Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

tpazzin

[Arquivado] Problema com desktop e não consigo desligar o pc

Recommended Posts

O meu pc não desliga, não reinicia, não aparece nada no meu desktop, e o pc está muito lento. Espero que possam me ajudar, e pelo que vi pelos outros posts, é certo que conseguem.

Vou postar um log do hijack para ajudar:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:37:44, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Power Manager\PM.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\domino.exe

C:\WINDOWS\VMSnap1.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tiago\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itautec.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [PowerManager] C:\Arquivos de programas\Power Manager\PM.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe

O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=070909 serial=DR12CUS-2178927-HVQ lang=BP

O4 - HKLM\..\Run: [] C:\WINDOWS\system32\svc\svchosts.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cf1ece1bf5e44ddebc591bef809d0870

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cf1ece1bf5e44ddebc591bef809d0870

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 11960 bytes

 

 

Desde já, agradeço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa tpazzin,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aí está o que requisitou.

 

 

 

ComboFix 09-07-02.02 - Tiago 03/07/2009 2:34.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.446.192 [GMT -3:00]

Executando de: c:\documents and settings\Tiago\Meus documentos\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Tiago\CONFIG~1\Temp\catchme.dll

c:\documents and settings\Tiago\Configurações locais\Temp\catchme.dll

c:\windows\Installer\135d2bd.msi

c:\windows\Installer\285db6a.msp

c:\windows\Installer\28710dd.msp

c:\windows\Installer\617f0.msp

c:\windows\Installer\WinRMSrv.msi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))

.

 

2009-07-02 17:07 . 2009-07-02 17:07 -------- d-----w- C:\!KillBox

2009-07-02 08:20 . 2009-07-02 08:20 -------- d-----w- C:\desktopclean

2009-07-02 05:12 . 2009-07-02 07:33 -------- d-----w- c:\arquivos de programas\NitroPC

2009-06-27 19:38 . 2009-06-27 19:39 -------- d-----w- C:\Brasfoot2009

2009-06-23 05:14 . 2009-06-23 05:14 -------- d-----w- c:\arquivos de programas\Lavalys

2009-06-20 23:22 . 2009-07-02 07:13 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-19 23:27 . 2009-07-02 19:58 -------- d-----w- c:\windows\system32\svc

2009-06-17 23:58 . 2009-06-17 23:58 -------- d-----w- c:\arquivos de programas\SWF-AVI-GIF Converter

2009-06-09 20:12 . 2009-06-09 20:30 -------- d-----w- C:\Jogos

2009-06-07 09:02 . 2009-06-07 09:02 -------- d-----w- c:\arquivos de programas\SolitaireMahjong

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-03 05:47 . 2009-07-03 05:47 186504 ----a-w- c:\windows\system32\SnAgOS.TMP

2009-06-26 21:25 . 2009-04-11 22:19 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-26 21:25 . 2009-04-11 22:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-26 21:25 . 2009-04-11 22:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-26 07:42 . 2009-05-23 18:07 -------- d-----w- c:\arquivos de programas\Megacubo

2009-06-20 23:19 . 2007-04-10 00:18 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-18 19:59 . 2009-03-06 21:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-17 21:58 . 2006-03-02 12:00 82072 ----a-w- c:\windows\system32\perfc016.dat

2009-06-17 21:58 . 2006-03-02 12:00 461940 ----a-w- c:\windows\system32\perfh016.dat

2009-05-31 21:40 . 2009-02-04 22:03 -------- d-----w- c:\arquivos de programas\phpDesigner

2009-05-25 19:30 . 2009-05-25 19:30 -------- d-----w- c:\arquivos de programas\FormatFactory

2009-05-25 18:55 . 2009-05-25 18:46 -------- d-----w- c:\documents and settings\Tiago\Dados de aplicativos\Any Video Converter

2009-05-25 18:47 . 2009-05-25 18:45 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-05-23 18:11 . 2009-05-23 18:11 -------- d-----w- c:\arquivos de programas\TVUPlayer

2009-05-22 22:09 . 2009-01-28 05:42 -------- d-----w- c:\arquivos de programas\PokerStars

2009-05-14 01:54 . 2007-08-05 19:12 -------- d-----w- c:\arquivos de programas\Macromedia

2009-05-14 01:53 . 2007-08-05 19:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-05-07 15:33 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-03 19:36 . 2009-04-11 22:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 16:59 . 2009-04-03 06:22 3140 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-04-24 16:59 . 2009-04-03 06:22 3140 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-04-24 16:59 . 2009-04-03 06:22 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\56D2EE7344.sys

2009-04-24 16:59 . 2009-04-03 06:22 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\56D2EE7344.sys

2009-04-19 19:50 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-18 22:59 . 2009-04-18 22:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-04-17 06:20 . 2009-04-17 06:20 1878888 ----a-w- c:\documents and settings\Tiago\Dados de aplicativos\Opera\Opera\profile\cache4\temporary_download\install_flash_player.exe

2009-04-15 14:53 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-12-15 00:11 . 2008-06-18 05:08 71930 ----a-w- c:\arquivos de programas\megacubo_log.log

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-03-27 24103720]

"Google Update"="c:\documents and settings\Tiago\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerManager"="c:\arquivos de programas\Power Manager\PM.exe" [2006-06-30 159744]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-09-01 282624]

"domino"="c:\windows\domino.exe" [2006-07-04 49152]

"VMSnap1"="c:\windows\VMSnap1.exe" [2006-07-17 49152]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-09-06 36864]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]

"CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

BlueSoleil.lnk - c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-10-4 1183744]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\FTP Commander\\ftpcomm.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\phpDesigner\\phpDesigner.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\Tiago\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11005:TCP"= 11005:TCP:BitComet 11005 TCP

"11005:UDP"= 11005:UDP:BitComet 11005 UDP

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [6/3/2009 18:52 31536]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/4/2009 19:19 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/4/2009 19:19 108552]

R1 SNSID;SNSID;c:\windows\system32\drivers\SNSID.SYS [20/7/2007 15:47 22784]

R1 SNSMS;SNSMS;c:\windows\system32\drivers\SNSMS.SYS [20/7/2007 15:47 35464]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [11/4/2009 19:19 298776]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/3/2009 18:52 53040]

R2 Ps2KSecureKeyboard;SecureKbd;c:\windows\system32\drivers\psseckbd.sys [20/7/2007 15:47 15048]

R2 SNMgrSvc;SNMgrSvc;c:\windows\system32\SnMgrSvc.exe [20/7/2007 15:47 280712]

R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [23/11/2006 05:04 5504]

S3 dump_wmimmc;dump_wmimmc; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-<NO NAME> - c:\windows\system32\svc\svchosts.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.itautec.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Abrir com o GetRight Browser

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cf1ece1bf5e44ddebc591bef809d0870

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cf1ece1bf5e44ddebc591bef809d0870

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: Download com o GetRight

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www2

DPF: Microsoft XML Parser for Java

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\r8vpe4l7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bandasdegaragem.com.br/audioterapia

FF - prefs.js: network.proxy.type - 2

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-03 02:48

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-4267833771-4243619368-3267618919-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5720F416-4696-472D-B7C4-2F733F026E58}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oacljnfpaooflnbjllafkjhmjakikd"=hex:64,61,64,66,62,69,61,70,00,b0

"oaginiccbdjoohkhhoaoggblhibbgk"=hex:6a,61,64,66,65,68,6a,62,6f,61,70,6b,6a,66,

68,6a,65,69,62,66,00,fd

"naajhbocafkccoegdibbjgmncooa"=hex:6a,61,64,66,65,68,6a,62,6f,61,70,6b,6a,66,

68,6a,65,69,62,66,00,fd

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

@DACL=(02 0000)

"DLLName"="avgrsstx.dll"

"Startup"="AvgStartup"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(2964)

c:\windows\system32\SnAgOS.TMP

c:\windows\system32\Sngw.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LexBceS.exe

c:\windows\system32\Lexpps.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Borland\InterBase\bin\ibguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\Windows Media Player\wmpnetwk.exe

c:\windows\system32\SnAgOS.EXE

c:\arquivos de programas\Borland\InterBase\bin\ibserver.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-03 3:07 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-03 06:07

 

Pré-execução: 4.890.378.240 bytes disponíveis

Pós execução: 4.862.255.104 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

241 --- E O F --- 2009-06-12 06:30

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa tpazzin,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

c:\documents and settings\All Users\Dados de aplicativos\56D2EE7344.sys

c:\windows\system32\ezsidmv.dat

Driver::

"dump_wmimmc"

RegNull::

[HKEY_USERS\S-1-5-21-4267833771-4243619368-3267618919-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5720F416-4696-472D-B7C4-2F733F026E58}*]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

RegLock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    cfscript.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do HiJack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:49:19, on 11/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Power Manager\PM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\domino.exe

C:\WINDOWS\VMSnap1.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Tiago\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itautec.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [PowerManager] C:\Arquivos de programas\Power Manager\PM.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe

O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072509 serial=DR12CUS-2178927-HVQ lang=BP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cf1ece1bf5e44ddebc591bef809d0870

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cf1ece1bf5e44ddebc591bef809d0870

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 11223 bytes

 

-----------------------------------------------------------------------------

 

Log Combofix

 

ComboFix 09-07-09.08 - Tiago 11/07/2009 19:16.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.446.185 [GMT -3:00]

Executando de: c:\documents and settings\Tiago\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Tiago\Meus documentos\Downloads\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

 

FILE ::

"c:\documents and settings\All Users\Dados de aplicativos\56D2EE7344.sys"

"c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys"

"c:\windows\system32\ezsidmv.dat"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Tiago\CONFIG~1\Temp\catchme.dll

c:\documents and settings\All Users\Dados de aplicativos\56D2EE7344.sys

c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

c:\documents and settings\Tiago\Configurações locais\Temp\catchme.dll

c:\windows\system32\ezsidmv.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DUMP_WMIMMC

-------\Service_dump_wmimmc

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))

.

 

2009-07-08 18:29 . 2009-06-26 21:25 327688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys

2009-07-08 18:29 . 2009-06-26 21:24 2052376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-07-08 18:29 . 2009-06-26 21:24 2167576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgresf.dll

2009-07-08 18:29 . 2009-06-26 21:23 3402008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-07-08 18:29 . 2009-06-26 21:23 1204504 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgabout.dll

2009-07-08 18:29 . 2009-06-26 21:23 337176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avglogx.dll

2009-07-08 18:29 . 2009-06-26 21:22 829208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcfgx.dll

2009-07-08 18:29 . 2009-06-26 21:22 3298072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe

2009-07-08 18:22 . 2009-06-26 21:09 1085208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-07-08 18:22 . 2009-06-26 21:08 1454360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-07-02 17:07 . 2009-07-02 17:07 -------- d-----w- C:\!KillBox

2009-07-02 08:20 . 2009-07-02 08:20 -------- d-----w- C:\desktopclean

2009-07-02 05:12 . 2009-07-02 07:33 -------- d-----w- c:\arquivos de programas\NitroPC

2009-06-27 19:38 . 2009-06-27 19:39 -------- d-----w- C:\Brasfoot2009

2009-06-23 05:14 . 2009-06-23 05:14 -------- d-----w- c:\arquivos de programas\Lavalys

2009-06-20 23:22 . 2009-07-02 07:13 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-19 23:27 . 2009-07-02 19:58 -------- d-----w- c:\windows\system32\svc

2009-06-17 23:58 . 2009-06-17 23:58 -------- d-----w- c:\arquivos de programas\SWF-AVI-GIF Converter

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-11 20:35 . 2009-07-11 20:35 186504 ----a-w- c:\windows\system32\SnAgOS.TMP

2009-07-08 18:25 . 2009-04-11 22:19 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-26 21:25 . 2009-04-11 22:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-26 21:25 . 2009-04-11 22:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-26 07:42 . 2009-05-23 18:07 -------- d-----w- c:\arquivos de programas\Megacubo

2009-06-20 23:19 . 2007-04-10 00:18 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-18 19:59 . 2009-03-06 21:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-17 21:58 . 2006-03-02 12:00 82072 ----a-w- c:\windows\system32\perfc016.dat

2009-06-17 21:58 . 2006-03-02 12:00 461940 ----a-w- c:\windows\system32\perfh016.dat

2009-06-07 09:02 . 2009-06-07 09:02 -------- d-----w- c:\arquivos de programas\SolitaireMahjong

2009-05-31 21:40 . 2009-02-04 22:03 -------- d-----w- c:\arquivos de programas\phpDesigner

2009-05-25 19:30 . 2009-05-25 19:30 -------- d-----w- c:\arquivos de programas\FormatFactory

2009-05-25 18:55 . 2009-05-25 18:46 -------- d-----w- c:\documents and settings\Tiago\Dados de aplicativos\Any Video Converter

2009-05-25 18:47 . 2009-05-25 18:45 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-05-23 18:11 . 2009-05-23 18:11 -------- d-----w- c:\arquivos de programas\TVUPlayer

2009-05-22 22:09 . 2009-01-28 05:42 -------- d-----w- c:\arquivos de programas\PokerStars

2009-05-14 01:54 . 2007-08-05 19:12 -------- d-----w- c:\arquivos de programas\Macromedia

2009-05-14 01:53 . 2007-08-05 19:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-05-07 15:33 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-03 19:36 . 2009-04-11 22:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 19:50 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-17 06:20 . 2009-04-17 06:20 1878888 ----a-w- c:\documents and settings\Tiago\Dados de aplicativos\Opera\Opera\profile\cache4\temporary_download\install_flash_player.exe

2009-04-15 14:53 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-12-15 00:11 . 2008-06-18 05:08 71930 ----a-w- c:\arquivos de programas\megacubo_log.log

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-03_05.50.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 22:31 . 2009-07-11 22:31 16384 c:\windows\Temp\Perflib_Perfdata_208.dat

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut911.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut911.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9100.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9100.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut910.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut910.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut901.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut901.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9001.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9001.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9000.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9000.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9_1.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 49152 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut9_1.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut8.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut8.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut6.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut6.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut5.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut5.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut4.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut4.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut3.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut3.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut2.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut2.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 34304 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

- 2009-04-24 18:04 . 2009-04-24 18:04 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\ARPPRODUCTICON.exe

+ 2009-04-24 18:04 . 2009-07-04 02:28 61440 c:\windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\ARPPRODUCTICON.exe

+ 2003-09-19 17:22 . 2003-09-19 17:22 299008 c:\windows\Downloaded Program Files\isusweb.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-03-27 24103720]

"Google Update"="c:\documents and settings\Tiago\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerManager"="c:\arquivos de programas\Power Manager\PM.exe" [2006-06-30 159744]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-09-01 282624]

"domino"="c:\windows\domino.exe" [2006-07-04 49152]

"VMSnap1"="c:\windows\VMSnap1.exe" [2006-07-17 49152]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-09-06 36864]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]

"CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

BlueSoleil.lnk - c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-10-4 1183744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-01-21 17:22 413488 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-26 21:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\FTP Commander\\ftpcomm.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\phpDesigner\\phpDesigner.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\Tiago\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11005:TCP"= 11005:TCP:BitComet 11005 TCP

"11005:UDP"= 11005:UDP:BitComet 11005 UDP

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [6/3/2009 18:52 31536]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/4/2009 19:19 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/4/2009 19:19 108552]

R1 SNSID;SNSID;c:\windows\system32\drivers\SNSID.SYS [20/7/2007 15:47 22784]

R1 SNSMS;SNSMS;c:\windows\system32\drivers\SNSMS.SYS [20/7/2007 15:47 35464]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [11/4/2009 19:19 298776]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/3/2009 18:52 53040]

R2 Ps2KSecureKeyboard;SecureKbd;c:\windows\system32\drivers\psseckbd.sys [20/7/2007 15:47 15048]

R2 SNMgrSvc;SNMgrSvc;c:\windows\system32\SnMgrSvc.exe [20/7/2007 15:47 280712]

R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [23/11/2006 05:04 5504]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-<NO NAME> - c:\windows\system32\svc\svchosts.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.itautec.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Abrir com o GetRight Browser

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cf1ece1bf5e44ddebc591bef809d0870

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cf1ece1bf5e44ddebc591bef809d0870

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: Download com o GetRight

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www2

DPF: Microsoft XML Parser for Java

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\r8vpe4l7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bandasdegaragem.com.br/audioterapia

FF - prefs.js: network.proxy.type - 2

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-11 19:34

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(812)

c:\windows\system32\SnAgOS.TMP

c:\windows\system32\Sngw.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\docume~1\Tiago\CONFIG~1\Temp\catchme.dll

 

- - - - - - - > 'lsass.exe'(884)

c:\windows\system32\SnAgOS.TMP

c:\windows\system32\Sngw.dll

c:\docume~1\Tiago\CONFIG~1\Temp\catchme.dll

 

- - - - - - - > 'explorer.exe'(2752)

c:\windows\system32\SnAgOS.TMP

c:\windows\system32\Sngw.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LexBceS.exe

c:\windows\system32\Lexpps.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Borland\InterBase\bin\ibguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\Windows Media Player\wmpnetwk.exe

c:\arquivos de programas\Borland\InterBase\bin\ibserver.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\SnAgOS.EXE

c:\windows\system32\SnLiveUp.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-11 19:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-11 22:47

ComboFix2.txt 2009-07-03 06:07

 

Pré-execução: 4.509.839.360 bytes disponíveis

Pós execução: 4.419.637.248 bytes disponíveis

 

280 --- E O F --- 2009-06-12 06:30

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa tpazzin,

 

Vá em Iniciar -> Executar -> digite regedit ->Ok.

 

Navegue até a seguinte sub-chave:

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components

 

Localize e delete a seguinte pasta:

 

Ø•€|ÿÿÿÿ•€|ù•6~*

 

Saia do Editor do Registro.

 

Poste um novo log do ComboFix.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.