Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

KarlaBH

[Arquivado] Vírus que desinstala anti-virus

Recommended Posts

Peguei um vírus de um pendrive infectado, meu antivirus detectou mas não conseguiu apagar. Após reiniciei e o explorer.exe não executava, nem pelo gerenciador de tarefas do windowns. Consegui restaurar o arquivo, mas depois disso meu antivirus foi desinstalado, incluindo o ccleaner, e não consigo também baixar mais antivirus. Por favor me ajudem a retirar esse vírus, os arquivos executáveis aparecem na pasta temp, mas eu deleto e eles sempre voltam.

 

Logfile of HijackThis v1.99.1

Scan saved at 21:45:24, on 8/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\winljhq.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\winmpsvxq.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\w4502f.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\verclsid.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\Rar$EX00.687\HijackTh is.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DL L

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - C:\Arquivos de programas\TurboFTP\tftpsvc.exe

 

ComboFix 09-09-06.06 - xp 08/09/2009 21:27.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.569 [GMT -3:00]

Executando de: f:\download programas\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AIC32P

-------\Service_aic32p

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))

.

 

2009-09-08 23:02 . 2009-09-08 23:02 -------- d-----w- C:\LinhaDefensiva

2009-09-07 22:08 . 2009-09-07 22:08 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-09-07 22:06 . 2009-09-08 22:45 -------- d-----w- c:\arquivos de programas\CCleaner

2009-09-07 21:15 . 2009-09-08 02:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-07 21:15 . 2009-09-07 21:16 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-07 20:13 . 2009-09-07 20:13 -------- d-----w- C:\WUTemp

2009-09-07 15:57 . 2009-09-07 15:57 -------- d-----w- C:\PenClean

2009-09-07 15:43 . 2009-09-07 15:43 -------- d-s---w- c:\documents and settings\Karla Beatriz\UserData

2009-09-07 04:32 . 2009-09-07 04:32 -------- d-----w- c:\documents and settings\Administrador

2009-09-07 04:23 . 2009-09-08 02:35 -------- d--h--w- c:\documents and settings\LocalService.AUTORIDADE NT\Configurações locais

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-sh--w- c:\documents and settings\LocalService.AUTORIDADE NT

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-----w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2009-09-07 04:23 . 2009-09-08 02:35 -------- d--h--w- c:\documents and settings\NetworkService.AUTORIDADE NT\Configurações locais

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORIDADE NT

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-----w- c:\documents and settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2009-09-07 04:16 . 2008-04-14 02:21 3558912 -c--a-w- c:\windows\system32\dllcache\moviemk.exe

2009-09-07 04:15 . 2008-04-14 02:21 24576 -c--a-w- c:\windows\system32\dllcache\icwrmind.exe

2009-09-07 01:18 . 1999-03-23 12:12 299520 ----a-w- c:\windows\uninst.exe

2009-09-07 01:18 . 2009-09-07 01:18 -------- d-----w- c:\documents and settings\xp\WINDOWS

2009-08-31 13:14 . 2009-09-08 20:08 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-08-31 12:29 . 2009-08-31 12:29 -------- d-----w- C:\alaplaya

2009-08-12 13:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))

.

2009-09-09 00:35 . 2009-06-11 17:47 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-09-07 22:34 . 2009-06-04 23:36 -------- d-----w- c:\arquivos de programas\MSN Messenger

2009-09-05 03:30 . 2009-06-11 17:48 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\TurboFTP

2009-08-30 23:49 . 2009-08-02 22:45 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-08-30 22:18 . 2009-06-10 22:05 -------- d-----w- c:\arquivos de programas\AuditionBR

2009-08-28 23:16 . 2009-07-10 02:16 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-08-23 15:37 . 2009-06-04 23:34 -------- d-----w- c:\arquivos de programas\Java

2009-08-15 16:09 . 2009-06-06 02:36 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\DivX

2009-08-11 00:07 . 2009-06-04 23:17 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-08-07 20:03 . 2009-08-07 20:03 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\teamspeak2

2009-08-07 20:03 . 2009-08-07 20:02 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-08-05 13:35 . 2009-07-04 17:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 02:34 . 2009-06-06 00:06 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Any Video Converter

2009-08-04 02:31 . 2009-06-06 00:06 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-07-31 14:11 . 2009-07-04 17:27 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-25 08:23 . 2009-06-04 23:35 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-25 02:30 . 2009-06-06 00:13 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-24 21:26 . 2009-06-04 22:55 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 19:18 . 2001-10-28 15:07 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-07-10 19:18 . 2001-10-28 15:07 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-07-03 16:59 . 2004-08-04 03:45 915456 ------w- c:\windows\system32\wininet.dll

2009-07-01 18:23 . 2009-07-04 17:27 26624 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

.

 

------- Sigcheck -------

 

[7] F40BC97996B8E53799EEF1D63996674B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 4E486ADFE3A0B9ED0EB0639902E9F64F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 727EE2F1E73ED4C64D20D70AC0AF90BB [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_02.31.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-09 00:35 . 2009-09-09 00:35 16384 c:\windows\temp\Perflib_Perfdata_350.dat

+ 2004-08-04 03:45 . 2008-04-14 02:21 94720 c:\windows\system32\rundll32.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 72192 c:\windows\system32\dumprep.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 33280 c:\windows\system32\dllcache\rundll32.exe

- 2009-06-04 15:29 . 2008-04-14 02:21 70144 c:\windows\system32\dllcache\notepad.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 70144 c:\windows\system32\dllcache\notepad.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 20480 c:\windows\system32\dllcache\inetwiz.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 86016 c:\windows\system32\dllcache\icwconn2.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 10752 c:\windows\system32\dllcache\dumprep.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 400896 c:\windows\system32\zipfldr.dll

+ 2004-08-04 03:45 . 2008-05-08 11:24 217088 c:\windows\system32\wscript.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 202752 c:\windows\system32\taskmgr.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 500736 c:\windows\system32\shimgvw.dll

+ 2004-08-04 03:45 . 2008-04-14 02:21 112640 c:\windows\system32\reg.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 131584 c:\windows\system32\notepad.exe

+ 2009-06-04 18:34 . 2008-04-14 02:21 407040 c:\windows\system32\mspaint.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 100864 c:\windows\system32\grpconv.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 339456 c:\windows\system32\dllcache\zipfldr.dll

+ 2004-08-04 03:45 . 2008-04-14 02:21 141312 c:\windows\system32\dllcache\taskmgr.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 439296 c:\windows\system32\dllcache\shimgvw.dll

+ 2009-06-04 18:34 . 2008-04-14 02:21 345600 c:\windows\system32\dllcache\mspaint.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 217600 c:\windows\system32\dllcache\icwconn1.exe

+ 2009-09-08 22:03 . 2009-09-08 22:03 262144 c:\windows\system32\config\systemprofile\NtUser.da t

+ 2004-08-04 03:45 . 2008-04-14 02:20 462336 c:\windows\system32\cmd.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 76800]

 

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2009-07-02 297376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-07-02 18:37 297376 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"f:\\Download Programas\\setuppor.exe"=

"f:\\Download Programas\\ccsetup223.exe"=

"c:\\WINDOWS\\system32\\CF3337.exe"=

"c:\\DOCUME~1\\xp\\CONFIG~1\\Temp\\winljhq.exe "=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/7/2009 14:27 26624]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/7/2009 14:27 53120]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 fxzqjicm;System Shell;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 sophe;Image System;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 TBFTPSyncService;TurboFTP Sync Service;c:\arquivos de programas\TurboFTP\tftpsvc.exe [7/6/2009 23:56 1384448]

S3 XDva268;XDva268; [x]

S4 AYDOPAPEQL;AYDOPAPEQL;c:\docume~1\xp\CONFIG~1\Temp \AYDOPAPEQL.exe --> c:\docume~1\xp\CONFIG~1\Temp\AYDOPAPEQL.exe [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - AIC32P

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

sophe

fxzqjicm

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{D6C5AD8E-F9D3-463D-BBCB-BEEA5A96F530}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\hes6u1rs.defa ult\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.brogui.com/

FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

************************************************** ************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-08 21:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

************************************************** ************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(664)

c:\arquiv~1\GbPlugin\gbiehUni.dll

 

- - - - - - - > 'explorer.exe'(220)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\docume~1\xp\CONFIG~1\temp\winljhq.exe

c:\docume~1\xp\CONFIG~1\temp\winmpsvxq.exe

c:\docume~1\xp\CONFIG~1\temp\w4502f.exe

.

************************************************** ************************

.

Tempo para conclusão: 2009-09-09 21:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-09 00:39

ComboFix2.txt 2009-09-08 02:35

 

Pré-execução: 10 pasta(s) 112.359.776.256 bytes disponíveis

Pós execução: 10 pasta(s) 112.352.022.528 bytes disponíveis

 

237 --- E O F --- 2009-09-07 21:28

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do SafeBootKeyRepair.exe

 

Execute-o;

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

 

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]

"EnableFirewall"= 1 (0x0)

 

NetSvc::

"sophe"

"fxzqjicm"

 

Driver::

"sophe"

"fxzqjicm"

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado pela ajuda PedroN... já estava desesperada! rsrsrs

 

Segui exatamente os passos que você me pediu... acho q n retirou completamente os vírus, mas já ajudou, apareceu o alerta de segurança do windowns informando que eu n tenho nenhum anti-virus.

 

Segue os logs:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:43:22, on 9/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\winapwo.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\verclsid.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\Rar$EX00.484\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - C:\Arquivos de programas\TurboFTP\tftpsvc.exe

 

 

ComboFix 09-09-06.06 - xp 09/09/2009 21:32.4.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.672 [GMT -3:00]

Executando de: f:\download programas\ComboFix.exe

Comandos utilizados :: c:\documents and settings\xp\Desktop\CFScript.txt

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AIC32P

-------\Legacy_FXZQJICM

-------\Legacy_SOPHE

-------\Service_aic32p

-------\Service_fxzqjicm

-------\Service_sophe

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-10 to 2009-09-10 ))))))))))))))))))))))))))))

.

 

2009-09-09 00:39 . 2009-09-09 00:39 -------- d-----w- c:\documents and settings\Default User.WINDOWS2\Configurações locais

2009-09-09 00:39 . 2009-09-09 00:39 -------- d-----w- c:\documents and settings\Default User.WINDOWS2

2009-09-08 23:02 . 2009-09-08 23:02 -------- d-----w- C:\LinhaDefensiva

2009-09-07 22:08 . 2009-09-07 22:08 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-09-07 22:06 . 2009-09-08 22:45 -------- d-----w- c:\arquivos de programas\CCleaner

2009-09-07 21:15 . 2009-09-08 02:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-07 21:15 . 2009-09-07 21:16 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-07 20:13 . 2009-09-07 20:13 -------- d-----w- C:\WUTemp

2009-09-07 15:57 . 2009-09-07 15:57 -------- d-----w- C:\PenClean

2009-09-07 15:43 . 2009-09-07 15:43 -------- d-s---w- c:\documents and settings\Karla Beatriz\UserData

2009-09-07 04:32 . 2009-09-07 04:32 -------- d-----w- c:\documents and settings\Administrador

2009-09-07 04:23 . 2009-09-09 00:39 -------- d--h--w- c:\documents and settings\LocalService.AUTORIDADE NT\Configurações locais

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-sh--w- c:\documents and settings\LocalService.AUTORIDADE NT

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-----w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2009-09-07 04:23 . 2009-09-09 00:39 -------- d--h--w- c:\documents and settings\NetworkService.AUTORIDADE NT\Configurações locais

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORIDADE NT

2009-09-07 04:23 . 2009-09-07 04:23 -------- d-----w- c:\documents and settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2009-09-07 04:16 . 2008-04-14 02:21 3558912 -c--a-w- c:\windows\system32\dllcache\moviemk.exe

2009-09-07 04:15 . 2008-04-14 02:21 24576 -c--a-w- c:\windows\system32\dllcache\icwrmind.exe

2009-09-07 01:18 . 1999-03-23 12:12 299520 ----a-w- c:\windows\uninst.exe

2009-09-07 01:18 . 2009-09-07 01:18 -------- d-----w- c:\documents and settings\xp\WINDOWS

2009-08-31 13:14 . 2009-09-08 20:08 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-08-31 12:29 . 2009-08-31 12:29 -------- d-----w- C:\alaplaya

2009-08-12 13:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-10 00:38 . 2009-06-11 17:47 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-09-07 22:34 . 2009-06-04 23:36 -------- d-----w- c:\arquivos de programas\MSN Messenger

2009-09-05 03:30 . 2009-06-11 17:48 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\TurboFTP

2009-08-30 23:49 . 2009-08-02 22:45 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-08-30 22:18 . 2009-06-10 22:05 -------- d-----w- c:\arquivos de programas\AuditionBR

2009-08-28 23:16 . 2009-07-10 02:16 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-08-23 15:37 . 2009-06-04 23:34 -------- d-----w- c:\arquivos de programas\Java

2009-08-15 16:09 . 2009-06-06 02:36 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\DivX

2009-08-11 00:07 . 2009-06-04 23:17 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-08-07 20:03 . 2009-08-07 20:03 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\teamspeak2

2009-08-07 20:03 . 2009-08-07 20:02 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-08-05 13:35 . 2009-07-04 17:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 02:34 . 2009-06-06 00:06 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Any Video Converter

2009-08-04 02:31 . 2009-06-06 00:06 -------- d-----w- c:\arquivos de programas\Any Video Converter

2009-07-31 14:11 . 2009-07-04 17:27 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-25 08:23 . 2009-06-04 23:35 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-25 02:30 . 2009-06-06 00:13 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-24 21:26 . 2009-06-04 22:55 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 19:18 . 2001-10-28 15:07 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-07-10 19:18 . 2001-10-28 15:07 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-07-03 16:59 . 2004-08-04 03:45 915456 ------w- c:\windows\system32\wininet.dll

2009-07-01 18:23 . 2009-07-04 17:27 26624 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

.

 

------- Sigcheck -------

 

[7] F40BC97996B8E53799EEF1D63996674B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 4E486ADFE3A0B9ED0EB0639902E9F64F [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 727EE2F1E73ED4C64D20D70AC0AF90BB [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_02.31.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-10 00:38 . 2009-09-10 00:38 16384 c:\windows\temp\Perflib_Perfdata_3f4.dat

+ 2004-08-04 03:45 . 2008-04-14 02:21 94720 c:\windows\system32\rundll32.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 72192 c:\windows\system32\dumprep.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 33280 c:\windows\system32\dllcache\rundll32.exe

- 2009-06-04 15:29 . 2008-04-14 02:21 70144 c:\windows\system32\dllcache\notepad.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 70144 c:\windows\system32\dllcache\notepad.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 20480 c:\windows\system32\dllcache\inetwiz.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 86016 c:\windows\system32\dllcache\icwconn2.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 10752 c:\windows\system32\dllcache\dumprep.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 400896 c:\windows\system32\zipfldr.dll

+ 2004-08-04 03:45 . 2008-05-08 11:24 217088 c:\windows\system32\wscript.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 202752 c:\windows\system32\taskmgr.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 500736 c:\windows\system32\shimgvw.dll

+ 2004-08-04 03:45 . 2008-04-14 02:21 112640 c:\windows\system32\reg.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 131584 c:\windows\system32\notepad.exe

+ 2009-06-04 18:34 . 2008-04-14 02:21 407040 c:\windows\system32\mspaint.exe

+ 2004-08-04 03:45 . 2008-04-14 02:21 100864 c:\windows\system32\grpconv.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 339456 c:\windows\system32\dllcache\zipfldr.dll

+ 2004-08-04 03:45 . 2008-04-14 02:21 141312 c:\windows\system32\dllcache\taskmgr.exe

+ 2004-08-04 03:45 . 2008-04-14 02:20 439296 c:\windows\system32\dllcache\shimgvw.dll

+ 2009-06-04 18:34 . 2008-04-14 02:21 345600 c:\windows\system32\dllcache\mspaint.exe

+ 2009-06-04 18:36 . 2008-04-14 02:21 217600 c:\windows\system32\dllcache\icwconn1.exe

+ 2009-09-08 22:03 . 2009-09-08 22:03 262144 c:\windows\system32\config\systemprofile\NtUser.dat

+ 2004-08-04 03:45 . 2008-04-14 02:20 462336 c:\windows\system32\cmd.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5735792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 76800]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2009-07-02 297376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-07-02 18:37 297376 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"f:\\Download Programas\\setuppor.exe"=

"f:\\Download Programas\\ccsetup223.exe"=

"c:\\Documents and Settings\\xp\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\DOCUME~1\\xp\\CONFIG~1\\Temp\\winapwo.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/7/2009 14:27 26624]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/7/2009 14:27 53120]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 TBFTPSyncService;TurboFTP Sync Service;c:\arquivos de programas\TurboFTP\tftpsvc.exe [7/6/2009 23:56 1384448]

S3 XDva268;XDva268; [x]

S4 AYDOPAPEQL;AYDOPAPEQL;c:\docume~1\xp\CONFIG~1\Temp\AYDOPAPEQL.exe --> c:\docume~1\xp\CONFIG~1\Temp\AYDOPAPEQL.exe [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - AIC32P

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{D6C5AD8E-F9D3-463D-BBCB-BEEA5A96F530}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\hes6u1rs.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.brogui.com/

FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-09 21:38

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(668)

c:\arquiv~1\GbPlugin\gbiehUni.dll

 

- - - - - - - > 'explorer.exe'(3112)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\docume~1\xp\CONFIG~1\temp\winapwo.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-10 21:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-10 00:42

ComboFix2.txt 2009-09-09 00:39

ComboFix3.txt 2009-09-08 02:35

 

Pré-execução: 10 pasta(s) 112.300.249.088 bytes disponíveis

Pós execução: 10 pasta(s) 112.318.853.120 bytes disponíveis

 

239 --- E O F --- 2009-09-07 21:28

 

Segue o log do SafeBoot tb se precisar!

 

Reg export of SafeBoot key after repair:

========================

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

 

========================

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá KarlaBH, é aconselhado que tenha um antivírus em seu PC, vejo que você não possui nenhum.

 

Uma dica de um ótimo antivírus gratuito é o Avira antivir

 

Instale-o em seu PC, faça o update e realize um scan, log em seguida siga os meus passos abaixo:

 

Baixe o Malwarebytes dê um destes locais abaixo:

 

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

 

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pois meu problema é exatamente esse... instalar o anti-virus...

 

o avira n chega nem a executar o instalador, inclusive tentei com vários... avast, NOD, AVG, e o kaspersky instala... mas o anti-virus desabilita ele logo em seguida...

 

Passei no meu computador o Malwarebytes... ele encontrou alguns... mas n fez nenhuma diferença na máquina!

 

Segue o log

 

Logfile of HijackThis v1.99.1

Scan saved at 22:35:03, on 10/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\regedit.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\xp\CONFIG~1\Temp\Rar$EX00.546\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - C:\Arquivos de programas\TurboFTP\tftpsvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe a ferramenta SafeBootKeyRepair.exe

 

Se mesmo assim não consiguir entrar em modo de segurança, tente a ferramenta abaixo:

 

http://forum.hijackthis.de/attachment.php?attachmentid=2272&d=1187631899

 

• Salve em seu Desktop.

• Descompacte-o, clique com o botão direito do mouse em "SafeModeRepair.reg" e em "Mesclar"

• Reinicie o PC e veja se consegue acessar o Pc em Modo Seguro

 

Logo depois siga os procedimentos com a ferramenta abaixo.

 

• Baixe: < '>http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/"]Kaspersky Virus Removal Tool >

• Salve-o em Arquivos de Programas,e instale-o aí mesmo!

• Reinicie o computador,em Modo de Segurança! <-- Importante!

• Dê início ao exame,clicando em "Scan".

• A verificação é um pouco demorada. Aguarde!

• Caso seja encontrada infecções,clique em "disinfect".

• Terminando,clique na aba Events.

Desmarque a caixa de seleção "Show all events".

• Clique em "Save to file".

Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

Poste,também,HijackThis atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.