[Resolvido!] Outra torre, outro problema: não consigo acessar pro

[morozetti 0]

DESCULPE A DEMORA!! Não conseguia acessar a internet...

 

Bom, aqui estão os logs.

P.S.: Não consegui rodar o ComboFix (q estava salvo com outro nome e em modo de segurança) porque ele acusava o Avast.

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-30 19:12:31

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA844C6B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA844C574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA844CA52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA844C14C]

SSDT spgz.sys ZwEnumerateKey [0xB9EC6CA2]

SSDT spgz.sys ZwEnumerateValueKey [0xB9EC7030]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA844C64E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA844C08C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA844C0F0]

SSDT spgz.sys ZwQueryKey [0xB9EC7108]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA844C76E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA844C72E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA844C8AE]

 

INT 0x62 ? 89E48BF8

INT 0x63 ? 89E48BF8

INT 0x73 ? 89C0CBF8

INT 0x82 ? 89E48BF8

INT 0x94 ? 89C0CBF8

INT 0xA4 ? 89C0CBF8

 

---- Kernel code sections - GMER 1.0.15 ----

 

? spgz.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload B8F5162C 5 Bytes JMP 89C0C1D8

.text av56e0me.SYS B8EBA386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text av56e0me.SYS B8EBA3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text av56e0me.SYS B8EBA3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text av56e0me.SYS B8EBA3C9 1 Byte [2E]

.text av56e0me.SYS B8EBA3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]

.text ...

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1006FC10 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[504] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 1006FAA0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[504] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 1006F940 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EA9040] spgz.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EA913C] spgz.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EA90BE] spgz.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EA97FC] spgz.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EA96D2] spgz.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9EB9048] spgz.sys

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KeGetCurrentIrql] CB033043

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KfRaiseIrql] 0673C13B

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KfLowerIrql] C13B0003

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!HalGetInterruptVector] 8366FA72

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!READ_PORT_USHORT] 83660000

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200

IAT \SystemRoot\System32\Drivers\av56e0me.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[548] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[548] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 89E471F8

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

 

Device \FileSystem\Fastfat \FatCdrom 89573500

 

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\usbuhci \Device\USBPDO-0 89C0B1F8

Device \Driver\PCI_PNP3538 \Device\00000045 spgz.sys

Device \Driver\usbuhci \Device\USBPDO-1 89C0B1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DDB1F8

Device \Driver\dmio \Device\DmControl\DmConfig 89DDB1F8

Device \Driver\dmio \Device\DmControl\DmPnP 89DDB1F8

Device \Driver\dmio \Device\DmControl\DmInfo 89DDB1F8

Device \Driver\usbuhci \Device\USBPDO-2 89C0B1F8

Device \Driver\usbuhci \Device\USBPDO-3 89C0B1F8

Device \Driver\usbehci \Device\USBPDO-4 89BDE1F8

 

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\Ftdisk \Device\HarddiskVolume1 89E491F8

Device \Driver\sptd \Device\3385039788 spgz.sys

Device \Driver\Ftdisk \Device\HarddiskVolume2 89E491F8

Device \Driver\Cdrom \Device\CdRom0 89BD01F8

Device \Driver\atapi \Device\Ide\IdePort0 89E481F8

Device \Driver\atapi \Device\Ide\IdePort1 89E481F8

Device \Driver\atapi \Device\Ide\IdePort2 89E481F8

Device \Driver\atapi \Device\Ide\IdePort3 89E481F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89E481F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 89E481F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 89A41500

Device \Driver\NetBT \Device\NetbiosSmb 89A41500

 

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\usbuhci \Device\USBFDO-0 89C0B1F8

Device \Driver\usbuhci \Device\USBFDO-1 89C0B1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898F9500

Device \Driver\usbuhci \Device\USBFDO-2 89C0B1F8

Device \Driver\usbuhci \Device\USBFDO-3 89C0B1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 898F9500

Device \Driver\NetBT \Device\NetBT_Tcpip_{09A8FABF-F69E-4522-ABF1-A08961CB7FE3} 89A41500

Device \Driver\Ftdisk \Device\FtControl 89E491F8

Device \Driver\usbehci \Device\USBFDO-4 89BDE1F8

Device \Driver\av56e0me \Device\Scsi\av56e0me1 89BC21F8

Device \FileSystem\Fastfat \Fat 89573500

 

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

 

Device \FileSystem\Cdfs \Cdfs 89C4E1F8

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x01 0x81 0x41 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9C 0x98 0x12 0xC1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x19 0x8B 0x3F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x58 0xFE 0xCE ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x01 0x81 0x41 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9C 0x98 0x12 0xC1 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x19 0x8B 0x3F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x58 0xFE 0xCE ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\515C51DD12BD4A2418F98C5486518A03@D6461317C3DC4F04799BDCE9E42626FE C?\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config.default

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb@DllName C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb@MaxWait 258

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb@Startup GbPluginEventStartup

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni@DllName C:\ARQUIV~1\GbPlugin\gbiehuni.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni@MaxWait 258

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni@Startup GbPluginEventStartup

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@EulaAccepted 0

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1

 

---- EOF - GMER 1.0.15 ----

 

 

 

Scan - Kaspersky AVP Tool

----

Scanned: 598008

Detected: 4

Untreated: 4

Start time: 29/6/2009 22:22:42

Duration: 03:01:52

Finish time: 30/6/2009 01:24:34

 

 

Detected

--------

Status Object

------ ------

detected: adware not-a-virus:AdWare.Win32.Shopper.v File: C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20090203-145211-515.dll

detected: virus Email-Worm.Win32.Agent.ghc File: C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe

detected: virus Email-Worm.Win32.Agent.ghc File: C:\WINDOWS\system32\calc.exe

detected: virus Email-Worm.Win32.Agent.ghc File: C:\WINDOWS\system32\dllcache\calc.exe

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

29/6/2009 23:33:47 File: C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20090203-145211-515.dll detected adware 'not-a-virus:AdWare.Win32.Shopper.v'

29/6/2009 23:33:47 File: C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20090203-145211-515.dll not disinfected postponed

30/6/2009 00:18:58 File: C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 00:18:58 File: C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe not disinfected postponed

30/6/2009 00:35:23 File: C:\WINDOWS\system32\calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 00:35:23 File: C:\WINDOWS\system32\calc.exe not disinfected postponed

30/6/2009 00:38:13 File: C:\WINDOWS\system32\dllcache\calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 00:38:13 File: C:\WINDOWS\system32\dllcache\calc.exe not disinfected postponed

30/6/2009 01:24:22 File: c:\arquivos de programas\trend micro\hijackthis\backups\backup-20090203-145211-515.dll detected adware 'not-a-virus:AdWare.Win32.Shopper.v'

30/6/2009 01:24:29 File: c:\arquivos de programas\trend micro\hijackthis\backups\backup-20090203-145211-515.dll not disinfected skipped by user

30/6/2009 01:24:30 File: c:\windows\bricopacks\vista inspirat 2\packfiles\7_calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 01:24:31 File: c:\windows\bricopacks\vista inspirat 2\packfiles\7_calc.exe not disinfected skipped by user

30/6/2009 01:24:31 File: c:\windows\system32\calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 01:24:32 File: c:\windows\system32\calc.exe not disinfected skipped by user

30/6/2009 01:24:32 File: c:\windows\system32\dllcache\calc.exe detected virus 'Email-Worm.Win32.Agent.ghc'

30/6/2009 01:24:34 File: c:\windows\system32\dllcache\calc.exe not disinfected skipped by user

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

[Sam Spade 2]

Opa, desculpe a demora, mas tive de me ausentar por viagem. Exclua o ComboFix.exe do desktop e baixe-o novamente. Rode-o e poste o novo ComboFix.txt.

[morozetti 0]

Olá! Aqui está o log do ComboFix:

 

ComboFix 09-07-14.08 - Administrador 16/07/2009 19:16.6.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2039.1609 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\idiotaaa.exe

AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

c:\windows\Installer\32b66.msi

c:\windows\Installer\32b67.msp

c:\windows\Installer\32b68.msp

c:\windows\Installer\32b69.msp

c:\windows\Installer\32b6a.msp

c:\windows\Installer\32b6b.msp

c:\windows\Installer\32b6c.msp

c:\windows\Installer\32b6d.msp

c:\windows\Installer\32b6e.msp

c:\windows\Installer\32b6f.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))

.

 

2009-06-30 22:21 . 2009-06-30 22:21 -------- d-s---w- C:\blaah

2009-06-29 23:16 . 2009-06-30 22:32 608288 --sha-w- c:\windows\system32\drivers\fidbox.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-16 22:08 . 2001-10-28 14:07 66006 ----a-w- c:\windows\system32\perfc016.dat

2009-07-16 22:08 . 2001-10-28 14:07 422200 ----a-w- c:\windows\system32\perfh016.dat

2009-06-30 22:32 . 2009-06-29 23:16 6428 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-30 04:24 . 2008-04-14 19:20 118272 ----a-w- c:\windows\system32\calc.exe

2009-06-28 20:02 . 2008-04-26 20:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-10 20:23 . 2008-04-17 00:09 -------- d-----w- c:\arquivos de programas\eMule

2009-05-14 16:17 . 2009-05-14 16:17 398 ----a-w- c:\documents and settings\Administrador\SRFix.reg

2009-05-11 02:58 . 2008-07-21 00:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-11 02:18 . 2009-05-11 02:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-30 22:45 . 2009-04-30 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-30 22:42 . 2009-04-30 22:42 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2004-03-11 16:27 . 2008-08-08 11:38 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-05-01 02:30 . 2008-08-28 00:10 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\sfcfiles.dll

[-] 2008-04-04 17:26 1548288 BF426063723221B70ACCBDA3593C4EBC c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-07-16_22.02.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-16 22:11 . 2009-07-16 22:11 16384 c:\windows\temp\Perflib_Perfdata_764.dat

+ 2009-07-16 22:11 . 2009-07-16 22:11 16384 c:\windows\temp\Perflib_Perfdata_4d4.dat

+ 2001-10-28 14:07 . 2009-07-16 22:08 57344 c:\windows\system32\perfc009.dat

+ 2001-10-28 14:07 . 2009-07-16 22:08 389050 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-30 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-28 180269]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\MultiMedia\\AliViewer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Motorola\\Software Update\\msu.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\TradeManager.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1867:TCP"= 1867:TCP:jgtbzme

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2009 14:01 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2009 14:01 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/2/2009 07:54 52560]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [4/2/2009 11:45 18004]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/12/2008 06:58 26320]

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\6.tmp --> c:\windows\TEMP\6.tmp [?]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [30/7/2008 21:22 6016]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [4/2/2009 13:28 26752]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [30/7/2008 21:22 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [30/7/2008 21:22 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/7/2008 21:22 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [30/7/2008 21:22 23296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

Trusted Zone: bancobrasil.com.br\www2

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxc&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=pt-br&FORM=MIMWA1&q=

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npww.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-16 19:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]

"ImagePath"="\??\c:\windows\TEMP\6.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(496)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

 

- - - - - - - > 'explorer.exe'(2744)

c:\windows\system32\ntshrui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

c:\arquivos de programas\Bonjour\mdnsNSP.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-07-16 19:23

ComboFix-quarantined-files.txt 2009-07-16 22:23

ComboFix2.txt 2009-06-02 02:46

ComboFix3.txt 2009-02-16 01:18

ComboFix4.txt 2009-02-04 14:17

 

Pré-execução: 21 pasta(s) 85.314.887.680 bytes disponíveis

Pós execução: 21 pasta(s) 85.310.722.048 bytes disponíveis

 

171 --- E O F --- 2008-09-11 00:05

 

------------------------------------------------------

 

E outro atualizado do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:31:08, on 16/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A73B8C64-8FA5-407E-A7A5-B039A3267437}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4352 bytes

[Sam Spade 2]

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\TEMP\6.tmp

 

DirLook::

C:\blaah

 

Driver::

{DEF85C80-216A-43AB-AF70-1665EDBE2780}

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1867:TCP"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]

"{C5428486-50A0-4a02-9D20-520B59A9F9B3}"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

[-HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Poste um novo log do HijackThis e o novo log do ComboFix.

[morozetti 0]

Log do ComboFix:

 

ComboFix 09-07-14.08 - Administrador 28/07/2009 16:03.7.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2039.1560 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\idiotaaa.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090716-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

 

FILE ::

"c:\windows\TEMP\6.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}

-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-28 to 2009-07-28 ))))))))))))))))))))))))))))

.

 

2009-06-30 22:21 . 2009-06-30 22:21 -------- d-s---w- C:\blaah

2009-06-29 23:16 . 2009-06-30 22:32 608288 --sha-w- c:\windows\system32\drivers\fidbox.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-16 22:08 . 2001-10-28 14:07 66006 ----a-w- c:\windows\system32\perfc016.dat

2009-07-16 22:08 . 2001-10-28 14:07 422200 ----a-w- c:\windows\system32\perfh016.dat

2009-06-30 22:32 . 2009-06-29 23:16 6428 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-30 04:24 . 2008-04-14 19:20 118272 ----a-w- c:\windows\system32\calc.exe

2009-06-28 20:02 . 2008-04-26 20:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-10 20:23 . 2008-04-17 00:09 -------- d-----w- c:\arquivos de programas\eMule

2009-05-14 16:17 . 2009-05-14 16:17 398 ----a-w- c:\documents and settings\Administrador\SRFix.reg

2009-05-11 02:58 . 2008-07-21 00:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-11 02:18 . 2009-05-11 02:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-30 22:45 . 2009-04-30 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-30 22:42 . 2009-04-30 22:42 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2004-03-11 16:27 . 2008-08-08 11:38 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-05-01 02:30 . 2008-08-28 00:10 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\blaah ----

 

2009-06-30 22:21 . 2009-06-30 22:21 0 ----a-w- c:\blaah\ForeignC01

2009-06-30 22:21 . 2009-06-30 22:21 883 ----a-w- c:\blaah\ForeignC00

2009-06-30 22:21 . 2009-06-30 22:21 0 ----a-w- c:\blaah\N_\19092

2009-06-30 22:21 . 2009-06-30 22:21 861 ----a-w- c:\blaah\ForeignWht

2009-06-30 22:21 . 2009-06-30 22:21 10 ----a-w- c:\blaah\erunt.dat

2009-06-30 22:21 . 2009-06-30 22:21 12 ----a-w- c:\blaah\kmd.dat

2009-06-30 22:21 . 2009-06-30 22:21 129 ----a-w- c:\blaah\N_\4353

2009-06-30 22:21 . 2000-08-31 11:00 161792 ----a-r- c:\blaah\SWREG.cfexe

2009-06-30 22:21 . 2009-06-30 22:21 34 ----a-w- c:\blaah\N_\27711

2009-06-30 22:21 . 2009-06-30 22:21 113 ----a-w- c:\blaah\desktop.ini

2009-06-30 22:21 . 2009-06-30 22:21 91 ----a-w- c:\blaah\CCS.bat

2009-06-30 22:21 . 2001-10-28 14:06 11264 ----a-r- c:\blaah\Attrib.cfexe

2009-06-30 22:21 . 2004-08-04 02:45 28672 ----a-r- c:\blaah\FINDSTR.cfexe

2009-06-30 22:21 . 2009-06-30 22:21 34 ----a-w- c:\blaah\N_\20337

2009-06-30 22:21 . 2009-06-30 22:21 34 ----a-w- c:\blaah\N_\8250

2009-06-30 22:21 . 2009-06-30 22:21 31 ----a-w- c:\blaah\N_\3556

2009-06-30 22:21 . 2009-06-30 22:21 0 ----a-w- c:\blaah\N_\7927

2009-06-30 22:21 . 2009-06-30 22:21 0 ----a-w- c:\blaah\NULL

2009-06-30 22:20 . 2009-06-30 22:21 124 ----a-w- c:\blaah\Resident.txt

2009-06-30 22:20 . 2009-06-30 22:20 14 ----a-w- c:\blaah\sfx.cmd

2009-06-30 22:20 . 2009-06-30 22:20 6 ----a-w- c:\blaah\NlsLanguageDefault

2009-06-30 22:20 . 2009-06-30 22:20 16 ----a-w- c:\blaah\CHCP.bat

2009-06-30 22:20 . 2009-06-30 22:20 42 ----a-w- c:\blaah\OsVer

2009-06-30 22:20 . 2009-04-20 15:56 31232 ----a-r- c:\blaah\Nircmd.com

2009-06-30 22:20 . 2009-05-31 14:08 154624 ----a-r- c:\blaah\pev.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 1057 ----a-w- c:\blaah\image001.gif

2009-06-30 22:20 . 2009-05-02 01:26 587 ----a-w- c:\blaah\restore_pt.vbs

2009-06-30 22:20 . 2000-08-31 11:00 2176 ----a-w- c:\blaah\SvcDrv.vbs

2009-06-30 22:20 . 2009-05-14 04:08 592 ----a-w- c:\blaah\Wmi_rem.vbs

2009-06-30 22:20 . 2009-05-13 21:09 1464 ----a-w- c:\blaah\av.vbs

2009-06-30 22:20 . 2000-08-31 11:00 746 ----a-w- c:\blaah\DPF.str

2009-06-30 22:20 . 2000-08-31 11:00 2428 ----a-w- c:\blaah\lnkread.vbs

2009-06-30 22:20 . 2000-08-31 11:00 977 ----a-w- c:\blaah\OSid.vbs

2009-06-30 22:20 . 2000-08-31 11:00 413 ----a-w- c:\blaah\toolbar.sed

2009-06-30 22:20 . 2000-08-31 11:00 303 ----a-w- c:\blaah\embedded.sed

2009-06-30 22:20 . 2000-08-31 11:00 3558 ----a-w- c:\blaah\REGDACL.sed

2009-06-30 22:20 . 2000-08-31 11:00 9203 ----a-w- c:\blaah\RegDo.sed

2009-06-30 22:20 . 2000-08-31 11:00 287 ----a-w- c:\blaah\run2.sed

2009-06-30 22:20 . 2009-05-25 12:59 7983 ----a-w- c:\blaah\ddsDo.sed

2009-06-30 22:20 . 2009-05-23 04:46 7438 ----a-w- c:\blaah\Exe.reg

2009-06-30 22:20 . 2009-06-02 02:21 2165 ----a-w- c:\blaah\files.pif

2009-06-30 22:20 . 2009-06-02 02:21 4624 ----a-w- c:\blaah\md5sum.pif

2009-06-30 22:20 . 2009-06-02 02:20 17023 ----a-w- c:\blaah\srizbi.md5

2009-06-30 22:20 . 2000-08-31 11:00 2815 ----a-w- c:\blaah\ERDNTDOS.LOC

2009-06-30 22:20 . 2000-08-31 11:00 3275 ----a-w- c:\blaah\ERDNTWIN.LOC

2009-06-30 22:20 . 2000-08-31 11:00 4090 ----a-w- c:\blaah\ERUNT.LOC

2009-06-30 22:20 . 2005-10-20 23:02 163328 ----a-w- c:\blaah\ERDNT.e_e

2009-06-30 22:20 . 2000-08-31 11:00 13141 ----a-w- c:\blaah\xpreg.dat

2009-06-30 22:20 . 2000-08-31 11:00 23773 ----a-w- c:\blaah\zDomain.dat

2009-06-30 22:20 . 2009-06-01 14:50 33239 ----a-w- c:\blaah\zhsvc.dat

2009-06-30 22:20 . 2000-08-31 11:00 668 ----a-w- c:\blaah\svchost.vista.dat

2009-06-30 22:20 . 2000-08-31 11:00 276 ----a-w- c:\blaah\system_ini.dat

2009-06-30 22:20 . 2000-08-31 11:00 8741 ----a-w- c:\blaah\vistareg.dat

2009-06-30 22:20 . 2000-08-31 11:00 6475 ----a-w- c:\blaah\w2kreg.dat

2009-06-30 22:20 . 2000-08-31 11:00 555 ----a-w- c:\blaah\svchost.dat

2009-06-30 22:20 . 2009-05-23 04:52 12065 ----a-w- c:\blaah\svc_wht.dat

2009-06-30 22:20 . 2009-05-23 05:29 1149 ----a-w- c:\blaah\region.dat

2009-06-30 22:20 . 2000-08-31 11:00 820 ----a-w- c:\blaah\rogues.dat

2009-06-30 22:20 . 2000-08-31 11:00 329 ----a-w- c:\blaah\safeboot.dat

2009-06-30 22:20 . 2009-05-23 04:51 1442 ----a-w- c:\blaah\safeboot.def.dat

2009-06-30 22:20 . 2000-08-31 11:00 463 ----a-w- c:\blaah\safeboot.def.vista.dat

2009-06-30 22:20 . 2000-08-31 11:00 88 ----a-w- c:\blaah\NetworkService.dat

2009-06-30 22:20 . 2000-08-31 11:00 2953 ----a-w- c:\blaah\Policies.dat

2009-06-30 22:20 . 2000-08-31 11:00 404 ----a-w- c:\blaah\Purity.dat

2009-06-30 22:20 . 2000-08-31 11:00 7478 ----a-w- c:\blaah\RCLink.dat

2009-06-30 22:20 . 2000-08-31 11:00 0 ----a-w- c:\blaah\mynul.dat

2009-06-30 22:20 . 2000-08-31 11:00 287 ----a-w- c:\blaah\ndis_combofix.dat

2009-06-30 22:20 . 2009-05-25 07:11 450 ----a-w- c:\blaah\netsvc.bad.dat

2009-06-30 22:20 . 2000-08-31 11:00 159 ----a-w- c:\blaah\netsvc.dat

2009-06-30 22:20 . 2000-08-31 11:00 481 ----a-w- c:\blaah\netsvc.vista.dat

2009-06-30 22:20 . 2000-08-31 11:00 525 ----a-w- c:\blaah\netsvc.xp.dat

2009-06-30 22:20 . 2009-05-23 04:49 649 ----a-w- c:\blaah\Fin.dat

2009-06-30 22:20 . 2000-08-31 11:00 225 ----a-w- c:\blaah\LocalService.dat

2009-06-30 22:20 . 2000-08-31 11:00 91 ----a-w- c:\blaah\LocalServiceNetworkRestricted.dat

2009-06-30 22:20 . 2000-08-31 11:00 198 ----a-w- c:\blaah\LocalSystemNetworkRestricted.dat

2009-06-30 22:20 . 2009-05-23 04:47 377 ----a-w- c:\blaah\CregC.dat

2009-06-30 22:20 . 2009-06-01 09:37 668037 ----a-w- c:\blaah\Creg.dat

2009-06-30 22:20 . 2000-08-31 11:00 2126 ----a-w- c:\blaah\023v.dat

2009-06-30 22:20 . 2009-05-25 08:25 38866 ----a-w- c:\blaah\023.dat

2009-06-30 22:20 . 2000-08-31 11:00 68096 ----a-r- c:\blaah\zip.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 212480 ----a-r- c:\blaah\swxcacls.cfexe

2009-06-30 22:20 . 1999-11-10 11:00 35328 ----a-r- c:\blaah\tail.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 98816 ----a-r- c:\blaah\sed.cfexe

2009-06-30 22:20 . 2009-05-18 08:30 30178 ----a-r- c:\blaah\setpath.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 136704 ----a-r- c:\blaah\swsc.cfexe

2009-06-30 22:20 . 2009-04-20 15:56 31232 ----a-r- c:\blaah\NirCmd.cfexe

2009-06-30 22:20 . 2009-04-20 15:56 30720 ----a-r- c:\blaah\NirCmdC.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 181776 ----a-r- c:\blaah\handle.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 38400 ----a-r- c:\blaah\moveex.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 11264 ----a-r- c:\blaah\mtee.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 52736 ----a-r- c:\blaah\extract.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 80412 ----a-r- c:\blaah\grep.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 15360 ----a-r- c:\blaah\gsar.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 101376 ----a-r- c:\blaah\dd.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 51200 ----a-r- c:\blaah\dumphive.cfexe

2009-06-30 22:20 . 2005-10-20 23:00 157696 ----a-r- c:\blaah\ERUNT.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 141312 ----a-r- c:\blaah\ComboFix-Download.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 6760 ----a-w- c:\blaah\appinit.bad

2009-06-30 22:20 . 2009-04-17 20:37 147456 ----a-r- c:\blaah\catchme.cfexe

2009-06-30 22:20 . 2000-08-31 11:00 36201 ----a-w- c:\blaah\ffdefstr.dll

2009-06-30 22:20 . 2000-08-31 11:00 7680 ----a-w- c:\blaah\BootSect.dll

2009-06-30 22:20 . 2000-08-31 11:00 161792 ----a-w- c:\blaah\swreg.exe

2009-06-30 22:20 . 2000-08-31 11:00 518144 ----a-w- c:\blaah\swre.exe

2009-06-30 22:20 . 2005-08-16 04:54 1536 ----a-w- c:\blaah\hidec.exe

2009-06-30 22:20 . 2009-04-20 15:56 31232 ----a-r- c:\blaah\n.com

2009-06-30 22:20 . 2009-05-31 14:08 154624 ----a-w- c:\blaah\pev.exe

2009-06-30 22:20 . 2000-08-31 11:00 2205 ----a-w- c:\blaah\Prep.inf

2009-06-30 22:20 . 2009-06-02 02:21 257929 ----a-w- c:\blaah\clsid.c

2009-06-30 22:20 . 2009-06-02 02:21 872102 ----a-w- c:\blaah\badclsid.c

2009-06-30 22:20 . 2009-04-25 02:07 2743 ----a-w- c:\blaah\Update-CF.cmd

2009-06-30 22:20 . 2000-08-31 11:00 241 ----a-w- c:\blaah\Rkey.cmd

2009-06-30 22:20 . 2009-05-23 04:53 3313 ----a-w- c:\blaah\SnapShot.cmd

2009-06-30 22:20 . 2009-05-23 04:53 2121 ----a-w- c:\blaah\SRestore.cmd

2009-06-30 22:20 . 2009-05-17 06:28 17714 ----a-w- c:\blaah\SuppScan.cmd

2009-06-30 22:20 . 2009-05-30 19:06 46593 ----a-w- c:\blaah\RegScan.cmd

2009-06-30 22:20 . 2000-08-31 11:00 754 ----a-w- c:\blaah\katch.cmd

2009-06-30 22:20 . 2009-05-21 07:06 1587 ----a-w- c:\blaah\Kill-All.cmd

2009-06-30 22:20 . 2009-05-31 03:03 12583 ----a-w- c:\blaah\NT-OS.cmd

2009-06-30 22:20 . 2009-05-25 13:05 1095 ----a-w- c:\blaah\FKMGen.cmd

2009-06-30 22:20 . 2009-05-17 06:25 5373 ----a-w- c:\blaah\GetHive.cmd

2009-06-30 22:20 . 2009-05-17 06:28 5635 ----a-w- c:\blaah\Install-RC.cmd

2009-06-30 22:20 . 2009-05-31 22:48 6586 ----a-w- c:\blaah\Create.cmd

2009-06-30 22:20 . 2009-05-17 06:24 3287 ----a-w- c:\blaah\CregC.cmd

2009-06-30 22:20 . 2009-05-25 13:08 1688 ----a-w- c:\blaah\CSet.cmd

2009-06-30 22:20 . 2009-05-25 13:07 1371 ----a-w- c:\blaah\FD-SV.cmd

2009-06-30 22:20 . 2009-05-27 00:05 24871 ----a-w- c:\blaah\CF-Script.cmd

2009-06-30 22:20 . 2009-05-17 06:28 3108 ----a-w- c:\blaah\Auto-RC.cmd

2009-06-30 22:20 . 2009-05-21 07:20 675 ----a-w- c:\blaah\av.cmd

2009-06-30 22:20 . 2009-04-29 19:41 629 ----a-w- c:\blaah\AWF.cmd

2009-06-30 22:20 . 2009-05-07 03:36 1856 ----a-w- c:\blaah\Boot-Rk.cmd

2009-06-30 22:20 . 2000-08-31 11:00 663 ----a-w- c:\blaah\Catch-sub.cmd

2009-06-30 22:20 . 2009-05-17 06:28 3286 ----a-w- c:\blaah\Assoc.cmd

2009-06-30 22:20 . 2009-06-01 00:50 14804 ----a-w- c:\blaah\SetEnvmt.bat

2009-06-30 22:20 . 2009-05-27 00:50 6765 ----a-w- c:\blaah\ND_.bat

2009-06-30 22:20 . 2009-05-25 13:13 1792 ----a-w- c:\blaah\RestoreO4.bat

2009-06-30 22:20 . 2009-05-17 06:28 15359 ----a-w- c:\blaah\SafeBootRepair.bat

2009-06-30 22:20 . 2000-08-31 11:00 2328 ----a-w- c:\blaah\MoveIt.bat

2009-06-30 22:20 . 2009-06-01 17:39 560853 ----a-w- c:\blaah\List.bat

2009-06-30 22:20 . 2009-05-26 04:09 92096 ----a-w- c:\blaah\List-D.bat

2009-06-30 22:20 . 2009-06-01 22:13 212804 ----a-w- c:\blaah\List-C.bat

2009-06-30 22:20 . 2009-06-01 08:53 29835 ----a-w- c:\blaah\List-B.bat

2009-06-30 22:20 . 2009-05-27 02:27 3434 ----a-w- c:\blaah\Kollect.bat

2009-06-30 22:20 . 2009-05-29 22:53 192962 ----a-w- c:\blaah\Lang.bat

2009-06-30 22:20 . 2009-05-17 06:25 3944 ----a-w- c:\blaah\FIXLSP.bat

2009-06-30 22:20 . 2009-05-01 06:08 915 ----a-w- c:\blaah\history.bat

2009-06-30 22:20 . 2009-04-25 01:57 1770 ----a-w- c:\blaah\DelClsid.bat

2009-06-30 22:20 . 2009-05-29 09:33 28164 ----a-w- c:\blaah\FIND3M.bat

2009-06-30 22:20 . 2009-05-21 09:44 7740 ----a-w- c:\blaah\Combobatch.bat

2009-06-30 22:20 . 2009-06-02 02:21 43075 ----a-w- c:\blaah\c.bat

2009-06-30 22:20 . 2009-05-25 13:17 7611 ----a-w- c:\blaah\Boot.bat

2006-06-10 17:42 . 2006-06-10 17:42 49152 ----a-w- c:\blaah\SF.exe

2006-03-03 02:42 . 2006-03-03 02:42 73728 ----a-r- c:\blaah\pv.cfexe

 

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\sfcfiles.dll

[-] 2008-04-04 17:26 1548288 BF426063723221B70ACCBDA3593C4EBC c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-07-16_22.02.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-28 19:10 . 2009-07-28 19:10 16384 c:\windows\temp\Perflib_Perfdata_528.dat

+ 2009-07-28 19:10 . 2009-07-28 19:10 16384 c:\windows\temp\Perflib_Perfdata_4ac.dat

+ 2001-10-28 14:07 . 2009-07-16 22:08 57344 c:\windows\system32\perfc009.dat

+ 2009-06-02 02:32 . 2009-07-28 02:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-06-02 02:32 . 2009-07-16 21:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-06-02 02:32 . 2009-07-28 02:20 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-02 02:32 . 2009-07-16 21:11 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-02 02:32 . 2009-07-16 21:11 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-06-02 02:32 . 2009-07-28 02:20 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2001-10-28 14:07 . 2009-07-16 22:08 389050 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-30 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-28 180269]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-25 14:32 271152 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-03-25 12:08 414624 ------w- c:\arquiv~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\MultiMedia\\AliViewer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Motorola\\Software Update\\msu.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\TradeManager.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2009 14:01 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2009 14:01 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/2/2009 07:54 52560]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [4/2/2009 11:45 18004]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/12/2008 06:58 26320]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [30/7/2008 21:22 6016]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [4/2/2009 13:28 26752]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [30/7/2008 21:22 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [30/7/2008 21:22 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/7/2008 21:22 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [30/7/2008 21:22 23296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-WgaLogon - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: bancobrasil.com.br\www2

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxc&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=pt-br&FORM=MIMWA1&q=

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npww.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-28 16:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(504)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

 

- - - - - - - > 'explorer.exe'(3064)

c:\windows\system32\ntshrui.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\Bonjour\mdnsNSP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-28 16:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-28 19:14

ComboFix2.txt 2009-07-16 22:23

ComboFix3.txt 2009-06-02 02:46

ComboFix4.txt 2009-02-16 01:18

ComboFix5.txt 2009-07-28 19:02

 

Pré-execução: 21 pasta(s) 85.297.438.720 bytes disponíveis

Pós execução: 21 pasta(s) 85.278.056.448 bytes disponíveis

 

337 --- E O F --- 2008-09-11 00:05

 

----------------------------------------------------

 

Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:02, on 28/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4287 bytes

[Sam Spade 2]

Olá, os logs estão limpos. Como está o PC?

[morozetti 0]

Me parece normal. Apesar de que a internet continua caindo mas isso pode ser um problema da placa-mãe mesmo q já ficando velha.

Consigo atualizar o antivirus tb, coisa q não conseguia antes.

[Sam Spade 2]

Ok, para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u

 

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo.

 

Faça uma limpeza nos temporários e corrija erros no Registro com o CCleaner.

 

Atualize o Internet Explorer. Baixe e instale o Internet Explorer 8.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=pt-br

 

Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

 

Baixe > JavaRa

 

Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search.

 

Se estiver atualizado, receberá um aviso de que tem a última versão. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.

 

Leia estes artigos sobre segurança:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Abraço.

[morozetti 0]

Opa, desculpe a demora!!

 

* Ele não achou os arquivos do ComboFix

* Fiz a limpeza com o CCleaner

* Atualizei o IE8

* Consegui baixar o Service Pack 3, porém ele tinha 42 atualizações pra baixar e ainda faltam 25 pois a internet cai o tempo todo...

* O java já está atualizado

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.