[Arquivado] GbiehBSB1

Pohada · Dezembro 27, 2008

Olá! Tem como vocês me ajudarem a retirar esse maldito GBiehBSB1, POR FAVOR?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:12, on 26/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrlS.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exe

C:\Arquivos de programas\TVR\RecSche.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Piolet\Piolet.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\DOCUME~1\Paulo\CONFIG~1\Temp\RarSFX9\NitroPC.exe

C:\Arquivos de programas\CoolSMS\CoolSMS.exe

C:\Arquivos de programas\Pacific\PN-WN321G\Installer\WINXP\Utilitario PN-WN321G.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\HiJackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\DirectX\Dinput\Driver\1\services.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\TVR\remote.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SchGrid.MSVDTDDGridCtrl7 - {2F01C4F1-4484-4BD8-9799-D544EC7EE74B} - C:\WINDOWS\system32\cdplayer.exe.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\NEXTUP~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Remote] C:\Arquivos de programas\TVR\Remote.exe

O4 - HKLM\..\Run: [RecSche] "C:\Arquivos de programas\TVR\RecSche.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [Piolet] C:\Arquivos de programas\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [Grabber2k] C:\Arquivos de programas\Grabber2k\Grabber2k.exe

O4 - HKCU\..\Run: [NitroPC] "C:\DOCUME~1\Paulo\CONFIG~1\Temp\RarSFX9\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utilitario PN-WN321G.lnk = C:\Arquivos de programas\Pacific\PN-WN321G\Installer\WINXP\Utilitario PN-WN321G.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173391124709

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{567523AF-8060-4DB4-BFFE-ADE449047643}: NameServer = 200.204.0.10,200.204.0.138

O20 - AppInit_DLLs: RQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrlS.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: Atualização Windows (WindowsUdate) - Unknown owner - C:\WINDOWS\kernel32.exe (file missing)

--

End of file - 14145 bytes

DigRam · Dezembro 27, 2008

Bom Dia! Pohada

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Pohada · Dezembro 27, 2008

Obrigado por estar ajudando

ComboFix 08-12-26.03 - Paulo 2008-12-27 14:25:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.959.474 [GMT -2:00]

Executando de: c:\documents and settings\Paulo\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)

FW: Panda Internet Security 2008 *disabled*

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Paulo\Dados de aplicativos\inst.exe

c:\windows\Downloaded Program Files\setup.inf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-27 to 2008-12-27 ))))))))))))))))))))))))))))

.

2008-12-27 00:19 . 2008-12-27 00:18 512,096 --a------ c:\windows\system32\drivers\amon.sys

2008-12-27 00:19 . 2008-12-27 00:18 298,104 --a------ c:\windows\system32\imon.dll

2008-12-27 00:19 . 2008-12-27 00:18 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys

2008-12-27 00:19 . 2008-12-27 00:19 0 --a------ c:\windows\system32\mapisvc.inf

2008-12-27 00:18 . 2008-12-27 14:25 <DIR> d-------- c:\arquivos de programas\ESET

2008-12-26 15:58 . 2008-12-26 16:15 <DIR> d-------- C:\hijackthis

2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\documents and settings\Paulo\Dados de aplicativos\Malwarebytes

2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-25 23:48 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-25 23:48 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-25 21:58 . 2008-12-27 03:50 41,299 --a------ c:\windows\system32\nseawxv.ubs

2008-12-24 18:16 . 2008-12-27 14:32 270,456 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck

2008-12-24 18:16 . 2008-12-27 14:32 1,204 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck

2008-12-24 18:13 . 2008-12-27 14:32 270,456 --a------ c:\windows\system32\drivers\APPFCONT.DAT

2008-12-24 18:13 . 2007-06-06 07:43 83,640 --a------ c:\windows\system32\drivers\pavdrv51.sys

2008-12-24 18:13 . 2008-12-27 14:32 1,204 --a------ c:\windows\system32\drivers\APPFLTR.CFG

2008-12-24 18:13 . 2008-12-24 18:13 277 --a------ c:\windows\system32\PavCPL.dat

2008-12-24 18:10 . 2007-07-12 10:49 178,872 --a------ c:\windows\system32\drivers\PavProc.sys

2008-12-24 18:10 . 2007-05-23 12:40 38,968 --a------ c:\windows\system32\drivers\ShlDrv51.sys

2008-12-24 15:33 . 2008-12-24 15:33 96,976 --a------ c:\windows\system32\drivers\klin.dat

2008-12-24 15:33 . 2008-12-24 15:33 87,855 --a------ c:\windows\system32\drivers\klick.dat

2008-12-24 14:00 . 2008-12-24 14:00 1 ---hs---- C:\MSDOS.INF

2008-12-24 04:47 . 2008-12-24 04:47 <DIR> d-------- c:\arquivos de programas\AdoreSoftphone

2008-12-23 04:05 . 2008-12-23 04:05 <DIR> d-------- c:\arquivos de programas\CoolSMS

2008-12-10 22:00 . 2008-12-10 22:00 <DIR> d-------- c:\windows\Mozilla

2008-12-02 00:36 . 2008-12-02 01:00 <DIR> d-------- c:\documents and settings\Paulo\.freemind

2008-12-02 00:36 . 2008-12-16 13:36 <DIR> d-------- c:\arquivos de programas\FreeMind

2008-11-30 23:41 . 2008-12-21 23:44 21,365 --a------ c:\windows\system32\zhwmegg.ubs

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 16:31 --------- d-----w c:\documents and settings\Paulo\Dados de aplicativos\Free Download Manager

2008-12-27 16:31 --------- d-----w c:\documents and settings\Paulo\Dados de aplicativos\DNA

2008-12-27 16:31 --------- d-----w c:\arquivos de programas\DNA

2008-12-27 16:28 --------- d-----w c:\arquivos de programas\Piolet

2008-12-27 16:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-12-26 00:55 --------- d-----w c:\arquivos de programas\AV Vcs 6.0 DIAMOND

2008-12-25 06:39 5,214,736 ----a-w C:\torrentsearcherweb10.exe

2008-12-25 06:39 472,576 ----a-w C:\dxsetup.exe

2008-12-25 06:39 18,029,424 ----a-w C:\Install_Messenger.exe

2008-12-25 06:39 1,264,152 ----a-w C:\va21beta.exe

2008-12-25 06:39 1,039,648 ----a-w C:\va20.exe

2008-12-25 06:38 208,896 ----a-w C:\3DAnalyze.exe

2008-12-24 20:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-24 20:12 --------- d-----w c:\arquivos de programas\Panda Security

2008-12-24 20:10 --------- d-----w c:\arquivos de programas\Arquivos comuns\Panda Software

2008-12-16 18:41 65,536 ----a-w c:\windows\IFinst27.exe

2008-12-11 00:16 --------- d-----w c:\arquivos de programas\MediaCoder

2008-12-01 15:01 --------- d-----w c:\documents and settings\Ronaldo\Dados de aplicativos\blah start dart

2008-12-01 15:01 --------- d-----w c:\documents and settings\Paulo\Dados de aplicativos\blah start dart

2008-12-01 01:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Cast ping base frag

2008-11-11 21:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat

2008-11-11 21:00 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-11-10 20:45 --------- d-----w c:\arquivos de programas\Circle Developement

2008-11-10 20:39 --------- d-----w c:\arquivos de programas\Arquivos comuns\Panda Security

2008-11-09 23:26 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-11-09 22:17 --------- d-----w c:\arquivos de programas\Kaspersky Lab

2008-11-09 22:16 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-11-09 21:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2008-11-08 21:28 --------- d-----w c:\arquivos de programas\JF Enterprises ltda

2008-10-31 13:33 --------- d-----w c:\arquivos de programas\blah start dart

2008-02-14 09:08 17,928 ----a-w c:\documents and settings\Ronaldo\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-11-25 18:47 47,360 ----a-w c:\documents and settings\Paulo\Dados de aplicativos\pcouffin.sys

2007-11-05 08:39 8,920 ----a-w c:\arquivos de programas\thumbnail.jpg

2007-09-03 19:22 5,613,511 ----a-w c:\arquivos de programas\downloadmanager.exe

2007-05-27 04:52 88,379 ----a-w c:\arquivos de programas\pthreadGC2.dll

2008-12-26 18:31 67,688 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2008-12-26 18:31 54,368 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2008-12-26 18:31 34,944 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2008-12-26 18:31 46,712 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2008-12-26 18:31 172,136 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

2007-04-10 19:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat

2007-04-16 22:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012007040920070416\index.dat

2007-04-16 22:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012007041620070417\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F01C4F1-4484-4BD8-9799-D544EC7EE74B}]

2008-12-21 23:40 866304 --a------ c:\windows\system32\cdplayer.exe.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

2008-12-24 14:03 824320 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2007-09-01 2437167]

"Free Upload Manager"="c:\arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 253952]

"Free Uploader Oe Integration"="c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-15 342848]

"SRS Audio Sandbox"="c:\arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 4354048]

"Grabber2k"="c:\arquivos de programas\Grabber2k\Grabber2k.exe" [2001-06-25 505856]

"CoolSMS"="c:\arquivos de programas\CoolSMS\CoolSMS.exe" [2007-08-28 1067520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Sunkist2k"="c:\arquivos de programas\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]

"Remote"="c:\arquivos de programas\TVR\Remote.exe" [2006-07-28 212992]

"RecSche"="c:\arquivos de programas\TVR\RecSche.exe" [2006-07-28 454656]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"Piolet"="c:\arquivos de programas\Piolet\Piolet.exe" [2008-01-16 5984256]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-01-31 385024]

"RealTray"="c:\arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe" [2007-08-17 675328]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 339968]

"APVXDWIN"="c:\arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" [2007-07-23 406832]

"SCANINICIO"="c:\arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 27952]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2008-12-27 949376]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]

"SoundMan"="SOUNDMAN.EXE" [2004-07-01 c:\windows\SOUNDMAN.EXE]

"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-08-25 217088]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Utilitario PN-WN321G.lnk - c:\arquivos de programas\Pacific\PN-WN321G\Installer\WINXP\Utilitario PN-WN321G.exe [2007-12-04 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\Piolet\\Piolet.exe"=

R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [2008-03-17 4864]

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2007-03-08 75904]

R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2008-12-24 71736]

R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2008-12-24 51256]

R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2008-12-24 22072]

R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2008-12-24 191672]

R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2008-12-24 18:12:28 132920]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-27 15424]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-24 38968]

R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\Drivers\SMSFLT.SYS [2008-12-24 37304]

R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2008-12-24 30648]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2008-12-24 24760]

R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-24 178872]

R3 AVHybrid;AVHybrid service;c:\windows\system32\DRIVERS\AVHybrid.sys [2007-04-10 660736]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2008-12-24 142128]

R3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]

S0 hohz;hohz;c:\windows\system32\drivers\jkiyyuu.sys []

S0 klbg;KlBg;c:\windows\system32\drivers\klbg.sys []

S2 WindowsUdate;Atualização Windows;c:\windows\kernel32.exe []

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-01-14 22640]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-25 38496]

S3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [2008-03-17 15872]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df6771f1-cdbe-11db-9685-806d6172696f}]

\Shell\AutoRun\command - D:\install.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-12-05 c:\windows\Tasks\Limpeza básica.job

- c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PlaTasks.exe [2007-07-17 15:13]

2008-12-05 c:\windows\Tasks\Limpeza básica1.job

- c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PlaTasks.exe [2007-07-17 15:13]

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA} - (no file)

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

LSP: c:\windows\system32\imon.dll

LSP: c:\arquivos de programas\Panda Security\Panda Internet Security 2008\pavlsp.dll

TCP: {030B0A88-74D8-4A94-9E68-B2064DB39CB1} = 200.204.0.10 200.204.0.138

TCP: {567523AF-8060-4DB4-BFFE-ADE449047643} = 200.204.0.10,200.204.0.138

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

c:\arquivos de programas\SystemRequirementsLab\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:\windows\Downloaded Program Files\sysreqlab.osd

O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

c:\windows\Downloaded Program Files\MSIWDev.inf

FF - ProfilePath - c:\documents and settings\Paulo\Dados de aplicativos\Mozilla\Firefox\Profiles\phk6ayf4.default\

FF - prefs.js: browser.startup.homepage - about:blank

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=c:\arquiv~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

VBEFile=c:\arquiv~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

VBSFile=c:\arquiv~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 14:30:38

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Remote = c:\arquivos de programas\TVR\Remote.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1108)

c:\windows\system32\avldr.dll

c:\windows\system32\l3codeca.acm

c:\windows\system32\AC3ACM.acm

c:\windows\system32\lameACM.acm

c:\windows\system32\scg726.acm

c:\windows\system32\alf2cd.acm

- - - - - - - > 'lsass.exe'(1164)

c:\windows\system32\imon.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\ESET\nod32krn.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrlS.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE

c:\arquivos de programas\Arquivos comuns\Panda Software\PavShld\PavPrSrv.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

c:\arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\SrvLoad.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\WebProxy.exe

c:\arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-27 14:34:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-27 16:34:56

Pré-execução: 369.463.296 bytes disponíveis

Pós execução: 4,921,102,336 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

277 --- E O F --- 2008-12-19 12:41:00

Pohada · Dezembro 27, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:40:45, on 27/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Arquivos de programas\Eset\nod32krn.exe