[Resolvido!] Problemas com vírus

Marco Aurélio_398 · Janeiro 17, 2009

Estou solicitando ajuda pra resolver um problema com vírus, sempre quando abro uma página na internet meu antivirus da aviso de cookies quando não é um trojan e faço o escaneamento com ele mas nunca consigo retirar o vírus... quando coloco qualquer disco removível em meu pc sempre aparece um virus como recycler e auto run que nunca consigo os extrair... peço ajuda pra solucionar o problema. Obrigado!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:08:33, on 17/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe

C:\Arquivos de programas\Java\jre6\bin\java.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215618815843

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

--

End of file - 6252 bytes

MGuitar · Janeiro 17, 2009

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o item abaixo:

ASK Toolbar

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

Marco Aurélio_398 · Janeiro 18, 2009

ComboFix 09-01-17.03 - Administrador 2009-01-18 8:35:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2039.1571 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\azip32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))

.

2009-01-17 15:50 . 2009-01-17 15:50 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2009-01-17 15:50 . 2009-01-17 15:50 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\snp2std

2009-01-17 15:50 . 2007-10-29 17:37 12,214,272 --a------ c:\windows\system32\drivers\snp2sxp.sys

2009-01-17 15:50 . 2007-09-28 16:32 344,064 --a------ c:\windows\vsnp2std.exe

2009-01-17 15:50 . 2007-05-12 11:19 270,336 --a------ c:\windows\tsnp2std.exe

2009-01-17 15:50 . 2007-02-05 15:25 151,552 --a------ c:\windows\system32\rsnp2std.dll

2009-01-17 15:50 . 2006-11-16 15:57 77,824 --a------ c:\windows\system32\csnp2std.dll

2009-01-17 15:50 . 2007-01-25 18:48 25,472 --a------ c:\windows\system32\drivers\sncamd.sys

2009-01-17 15:50 . 2004-12-09 17:23 15,497 --a------ c:\windows\snp2std.ini

2009-01-17 15:50 . 2004-12-09 17:23 13,022 --a------ c:\windows\snp2std.src

2009-01-16 23:43 . 2009-01-16 23:44 401,720 --a------ C:\HiJackThis.exe

2009-01-16 23:41 . 2009-01-16 23:41 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-16 23:41 . 2009-01-16 23:41 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-01-16 23:41 . 2009-01-16 23:41 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-01-16 23:41 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-16 23:41 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-10 12:26 . 2007-09-05 15:50 73,728 --a------ c:\windows\system32\vsnp2std.dll

2009-01-10 12:26 . 2007-07-11 16:09 20,480 --a------ c:\windows\FixCamera.exe

2009-01-05 13:16 . 2009-01-05 13:16 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-01-05 13:15 . 2009-01-05 13:15 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-12-29 11:47 . 2008-12-29 11:47 <DIR> d-------- c:\windows\system32\ipp20

2008-12-29 11:47 . 2008-12-29 11:47 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Pioneer

2008-12-26 13:12 . 2008-12-28 17:02 <DIR> d-------- c:\arquivos de programas\MensagemWeb

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-17 17:50 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-01-17 01:53 --------- d-----w c:\arquivos de programas\GbPlugin

2009-01-15 02:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-01-09 20:42 --------- d-----w c:\arquivos de programas\AVG

2009-01-02 20:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-01-02 20:36 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Corel

2009-01-02 20:36 --------- d-----w c:\arquivos de programas\Corel

2009-01-02 20:34 --------- d-----w c:\arquivos de programas\DivX

2008-12-27 19:04 --------- d-----w c:\arquivos de programas\MegaCubo

2008-12-27 18:51 --------- d-----w c:\arquivos de programas\SopCast

2008-12-27 18:33 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 02:51 --------- d-----w c:\arquivos de programas\BR Elementos

2008-12-08 22:43 --------- d-----w c:\arquivos de programas\Java

2008-12-04 01:14 --------- d-----w c:\arquivos de programas\Arquivos comuns\Corel

2008-12-04 01:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel

2008-12-02 23:15 --------- d-----w c:\arquivos de programas\Arquivos comuns\Acon Digital Media

2008-12-02 23:15 --------- d-----w c:\arquivos de programas\Acon Digital Media

2008-12-02 02:32 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Carnival Software

2008-12-02 02:32 --------- d-----w c:\arquivos de programas\Caricature Studio Green 3.6

2008-09-14 23:47 2,516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-09-14 23:46 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\F6BE4ADFBB.sys

2008-08-10 21:56 81,920 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\ezpinst.exe

2008-08-10 21:56 47,360 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\pcouffin.sys

2008-10-01 03:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2008-10-01 03:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008100120081002\index.dat

2008-10-01 03:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2008-10-01 03:51 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^TVTuner Remote Control.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\TVTuner Remote Control.lnk

backup=c:\windows\pss\TVTuner Remote Control.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-14 00:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

--a------ 2007-07-11 16:09 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2005-11-28 03:52 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2005-11-28 03:55 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2005-11-28 03:55 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 00:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--a------ 2007-09-28 16:32 344064 c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-12-08 20:43 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]

--a------ 2007-05-12 11:19 270336 c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-07-05 06:08 16380416 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 06:45 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-22 97928]

R4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-07-23 875288]

R4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 231704]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-22 76040]

R4 BT878;%BT87s8.VideoDeviceDesc%;c:\windows\system32\drivers\cxvcap.sys [2008-07-08 56704]

R4 CXTUNER;CxTuner, WDM TvTuner;c:\windows\system32\drivers\cxtuner.sys [2008-07-08 26752]

R4 CXXBAR;CxBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [2008-07-09 9728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd1960d-82b6-11dd-9c33-001d7dffb601}]

\Shell\AutoRun\command - J:\p1f6b.exe

\Shell\explore\Command - J:\p1f6b.exe

\Shell\open\Command - J:\p1f6b.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e67f5b0-db67-11dd-a074-001d7dffb601}]

\Shell\AutoRun\command - I:\wdsync.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehcef.dll

MSConfigStartUp-ccApp - c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

MSConfigStartUp-NvGraphicsInterface - c:\runmgr.exe

MSConfigStartUp-osCheck - c:\arquivos de programas\Norton Internet Security\osCheck.exe

MSConfigStartUp-winbsvc - winbsvc.exe

MSConfigStartUp-windsvc - windsvc.exe

MSConfigStartUp-winhsvc - winhsvc.exe

MSConfigStartUp-winmsvc - winmsvc.exe

MSConfigStartUp-winsvc32 - winsvc32.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\gbpdist.dll - O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}

hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

c:\windows\Downloaded Program Files\gbpdist.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-18 08:38:12

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-18 8:39:53 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-18 10:39:50

Pré-execução: 16 pasta(s) 22.283.636.736 bytes disponíveis

Pós execução: 16 pasta(s) 22,281,474,048 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

211 --- E O F --- 2009-01-15 02:16:07

MGuitar · Janeiro 19, 2009

Selecione e copie este conteúdo abaixo dentro do CODE (começando de File). Cole dentro do Bloco de Notas do computador e salve no desktop como CFScript.txt

File::c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sysc:\documents and settings\All Users\Dados de aplicativos\F6BE4ADFBB.sysc:\documents and settings\Administrador\Dados de aplicativos\ezpinst.exec:\documents and settings\Administrador\Dados de aplicativos\pcouffin.sysJ:\p1f6b.exeI:\wdsync.exeRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd1960d-82b6-11dd-9c33-001d7dffb601}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e67f5b0-db67-11dd-a074-001d7dffb601}]

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Marco Aurélio_398 · Janeiro 19, 2009

ComboFix 09-01-17.03 - Administrador 2009-01-19 21:36:04.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2039.1566 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

* Resident AV is active

FILE ::

c:\documents and settings\Administrador\Dados de aplicativos\ezpinst.exe

c:\documents and settings\Administrador\Dados de aplicativos\pcouffin.sys

c:\documents and settings\All Users\Dados de aplicativos\F6BE4ADFBB.sys

c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

I:\wdsync.exe

J:\p1f6b.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrador\Dados de aplicativos\ezpinst.exe

c:\documents and settings\Administrador\Dados de aplicativos\pcouffin.sys

c:\documents and settings\All Users\Dados de aplicativos\F6BE4ADFBB.sys

c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))