"GbPluginCef"="C:\ARQUIV~1\GBPLUGIN\gbiehcef.dll" [2008-09-01 374856]

"GbPluginUni"="C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-05-19 368032]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-05-19 368032]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll" [2008-09-01 374856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-09-01 17:12 374856 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-05-19 15:10 368032 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass driver

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]

S3 pmxscan;USB 600x1200 V7 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [1999-10-13 12400]

S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-13 654848]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

C:\WINDOWS\Downloaded Program Files\CertifExp.inf

C:\WINDOWS\system32\Logof.dll

 

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab

C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf

C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

 

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

C:\WINDOWS\Downloaded Program Files\gbpdist.inf

C:\WINDOWS\Downloaded Program Files\gbpdist.dll

 

O16 -: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

C:\WINDOWS\Downloaded Program Files\GbPluginuni.inf

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-02 10:04:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="C:\ARQUIV~1\GbPlugin\GbpSv.exe"

.

------------------------ Outros Processos em Execução ------------------------

.

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

C:\Arquivos de programas\McAfee\MPF\MpfSrv.exe

C:\ARQUIV~1\McAfee.com\Agent\mcagent.exe

C:\ARQUIV~1\McAfee\MSC\mcuimgr.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-02 10:06:44 - Maquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2008-10-02 13:06:41

 

Pre-Run: 25 pasta(s) 27,687,174,144 bytes dispon¡veis

Post-Run: 28 pasta(s) 27,677,356,032 bytes dispon¡veis

 

204 --- E O F --- 2008-09-19 11:50:16

[PedroN 1]

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.