[Arquivado] PC muito lento

[x_confused 0]

Boa tarde, segue abaixo os logs do combofix e hijackthis respectivamente. PC está muito lento, sons do sistema operacional saem todos quebrados.

 

COMBOFIX:

 

ComboFix 09-12-11.05 - Lucas Tetslaff 12/12/2009 12:39:17.1.2 - x86

Executando de: c:\documents and settings\Lucas Tetslaff\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\recycler\S-1-5-21-1292428093-527237240-682003330-1003(2)

c:\windows\system32\Ijl11.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-12 to 2009-12-12 ))))))))))))))))))))))))))))

.

 

2009-12-12 14:39 . 2009-12-12 14:39 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2009-12-12 14:23 . 2009-12-12 14:23 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-12 11:33 . 2009-12-12 11:33 -------- d-----w- C:\1fa747f9c7f3e8afe8c5f08397d213f1

2009-12-12 11:28 . 2009-12-12 11:28 -------- d-----w- c:\windows\system32\XPSViewer

2009-12-12 11:27 . 2009-12-12 11:27 -------- d-----w- c:\arquivos de programas\MSBuild

2009-12-12 11:26 . 2009-12-12 11:26 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-12-12 11:25 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2009-12-12 11:23 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-12-12 11:23 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-12-12 11:23 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-12-12 11:23 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2009-12-12 11:23 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-12-12 11:23 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-12-12 11:23 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-12-12 11:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-12-12 11:23 . 2009-12-12 11:25 -------- d-----w- C:\009acd6f609fcd6436

2009-12-12 11:15 . 2009-12-10 11:23 2063640 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\avgcorex.dll

2009-12-12 11:14 . 2009-12-10 11:23 3514648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\avgui.exe

2009-12-12 11:14 . 2009-12-10 11:23 2029336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\avgtray.exe

2009-12-12 10:51 . 2009-12-12 10:51 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-12-12 10:48 . 2009-12-12 10:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-12-10 00:04 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys

2009-12-09 23:37 . 2009-12-09 23:37 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-30 11:48 . 2009-11-30 11:48 -------- d-----w- c:\documents and settings\Lucas Tetslaff\Dados de aplicativos\TeamViewer

2009-11-30 11:47 . 2009-11-30 11:47 -------- d-----w- c:\documents and settings\Lucas Tetslaff\temp

2009-11-25 21:01 . 2005-09-20 12:36 143360 ----a-w- c:\windows\system32\igfxres.dll

2009-11-23 19:36 . 2009-11-23 19:36 -------- d-----w- c:\documents and settings\Lucas Tetslaff\Dados de aplicativos\ATI

2009-11-23 19:30 . 2006-05-03 13:57 520192 ------w- c:\windows\system32\ati2sgag.exe

2009-11-23 19:30 . 2009-11-23 19:31 -------- d-----w- c:\arquivos de programas\ATI Technologies

2009-11-23 19:29 . 2009-11-23 19:29 -------- d-----w- C:\ATI

2009-11-23 18:32 . 2006-05-03 16:29 1408000 ----a-w- c:\windows\system32\ativvaxx.dll

2009-11-23 18:32 . 2004-08-04 02:45 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll

2009-11-23 18:32 . 2006-05-03 16:50 1540608 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys

2009-11-23 18:32 . 2006-05-03 16:50 1540608 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-11-23 18:32 . 2006-05-03 16:35 2693280 ----a-w- c:\windows\system32\ati3duag.dll

2009-11-23 18:32 . 2004-08-04 02:45 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll

2009-11-23 18:32 . 2004-08-04 02:45 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll

2009-11-23 18:32 . 2004-08-04 02:45 870784 ----a-w- c:\windows\system32\ati3d1ag.dll

2009-11-23 18:32 . 2006-05-03 16:51 258048 ----a-w- c:\windows\system32\ati2dvag.dll

2009-11-23 18:32 . 2006-05-03 16:09 282624 ----a-w- c:\windows\system32\ati2cqag.dll

2009-11-23 18:32 . 2004-08-04 02:45 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll

2009-11-23 18:32 . 2004-08-04 02:45 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll

2009-11-19 12:57 . 2009-11-19 12:57 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-17 19:09 . 2009-11-23 18:47 7201 ----a-w- C:\b612log.dat

2009-11-17 18:10 . 2009-12-01 13:56 363196 ----a-w- C:\DvrMainLog.dat

2009-11-17 18:08 . 2009-11-23 19:45 6464 ----a-w- C:\SettingLog.dat

2009-11-17 18:08 . 2009-11-23 18:59 84 ----a-w- C:\MP4DBINFO.dat

2009-11-17 18:08 . 2009-12-01 13:48 -------- d-----w- C:\M4DATA

2009-11-17 18:02 . 2009-11-30 15:28 25172 ----a-w- c:\windows\AngelCam.dat

2009-11-17 17:58 . 2009-02-04 16:29 64404 ----a-w- c:\windows\system32\drivers\SAA7146.SYS

2009-11-17 17:58 . 2009-02-04 16:29 233472 ----a-w- c:\windows\system32\drivers\SAA46_32.DLL

2009-11-17 17:58 . 2009-02-04 16:28 54528 ----a-w- c:\windows\system32\drivers\DVR7146.sys

2009-11-17 17:42 . 2009-11-17 17:42 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-12 14:55 . 2009-08-12 19:10 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-12 11:30 . 2001-10-28 15:07 466130 ----a-w- c:\windows\system32\perfh016.dat

2009-12-12 11:30 . 2001-10-28 15:07 77878 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 21:19 . 2008-10-04 00:22 1 ----a-w- c:\documents and settings\Lucas Tetslaff\Dados de aplicativos\BrOffice.org2\user\uno_packages\cache\stamp.sys

2009-12-10 21:19 . 2008-10-04 00:20 -------- d-----w- c:\documents and settings\Lucas Tetslaff\Dados de aplicativos\BrOffice.org2

2009-12-10 10:43 . 2009-08-12 19:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-12-09 23:20 . 2009-07-15 14:08 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-12-09 18:20 . 2009-06-18 18:18 -------- d-----w- c:\arquivos de programas\DreaMule

2009-11-23 19:30 . 2008-06-30 18:23 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-23 19:29 . 2008-06-30 18:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-11-23 18:54 . 2009-11-23 18:53 -------- d-----w- c:\arquivos de programas\DVR SYSTEM

2009-10-29 07:42 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-23 16:32 . 2009-02-26 15:28 -------- d-----w- c:\documents and settings\Lucas Tetslaff\Dados de aplicativos\Image Zone Express

2009-10-22 17:40 . 2009-08-12 19:11 30504 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-10-21 06:01 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:01 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 02:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:52 . 2004-08-04 03:45 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:52 . 2004-08-04 03:45 112640 ----a-w- c:\windows\system32\rastls.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 14:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-26 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Direct Web.lnk - c:\arquivos de programas\DVR SYSTEM\Web\DirectWeb.exe [2009-11-23 53248]

Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2008-6-13 41041]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-24 11:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 02:12 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2005-03-08 04:42 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\DVR SYSTEM\\DvrMain.exe"=

"c:\\Arquivos de programas\\DVR SYSTEM\\SNetEx_c.exe"=

"c:\\Documents and Settings\\Lucas Tetslaff\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6531:TCP"= 6531:TCP:zrxlkx

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [12/8/2009 17:11 30504]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/4/2009 17:12 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/4/2009 17:12 108552]

R2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13/6/2008 05:05 24635]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [1/4/2009 17:12 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [1/4/2009 17:12 297752]

R2 DivisCTP;DVR WDM Device Driver;c:\windows\system32\drivers\DVR7146.sys [17/11/2009 15:58 54528]

R2 DivisCTS;DVR Capture WDM Secondary Device Driver;c:\windows\system32\drivers\SAA7146.SYS [17/11/2009 15:58 64404]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [12/8/2009 17:11 53800]

S2 acphwh;Config Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 ctfdfx;Update Support;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 gufzgvr;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 kfnafyfdt;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 oqvgldxq;Microsoft Shell;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 yzgbiwr;System Time;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 zxaqji;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

oqvgldxq

acphwh

ctfdfx

kfnafyfdt

yzgbiwr

zxaqji

gufzgvr

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehCef.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-12 13:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\mysql\bin\mysqld-nt\" --defaults-file=\"c:\mysql\my.ini\" MySQL"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acphwh]

"ServiceDll"="c:\arquivos de programas\Internet Explorer\pzhhnul.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ctfdfx]

"ServiceDll"="c:\windows\system32\pzhhnul.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gufzgvr]

"ServiceDll"="c:\windows\system32\pzhhnul.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kfnafyfdt]

"ServiceDll"="c:\windows\system32\pzhhnul.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oqvgldxq]

"ServiceDll"="c:\windows\system32\pzhhnul.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yzgbiwr]

"ServiceDll"="c:\arquivos de programas\Internet Explorer\pzhhnul.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxaqji]

"ServiceDll"="c:\windows\system32\pzhhnul.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(680)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2440)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\mysql\bin\mysqld-nt.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-12 13:11:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-12 15:11

 

Pré-execução: 7.820.599.296 bytes disponíveis

Pós execução: 7.765.032.960 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 314F63DE6B23CDF6370DF6270C04FBE5

 

 

 

HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:37:36, on 12/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apache\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Apache\bin\httpd.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\mysql\bin\mysqld-nt.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DVR SYSTEM\Web\DirectWeb.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Direct Web.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache\bin\httpd.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7600 bytes

 

 

Agredeço desde já.

Giuliano

[DigRam 144]

Bom Dia! x_confused

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

<><><><><><><><><><><><>

<@> Baixe: < AD-Remover >

<@> Salve-o em C:\Arquivos de programas\

<@> Duplo clique em AD-R.exe e instale o programa.

<@> Duplo clique no ícone criado no desktop --> Clique em Oui --> Tecle L --> Enter.

<@> Terminando,poste o relatório. ( C:\Ad-Report-CLEAN[1].log )

 

<@> Baixe: < >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

<><><><><><><><><><><><>

<@> Baixe: < XPSP2_NetSvcs > ( ...by sUBs )

<@> Descompacte-o para o desktop!

<@> Execute o ( .reg ),com um duplo-clique.

<@> Confirme a inserção ao registro --> Reinicie!

<@> Poste,àcima,os relatórios solicitados.

 

Abraços!

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.