[Arquivado] Nao consigo rodar o anti-virus

[o_pensador 0]

Problema que nao consigo rodar nada no computador. Trava tudo e fica aparecendo uma solução para destruir os virus por nome SECURITY TOOL. Até mesmo o meu ANTI-VIRUS (o AVIRA) não consegue nem mesmo roda-lo. Com muito sacrificio consegui rodar o MALWAREBYTES (é bom lembrar que o mesmo não consegue ser atualizado pela internet pois acho eu que o VIRUS esta travando a atualização).

 

Portanto estou enviando o LOG do HIJACKTHIS.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:21:55, on 12/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\restorer64_a.exe

C:\WINDOWS\system32\restorer32_a.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\ESPI\restorer64_a.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\ESPI\restorer32_a.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\DOCUME~1\ESPI\CONFIG~1\Temp\Rar$EX04.187\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

O2 - BHO: HP Print Enhancer - {0347c33e-8762-4905-bf09-768834316c61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053f9267-dc04-4294-a72c-58f732d338c0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\ESPI\restorer64_a.exe

O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\ESPI\restorer32_a.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ecb495-38f0-49cb-a538-10282abf65e7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259d7-1666-479a-93b1-3250410481e8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{868D875C-ACB3-46B2-9E7B-B0CF9A00C89E}: NameServer = 208.67.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: PowerUtility TV Recording Reservation (eayeisuta94j0) - Unknown owner - C:\WINDOWS\system32\dawes.exe

O23 - Service: Firebird Guardian - DefaultInstance (firebirdguardiandefaultinstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (firebirdserverdefaultinstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\LBTServ.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 9071 bytes

[wings 22]

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Baixe o ComboFix e salve-o no desktop

*Feche o Internet Explorer e o Windows Explorer

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!! Para interromper o procedimento tecle [N]

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

[o_pensador 0]

eis o log do COMBOFIX

 

ComboFix 09-11-13.04 - ESPI 13/11/2009 9:37.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.446.183 [GMT -2:00]

Executando de: c:\documents and settings\ESPI\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - drivers: deleted 250 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Arquivos comuns\fisi.pif

c:\arquivos de programas\Arquivos comuns\fyvo._dl

c:\arquivos de programas\Arquivos comuns\iqix.pif

c:\arquivos de programas\Arquivos comuns\omeb.pif

c:\arquivos de programas\Arquivos comuns\ovoxexuzoq.com

c:\arquivos de programas\Arquivos comuns\uwebyz._sy

c:\arquivos de programas\Arquivos comuns\wekajewoja.com

c:\documents and settings\All Users\Dados de aplicativos\dorykuwuhi._dl

c:\documents and settings\All Users\Dados de aplicativos\oqutizag._dl

c:\documents and settings\All Users\Dados de aplicativos\owoji.bin

c:\documents and settings\All Users\Dados de aplicativos\uhadozeb.com

c:\documents and settings\All Users\Dados de aplicativos\vycawid.bat

c:\documents and settings\All Users\Documentos\ebul._dl

c:\documents and settings\All Users\Documentos\emunirilu.dl

c:\documents and settings\All Users\Documentos\evivacafog.inf

c:\documents and settings\All Users\Documentos\iditywury.vbs

c:\documents and settings\All Users\Documentos\ukimuve.ban

c:\documents and settings\ESPI\Cookies\asimifok.sys

c:\documents and settings\ESPI\Cookies\cetafumeva.ban

c:\documents and settings\ESPI\Cookies\ciluroluz.dl

c:\documents and settings\ESPI\Cookies\pavym.dll

c:\documents and settings\ESPI\Cookies\qolowur.dat

c:\documents and settings\ESPI\Cookies\retohorara.scr

c:\documents and settings\ESPI\Cookies\sypys.com

c:\documents and settings\ESPI\Cookies\ymujez.bin

c:\documents and settings\ESPI\Dados de aplicativos\seres.exe

c:\documents and settings\ESPI\Dados de aplicativos\uhekotufaz.reg

c:\documents and settings\ESPI\Desktop\Security Tool.lnk

c:\documents and settings\ESPI\Menu Iniciar\Programas\Security Tool.lnk

c:\documents and settings\ESPI\oashdihasidhasuidhiasdhiashdiuasdhasd

C:\memory

c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811

c:\recycler\S-1-5-21-8116088116-0916891945-397709869-9543

c:\recycler\S-1-5-21-8665970460-9899661072-092570446-7401

c:\recycler\S-51-9-25-3434476501-1644491937-601003330-1214

c:\windows\idapyb.reg

c:\windows\oqyregolaf.dl

c:\windows\oruwaj._dl

c:\windows\poxuza.dl

c:\windows\system32\akiti.reg

c:\windows\system32\AutoRun.inf

c:\windows\system32\bususihiqa.vbs

c:\windows\system32\curi.bat

c:\windows\system32\cypazi._dl

c:\windows\system32\izyf.dll

c:\windows\system32\tuji.inf

c:\windows\system32\xoturivyc.bin

c:\windows\tuvigune.dl

c:\windows\winmgr

c:\windows\winmgr\licença.txt

c:\windows\winmgr\winmgr.chm

c:\windows\winmgr\winmgr.exe

c:\windows\yvoquvyf.vbs

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_icf

-------\Service_AVPsys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))

.

 

2009-11-12 18:32 . 2009-11-06 19:32 586107 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2009-11-12 18:32 . 2009-10-03 01:15 479604 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2009-11-12 18:32 . 2009-09-15 18:58 106867 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll

2009-11-12 18:32 . 2009-09-03 18:24 127346 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescn.dll

2009-11-12 18:32 . 2009-11-11 18:08 364917 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2009-11-12 18:32 . 2009-11-06 19:32 2093432 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2009-11-12 18:32 . 2009-11-05 17:21 422261 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2009-11-12 18:32 . 2009-11-05 17:21 184694 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2009-11-12 18:32 . 2009-10-03 01:15 393587 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll

2009-11-12 18:32 . 2009-09-03 18:24 237940 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2009-11-12 18:32 . 2009-06-17 17:32 196987 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll

2009-11-12 18:32 . 2008-10-15 13:49 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aebb.dll

2009-11-11 12:37 . 2009-03-30 12:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-11 12:37 . 2009-02-13 14:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-11 12:37 . 2009-02-13 14:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-11 12:37 . 2009-11-11 12:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-11-11 12:32 . 2009-10-01 11:38 33961728 ----a-w- c:\documents and settings\avira_antivir_personal_en(2).exe

2009-10-29 12:33 . 2009-11-10 23:10 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\HPAppData

2009-10-29 11:47 . 2009-10-29 11:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-10-29 11:45 . 2009-10-29 11:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-10-29 11:44 . 2009-10-29 11:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-10-29 11:43 . 2009-10-29 11:43 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-10-29 11:43 . 2009-10-29 11:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-10-29 11:43 . 2009-10-29 11:45 -------- d-----w- c:\arquivos de programas\HP

2009-10-29 11:33 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2009-10-29 11:33 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2009-10-29 11:33 . 2009-10-29 11:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-10-29 11:33 . 2009-10-29 11:47 152122 ----a-w- c:\windows\hpoins14.dat

2009-10-29 11:33 . 2007-09-20 01:14 2000 ------w- c:\windows\hpomdl14.dat

2009-10-29 11:33 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll

2009-10-29 11:33 . 2007-03-28 16:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll

2009-10-29 11:33 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2009-10-29 11:33 . 2004-08-04 01:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-10-29 11:33 . 2004-08-04 01:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-10-29 11:32 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll

2009-10-29 11:32 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll

2009-10-29 11:32 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll

2009-10-29 11:32 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2009-10-29 11:32 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll

2009-10-29 11:31 . 2004-08-04 01:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-10-29 11:31 . 2004-08-04 01:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-10-29 10:54 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-29 10:54 . 2009-11-12 20:09 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-10-29 10:54 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-23 12:56 . 2009-10-23 12:57 -------- d-----w- C:\BPA

2009-10-23 12:52 . 2009-10-23 12:52 -------- d-----w- c:\arquivos de programas\Datasus

2009-10-22 12:34 . 2005-11-14 13:00 383488 ----a-w- c:\windows\system32\midas.dll

2009-10-22 12:34 . 2009-10-22 12:34 -------- d-----w- C:\DATASUS

2009-10-22 12:34 . 2007-12-12 03:05 356437 ----a-w- c:\windows\system32\GDS32.DLL

2009-10-22 12:34 . 2009-10-22 12:34 -------- d-----w- c:\arquivos de programas\Firebird

2009-10-21 10:53 . 2009-10-21 10:53 11903 ----a-w- c:\windows\system32\onexodepe.dat

2009-10-20 17:26 . 2009-11-12 20:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\Malwarebytes

2009-10-16 16:25 . 2009-10-16 16:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-11 12:37 . 2009-05-21 13:57 -------- d-----w- c:\arquivos de programas\Avira

2009-11-11 10:14 . 2009-06-12 12:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-11 10:14 . 2009-06-12 12:43 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-10-29 17:44 . 2009-09-22 16:24 0 ----a-w- c:\windows\system32\drivers\b2f1b0d9.sys

2009-10-23 14:46 . 2009-05-21 08:29 2970 ----a-w- c:\windows\system32\CONFIG.TMP

2009-10-19 10:59 . 2004-08-04 12:00 80328 ----a-w- c:\windows\system32\perfc016.dat

2009-10-19 10:59 . 2004-08-04 12:00 471354 ----a-w- c:\windows\system32\perfh016.dat

2009-10-15 17:48 . 2009-06-12 12:43 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-09-25 12:59 . 2009-09-25 12:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-09-25 12:59 . 2009-09-25 12:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-09-25 12:58 . 2009-09-25 12:58 -------- d-----w- c:\arquivos de programas\Real

2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\CyberLink

2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-09-22 19:47 . 2009-09-16 13:20 -------- d-----w- c:\documents and settings\ESPI\Dados de aplicativos\MassTube

2009-09-22 16:26 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\svchost.exe

2009-09-22 10:11 . 2009-05-21 11:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-09-22 10:08 . 2009-09-22 10:08 -------- d-----w- c:\arquivos de programas\Logitech

2009-09-22 10:08 . 2009-09-22 10:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogiShrd

2009-09-16 13:20 . 2009-09-16 13:20 -------- d-----w- c:\arquivos de programas\MassTube

2009-08-28 11:38 . 2009-05-21 13:58 71616 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-10-15 17:42 316192 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^nhaupd32.exe]

path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\nhaupd32.exe

backup=c:\windows\pss\nhaupd32.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^scandisk.dll]

path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\scandisk.dll

backup=c:\windows\pss\scandisk.dllStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^scandisk.lnk]

path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\scandisk.lnk

backup=c:\windows\pss\scandisk.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ESPI^Menu Iniciar^Programas^Inicializar^uecupd32.exe]

path=c:\documents and settings\ESPI\Menu Iniciar\Programas\Inicializar\uecupd32.exe

backup=c:\windows\pss\uecupd32.exeStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4628:TCP"= 4628:TCP:rqwil

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/06/2009 10:43 30752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [11/11/2009 10:37 108289]

R2 firebirdguardiandefaultinstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/05/2009 14:43 55152]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [12/06/2009 10:43 54048]

R3 firebirdserverdefaultinstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

S1 b2f1b0d9;b2f1b0d9;c:\windows\system32\drivers\b2f1b0d9.sys [22/09/2009 14:24 0]

S2 dbrwxux;Driver Task;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 10:00 14336]

S2 eayeisuta94j0;PowerUtility TV Recording Reservation;c:\windows\system32\dawes.exe --> c:\windows\system32\dawes.exe [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

dbrwxux

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771}]

c:\c\Settings\cl.exe

.

.

------- Scan Suplementar -------

.

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {868D875C-ACB3-46B2-9E7B-B0CF9A00C89E} = 208.67.222.222

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\ESPI\Dados de aplicativos\Mozilla\Firefox\Profiles\1axfuva8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\documents and settings\ESPI\Dados de aplicativos\Mozilla\Firefox\Profiles\1axfuva8.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

Notify-LBTWlgn - c:\arquivos de programas\arquivos comuns\logishrd\bluetooth\LBTWlgn.dll

AddRemove-HijackThis - c:\docume~1\ESPI\CONFIG~1\Temp\Rar$EX00.969\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-13 09:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dbrwxux]

"ServiceDll"="c:\windows\system32\ybpfwlzm.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(692)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(1024)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-13 09:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-13 11:49

 

Pré-execução: 8 pasta(s) 20.657.803.264 bytes disponíveis

Pós execução: 18 pasta(s) 20.529.766.400 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - C9A10390520568172C5721207DC09543

[wings 22]

*Execute o Malwarebytes e faça uma atualização do programa.

*Terminada a atualização, feche-o.

*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro)

*Execute o Malwarebytes e na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.