[Resolvido!] Antivirus fexa do nda e não abre mais

Leandrueo · Maio 22, 2009

Baixei um outro hijack ele n quer executar (nem instala) e o meu ja instalado n abre

Oque eu faço?

Sam Spade · Maio 22, 2009

Olá Leandrueo! Clique com o direito em cima do HijackThis e escolha Renomear. Coloque um outro nome tipo abcde.exe. Veja se roda agora e posta o log.

Leandrueo · Maio 23, 2009

Renomiei e deu certo =)

Logfile of HijackThis v1.99.1

Scan saved at 21:17, on 2009-05-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Glary Utilities\Integrator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Documents and Settings\Marcia\Marcia.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 174.37.152.220 www.santander.com.br

O1 - Hosts: 174.37.152.220 santander.com.br

O1 - Hosts: 174.37.152.221 www.itau.com.br

O1 - Hosts: 174.37.152.221 itau.com.br

O1 - Hosts: 174.37.152.221 www.itaupersonnalite.com.br

O1 - Hosts: 174.37.152.221 itaupersonnalite.com.br

O1 - Hosts: 174.37.152.221 www.itauprivatebank.com.br

O1 - Hosts: 174.37.152.221 itauprivatebank.com.br

O1 - Hosts: 174.37.152.222 www.bradesco.com.br

O1 - Hosts: 174.37.152.222 bradesco.com.br

O1 - Hosts: 174.37.152.222 www.bradescoprime.com.br

O1 - Hosts: 174.37.152.222 bradescoprime.com.br

O1 - Hosts: 174.37.152.222 www.bradescoprivate.com.br

O1 - Hosts: 174.37.152.222 bradescoprivate.com.br

O1 - Hosts: 174.37.152.222 www.bradescouniversitario.com.br

O1 - Hosts: 174.37.152.222 bradescouniversitario.com.br

O1 - Hosts: 174.37.152.222 www.bradescocelular.com.br

O1 - Hosts: 174.37.152.222 bradescocelular.com.br

O1 - Hosts: 174.37.152.222 www.shopfacil.com.br

O1 - Hosts: 174.37.152.222 shopfacil.com.br

O1 - Hosts: 174.37.152.223 www.nossacaixa.com.br

O1 - Hosts: 174.37.152.223 nossacaixa.com.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Marcia] C:\Documents and Settings\Marcia\Marcia.exe /i

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/streamport/SPort.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C9B6F8-6D35-44BF-9A82-950F9688B1E6}: NameServer = 208.67.222.222,208.67.222.223

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug and Play PlugPlayVSS (PlugPlayVSS) - Unknown owner - C:\WINDOWS\system32\appende.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

So pra constar, hj eu rodei o Spybot progreama contra spyware ele axou uns 15 problemas e concertei tudo mass o problema continua o avira n abre, e as paginas da internet meio lerda mas vai ve eh so imaginação

Leandrueo · Maio 27, 2009

Aconteceu algo? o tempo de espera passou u.u

Sam Spade · Maio 31, 2009

Olá, desculpe a demora mas o tempo apertou esses dias. Baixe: ComboFix > salve na área de trabalho

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta, juntamente com um novo log do HijackThis.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Leandrueo · Junho 3, 2009

Combo fix:

ComboFix 09-06-03.01 - Marcia 2009-06-03 18:15.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.351.1046.18.894.411 [GMT -3:00]

Executando de: c:\documents and settings\Marcia\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Marcia\Marcia.exe

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\appende.exe

c:\windows\system32\digiwet.dll

c:\windows\system32\drivers\1ea0998b.sys

c:\windows\system32\drivers\acpi32.sys

c:\windows\system32\drivers\ati64si.sys

c:\windows\system32\drivers\fips32cup.sys

c:\windows\system32\drivers\i386si.sys

c:\windows\system32\drivers\netsik.sys

c:\windows\system32\drivers\nicsk32.sys

c:\windows\system32\drivers\port135sik.sys

c:\windows\system32\drivers\securentm.sys

c:\windows\system32\drivers\systemntmi.sys

c:\windows\system32\drivers\ws2_32sik.sys

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbieh.gmd

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\GbPluginuni.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MessengerStatsPAClient.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Microsoft XML Parser for Java.osd

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\msgrchkr.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

c:\windows\system32\kdfinj.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ACPI32

-------\Legacy_ATI64SI

-------\Legacy_FIPS32CUP

-------\Legacy_I386SI

-------\Legacy_ILVMONEYDRIVER53

-------\Legacy_NETSIK

-------\Legacy_NICSK32

-------\Legacy_OREANS32

-------\Legacy_PLUGPLAYVSS

-------\Legacy_port135sik

-------\Legacy_SECURENTM

-------\Legacy_SYSTEMNTMI

-------\Legacy_ws2_32sik

-------\Service_1ea0998b

-------\Service_acpi32

-------\Service_ati64si

-------\Service_fips32cup

-------\Service_i386si

-------\Service_IlvMoneyDRIVER53

-------\Service_netsik

-------\Service_nicsk32

-------\Service_oreans32

-------\Service_PlugPlayVSS

-------\Service_port135sik

-------\Service_systemntmi

-------\Service_ws2_32sik

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))

.

2009-05-31 12:31 . 2009-06-03 01:44 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-05-31 12:02 . 2009-05-31 12:02 -------- d-----w- C:\alaplaya

2009-05-24 22:24 . 2009-05-24 22:24 -------- d-----w- C:\Ntreev USA

2009-05-24 21:51 . 2009-05-24 21:51 -------- d-----w- c:\arquivos de programas\Persona

2009-05-24 19:39 . 2009-05-24 19:39 20480 --sha-w- c:\windows\system32\12520850t.dll

2009-05-22 22:54 . 2009-05-23 13:48 85718 ----a-w- c:\windows\War3Unin.dat

2009-05-22 22:54 . 2009-05-22 23:03 2829 ----a-w- c:\windows\War3Unin.pif

2009-05-22 22:54 . 2009-05-22 23:03 139264 ----a-w- c:\windows\War3Unin.exe

2009-05-19 17:27 . 2009-06-03 17:26 205 --s-a-w- c:\windows\system32\3096391814.dat

2009-05-19 16:19 . 2009-05-19 16:19 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-05-18 23:48 . 2009-05-18 23:48 40960 ----a-r- c:\documents and settings\Marcia\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\Rambooster.exe1_ADE3CACCEC31480C83A0587EE60CE8DF_1.exe

2009-05-18 23:48 . 2009-05-18 23:48 40960 ----a-r- c:\documents and settings\Marcia\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\NewShortcut2_ADE3CACCEC31480C83A0587EE60CE8DF.exe

2009-05-18 23:48 . 2009-05-18 23:48 10134 ----a-r- c:\documents and settings\Marcia\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\ARPPRODUCTICON.exe

2009-05-18 23:48 . 2009-05-18 23:48 -------- d-----w- c:\arquivos de programas\RamBooster 2.0

2009-05-18 21:07 . 2009-05-18 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI

2009-05-18 20:59 . 2009-05-18 20:59 -------- d-----w- c:\arquivos de programas\KONAMI

2009-05-13 21:50 . 2009-05-13 21:51 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\Aegisub

2009-05-12 22:54 . 2009-05-12 23:48 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\mIRC

2009-05-12 22:54 . 2009-05-12 23:03 -------- d-----w- c:\arquivos de programas\mIRC

2009-05-09 13:55 . 2009-05-09 13:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-05 00:28 . 2009-05-05 00:29 1878984 ----a-w- c:\documents and settings\Marcia\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-03 21:25 . 2008-12-21 15:04 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\Skype

2009-06-03 21:22 . 2008-11-07 12:25 965875744 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-03 21:22 . 2008-11-07 12:25 11265116 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-03 20:58 . 2008-12-21 15:07 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\skypePM

2009-06-03 01:40 . 2008-06-25 22:06 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\uTorrent

2009-05-31 15:43 . 2008-12-22 19:25 -------- d-----w- c:\arquivos de programas\Warcraft III

2009-05-31 01:50 . 2008-02-01 02:07 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\teamspeak2

2009-05-29 17:40 . 2007-11-20 00:45 -------- d-----w- c:\arquivos de programas\eMule

2009-05-26 16:27 . 2008-12-22 21:28 -------- d-----w- c:\arquivos de programas\WC3Banlist

2009-05-22 19:48 . 2008-02-17 02:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-05-22 18:59 . 2008-02-17 02:14 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-05-19 16:19 . 2008-02-11 01:20 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-05-18 23:47 . 2007-10-09 14:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-18 23:28 . 2001-10-28 17:07 80844 ----a-w- c:\windows\system32\perfc016.dat

2009-05-18 23:28 . 2001-10-28 17:07 476874 ----a-w- c:\windows\system32\perfh016.dat

2009-05-18 23:25 . 2008-07-02 21:52 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2008

2009-05-12 22:56 . 2008-08-12 02:25 -------- d-----w- c:\arquivos de programas\Aegisub

2009-05-08 23:02 . 2009-02-06 20:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-05-06 00:11 . 2009-03-08 15:56 311296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\NGMResource.dll

2009-05-06 00:11 . 2008-09-02 02:09 -------- d-----w- c:\arquivos de programas\Sony

2009-05-06 00:10 . 2009-04-28 01:19 -------- d-----w- c:\arquivos de programas\PangYa Hole18

2009-05-06 00:09 . 2008-04-01 23:45 -------- d-----w- c:\arquivos de programas\Java

2009-05-05 16:18 . 2007-11-03 09:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-05-05 16:17 . 2007-11-03 09:54 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-05-03 18:57 . 2009-05-03 18:40 -------- d-----w- c:\documents and settings\Marcia\Dados de aplicativos\flightgear.org

2009-05-03 18:40 . 2009-05-03 18:40 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2009-05-03 18:40 . 2009-05-03 18:40 110592 ----a-w- c:\windows\system32\OpenAL32.dll

2009-05-03 18:40 . 2009-05-03 18:40 -------- d-----w- c:\arquivos de programas\OpenAL

2009-04-22 01:23 . 2009-04-22 01:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn

2009-04-20 00:44 . 2009-04-20 00:44 0 ----a-w- c:\arquivos de programas\INSO042009.log

2009-04-16 00:16 . 2009-04-14 19:50 -------- d-----w- c:\arquivos de programas\Cheat Engine

2009-03-25 12:32 . 2008-12-20 03:21 26368 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-03-24 19:15 . 2009-03-24 19:15 230432 ----a-w- C:\PA7302.DAT

2009-03-08 15:56 . 2009-03-08 15:56 81920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\npNxGameJP.dll

2009-03-08 15:56 . 2009-03-08 15:56 98304 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\nxgamejp.dll

2009-03-08 15:56 . 2009-03-08 15:56 536576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\NGMDll.dll

2009-03-08 15:56 . 2009-03-08 15:56 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\unicows.dll

2009-03-08 15:56 . 2009-03-08 15:56 155648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\NGM.exe

2009-03-06 14:20 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\pdh.dll

2008-04-10 23:20 . 2008-02-16 23:51 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-12-30 4608]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-20 16384512]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-03-25 12:08 414624 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AdobeUpdater"=c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SW20"=c:\windows\system32\sw20.exe

"SW24"=c:\windows\system32\sw24.exe

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Marcia\\desktop\\utorrent.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonJP\\NGM\\NGM.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonJP\\Common\\NMService.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\Arquivos de programas\\Persona\\Persona.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-20 26368]

R1 is-AIK9Fdrv;is-AIK9Fdrv;c:\windows\system32\drivers\40973564.sys [2008-11-25 148496]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2007-11-03 52608]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-04-21 47640]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys --> c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2008-06-02 127488]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-06-02 101632]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 PAC7302;USB PC Camera;c:\windows\system32\drivers\PAC7302.SYS [2009-03-30 458752]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys [2009-02-20 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys [2009-02-20 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys [2009-02-20 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys [2009-02-20 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys [2009-02-20 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys [2009-02-20 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys [2009-02-20 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys [2009-02-20 337408]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys [2009-02-20 17408]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys [2009-02-20 12672]

S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]

S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-03 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 12:09]

2009-06-03 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2008-03-29 19:58]

2009-06-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Marcia - c:\documents and settings\Marcia\Marcia.exe

SafeBoot-procexp90.Sys

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.plusnetwork.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F1C9B6F8-6D35-44BF-9A82-950F9688B1E6} = 208.67.222.222,208.67.222.223

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://bradesconetempresa.com.br/ne/CA.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.jp/cdndist/streamport/SPort.cab

FF - ProfilePath - c:\documents and settings\Marcia\Dados de aplicativos\Mozilla\Firefox\Profiles\f46g8t7b.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonJP\NGM\npNxGameJP.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-03 18:24

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5FD4BF44-FE2E-61AA-9ACE-197305B1E980}*]

@Allowed: (Read) (RestrictedCode)

"abcoohdlmgejmahkknkamcbhifpkfgliao"=hex:61,61,00,00

"bbcoohdlmgejmahkknpajciclemingmjaoao"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,fc,33,d2,7e,d6,

f6,2f,f6,e2,63,26,f1,3f,c8,ff,68,8e,54,08,86,ae,59,db,52,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,4a,54,ff,18,41,

e5,f5,9d,6a,9c,d6,61,af,45,84,18,87,62,af,e8,72,48,1e,8c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,fd,7e,05,c5,5e,

21,96,9b,ff,7c,85,e0,43,d4,0e,fe,10,9d,e8,89,ee,57,7f,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,eb,58,51,d4,f9,

5b,b4,21,86,8c,21,01,be,91,eb,e7,8b,7a,83,9f,69,04,e1,0a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,ad,65,62,0e,26,

c8,4e,a6,f5,1d,4d,73,a8,13,5c,05,6d,ce,a3,69,31,b8,5e,eb,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,96,0e,15,eb,a8,

db,69,f7,df,20,58,62,78,6b,cf,c8,7b,eb,f9,a3,f7,a5,73,e6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5a,cd,74,fd,c8,

57,91,a4,fb,a7,78,e6,12,2f,9a,ea,29,4f,ab,0a,c6,68,04,8b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,39,a6,1b,21,4b,

80,65,e7,01,3a,48,fc,e8,04,4a,f1,15,94,76,75,7f,1b,9a,31,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,35,f2,fb,da,88,

ad,d3,e2,f6,0f,4e,58,98,5b,89,c9,b0,c3,63,91,0a,09,21,79,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,41,1e,91,39,fd,

d5,82,f0,3d,ce,ea,26,2d,45,aa,78,9d,d0,8e,e8,e0,3a,b0,9a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d9,59,fd,54,f8,

43,76,8f,2a,b7,cc,b5,b9,7f,41,e7,72,66,9a,0a,32,d8,26,b0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8b,80,61,5d,43,

39,43,19,6c,43,2d,1e,aa,22,2f,9c,93,8d,ee,81,73,b2,a5,fa,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(640)

c:\arquivos de programas\GbPlugin\gbiehuni.dll

c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3756)

c:\arquivos de programas\GbPlugin\gbiehuni.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\GbPlugin\gbpsv.exe

c:\windows\system32\scardsvr.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquivos de programas\Glary Utilities\Integrator.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-03 18:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-03 21:29

ComboFix2.txt 2008-03-05 02:10

ComboFix3.txt 2008-02-28 21:57

ComboFix4.txt 2008-02-27 00:30

ComboFix5.txt 2008-02-20 22:11

Pré-execução: 29 pasta(s) 40,458,035,200 bytes disponíveis

Pós execução: 28 pasta(s) 40,602,738,688 bytes disponíveis

392 --- E O F --- 2009-05-21 16:06

Hijack :

Logfile of HijackThis v1.99.1

Scan saved at 18:32, on 2009-06-03

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Glary Utilities\Integrator.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe