Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

bossnia

[Resolvido!] Mais de 1 virus

Recommended Posts

Tem uma aplicação se passando por antivirus pulando no meio da minha tela toda hora..

nunca instalei esta aplicação.. e o hijack classifica ela como very nasty.

 

Por favor, me ajudem

 

Bossnia

 

 

 

 

Seque o log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:55:32, on 7/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\smss32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MP4 Player\mp4Player.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Program Files\InternetSecurity2010\IS2010.exe

C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PIChecker] pichkc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O4 - Startup: CurseClientStartup.ccip

O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.buy-internetsecurity10.com

O15 - Trusted Zone: http://*.buy-is2010.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.is-software-download25.com

O15 - Trusted Zone: http://*.is10-soft-download.com

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite.....

 

1.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente. Feche-o.

*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro)

*Execute o programa através do ícone criado no desktop e na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Reinicie o PC

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta tão rápida... eu gostaria muito de poder responder rápido assim, mas meu computador levou a noite toda para fazer o scan.

 

 

LOG do MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2955

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

14/10/2009 08:15:36

mbam-log-2009-10-14 (08-15-36).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|H:\|)

Objetos verificados: 456808

Tempo decorrido: 2 hour(s), 56 minute(s), 25 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Documents and Settings\bossnia\Configurações locais\Temp\3tX0OKMW.exe.part (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\bossnia\Configurações locais\Temp\~DP9.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\Documents and Settings\bossnia\Configurações locais\Temp\~DPA.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

Log do Hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:09:56, on 8/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\smss32.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\MP4 Player\mp4Player.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Program Files\InternetSecurity2010\IS2010.exe

C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Java\jre1.6.0\bin\jucheck.exe

C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PIChecker] pichkc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O4 - Startup: CurseClientStartup.ccip

O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.buy-internetsecurity10.com

O15 - Trusted Zone: http://*.buy-is2010.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.is-software-download25.com

O15 - Trusted Zone: http://*.is10-soft-download.com

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

Baixe o WinsockXPFix e salve-o no desktop

*Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix.

a) Clique em [Reg-Backup] > [OK] > [OK] > [YES] (espere o término) > [OK]

B) Clique em [Fix] > [YES] > [OK] > Reinicie o PC

 

 

2.

*Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona", selecione os sites:

 

*Clique em [Remover]

*Clique [Ok] em todas as janelas.

 

3.

*Desative seu antivírus temporariamente

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Baixe o EliStarA

*Execute-o. Ao final do processo, cole o relatório criado em C:\infosat.txt e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Onde encontro esse Reg-Backup ? (ele deve ser rodado antes de se fazer o procedimento 2, ou apenas no caso de perder conexao com a internet depois do procedimento 3?

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

Baixe o WinsockXPFix e salve-o no desktop

*Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix.

a) Clique em [Reg-Backup] > [OK] > [OK] > [YES] (espere o término) > [OK]

 

Porque no primeiro procedimento você manda eu rodar o reg-backup e eu não tenho isso instalado.

Ou eu deveria rodar isso apenas no caso de perder a conexao com a internet? (e no cso o reg-backup seria alguma opção do winsockfix)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rodei o elistarA (porém sem rodar o reg-backup e o fix do primeiro procedimento)

Segue o log:

 

(8-2-2010 11:37:42 (GMT))

EliStartPage v20.27 ©2010 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2010)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[HKLM\...\Run]

Por favor, envienos una muestra del fichero

C:\WINDOWS\SYSTEM32\SMSS32.EXE

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\SMSS32.EXE.Muestra EliStartPage v20.27

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\SMSS32.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\WINLOGON32.EXE.Muestra EliStartPage v20.27

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\WINLOGON32.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\HELPER32.DLL.Muestra EliStartPage v20.27

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\HELPER32.DLL --> Renombrado a .VIR

C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek

C:\WINDOWS\SYSTEM32\WARNING.HTML --> Eliminado (Fichero Complementario).

C:\Documents and Settings\bossnia\Menu Iniciar\Internet Security 2010.lnk --> Eliminado (Fichero Complementario).

C:\Documents and Settings\bossnia\Desktop\Internet Security 2010.lnk --> Eliminado (Fichero Complementario).

C:\Documents and Settings\bossnia\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk --> Eliminado (Fichero Complementario).

Restaurado WinSock2 (LSPs).

Entrada Eliminada [HKLM\...\Run] "Alcmtr"="ALCMTR.EXE"

Entrada Eliminada [HKCU\...\Run] "Internet Security 2010"="C:\Program Files\InternetSecurity2010\IS2010.exe"

Entrada Eliminada [HKCU\...\Run] "smss32.exe"="C:\WINDOWS\system32\smss32.exe"

Entrada Eliminada [HKLM\...\Run] "smss32.exe"="C:\WINDOWS\system32\smss32.exe"

 

 

 

Segue o log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:43:00, on 8/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\MP4 Player\mp4Player.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Program Files\InternetSecurity2010\IS2010.exe

C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PIChecker] pichkc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\bossnia\Meus documentos\Downloads\EliStarA.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: CurseClientStartup.ccip

O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Porque no primeiro procedimento você manda eu rodar o reg-backup e eu não tenho isso instalado.

Ou eu deveria rodar isso apenas no caso de perder a conexao com a internet? (e no cso o reg-backup seria alguma opção do winsockfix)

 

Leia com atenção:

Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix. Ou seja, você só irá executar este programa caso após realizar o procedimento 3 a conexão cair ou não for recuperada.

A opção [Reg-Backup] é um botão dentro do programa.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, fiz os procedimentos, só estava com medo de pular alguma parte do procedimento e por isso a dúvida sobre o reg-backup.

Os logs postei antes da sua ultima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...vamos continuar.

 

1.

*Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona", selecione os sites:

 

*Clique em [Remover]

*Clique [Ok] em todas as janelas.

 

2.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

*Feche o hijack

 

3.

*Delete o EliStarA e o relatório C:\infosat.txt

 

4.

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

recovery-console-prompt.jpg

 

*Após a instalação, clique em [sIM] para continuar.

 

recovery-console-installed.jpg

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu computador travou depois de executar o combofix, reiniciei e encontrei o arquivo combofix.txt dentro do diretório c:\combofix, segue o log.

 

 

ComboFix 10-02-07.07 - bossnia 08/02/2010 10:19:24.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2944 [GMT -2:00]

Executando de: C:\Documents and Settings\bossnia\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - drivers: deleted 250 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Muestras

C:\Muestras\HELPER32.DLL.Muestra EliStartPage v20.27

C:\Muestras\SMSS32.EXE.Muestra EliStartPage v20.27

C:\Muestras\WINLOGON32.EXE.Muestra EliStartPage v20.27

C:\WINDOWS\system32\11478.exe

C:\WINDOWS\system32\11942.exe

C:\WINDOWS\system32\12382.exe

C:\WINDOWS\system32\14604.exe

C:\WINDOWS\system32\153.exe

C:\WINDOWS\system32\15724.exe

C:\WINDOWS\system32\16827.exe

C:\WINDOWS\system32\17421.exe

C:\WINDOWS\system32\18467.exe

C:\WINDOWS\system32\18716.exe

C:\WINDOWS\system32\19169.exe

C:\WINDOWS\system32\20417.exe

C:\WINDOWS\system32\23281.exe

C:\WINDOWS\system32\24464.exe

C:\WINDOWS\system32\26500.exe

C:\WINDOWS\system32\26962.exe

C:\WINDOWS\system32\28145.exe

C:\WINDOWS\system32\292.exe

C:\WINDOWS\system32\29358.exe

C:\WINDOWS\system32\2995.exe

C:\WINDOWS\system32\31959.exe

C:\WINDOWS\system32\32391.exe

C:\WINDOWS\system32\3902.exe

C:\WINDOWS\system32\41.exe

C:\WINDOWS\system32\4827.exe

C:\WINDOWS\system32\491.exe

C:\WINDOWS\system32\5436.exe

C:\WINDOWS\system32\5705.exe

C:\WINDOWS\system32\6334.exe

C:\WINDOWS\system32\9961.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 ))))))))))))))))))))))))))))

.

 

2010-02-08 01:53:59 . 2010-02-08 01:53:59 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion

2010-02-08 01:43:17 . 2010-02-08 01:43:17 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-08 01:43:06 . 2010-02-08 01:43:06 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Stardock

2010-02-08 01:06:01 . 2009-11-25 13:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2010-02-08 01:06:01 . 2009-03-30 11:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2010-02-08 01:06:01 . 2009-02-13 13:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys

2010-02-08 01:06:01 . 2009-02-13 13:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys

2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Arquivos de programas\Avira

2010-02-08 00:49:14 . 2010-02-08 00:49:15 26624 ----a-w- C:\WINDOWS\system32\HELPER32.DLL.VIR

2010-02-02 21:58:25 . 2009-05-18 16:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2010-02-02 21:58:25 . 2008-04-17 15:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll

2010-02-02 21:57:54 . 2010-02-02 21:57:54 -------- d-----w- C:\Arquivos de programas\iPod

2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Arquivos de programas\iTunes

2010-02-02 21:57:31 . 2010-02-02 21:57:31 -------- d-----w- C:\Arquivos de programas\Bonjour

2010-02-02 21:56:18 . 2010-02-02 21:56:18 -------- d-----w- C:\Arquivos de programas\Apple Software Update

2010-02-02 21:55:46 . 2010-02-02 21:57:52 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Apple

2010-02-02 21:55:46 . 2010-02-02 21:55:46 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21:07 . 2010-01-31 01:21:08 -------- d-----w- C:\Arquivos de programas\CDBurnerXP

2010-01-31 01:21:07 . 2009-11-12 15:48:56 7168 ----a-w- C:\WINDOWS\system32\drivers\StarOpen.sys

2010-01-23 01:13:38 . 2007-03-28 14:05:03 35332 ----a-w- C:\WINDOWS\system32\uninst.exe

2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll

2010-01-23 00:40:54 . 2009-07-24 17:05:24 762208 ----a-w- C:\WINDOWS\vVX1000.exe

2010-01-23 00:40:54 . 2009-07-24 17:05:24 676720 ----a-w- C:\WINDOWS\system32\LCCoin30.dll

2010-01-23 00:40:54 . 2009-07-24 17:05:24 1961072 ----a-w- C:\WINDOWS\system32\drivers\VX1000.sys

2010-01-23 00:40:54 . 2009-07-24 17:05:24 175456 ----a-w- C:\WINDOWS\system32\cVX1000.dll

2010-01-22 23:04:54 . 2010-01-22 23:04:54 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Stardock

2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- dc-h--w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- d-----w- C:\Arquivos de programas\Stardock

2010-01-22 23:04:48 . 2009-10-02 17:59:29 3254528 -c--a-w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe

2010-01-22 21:51:36 . 2010-01-22 21:51:36 72488 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-08 12:20:06 . 2008-04-14 11:00:00 79022 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-02-08 12:20:06 . 2008-04-14 11:00:00 468108 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-02-08 01:25:01 . 2009-10-14 03:49:45 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-02-08 00:28:32 . 2009-12-18 21:22:29 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Skype

2010-02-07 10:06:30 . 2009-12-11 10:55:06 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2010-02-06 10:08:36 . 2008-06-16 21:08:57 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\skypePM

2010-02-02 21:57:21 . 2009-01-10 20:34:20 -------- d-----w- C:\Arquivos de programas\QuickTime

2010-02-02 21:57:01 . 2009-01-10 20:34:19 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2010-01-20 23:38:31 . 2009-04-22 01:51:52 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-01-20 23:38:18 . 2009-04-22 01:51:52 -------- d-----w- C:\Arquivos de programas\GbPlugin

2010-01-20 20:28:47 . 2010-01-20 20:28:47 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\LucasArts

2010-01-11 21:45:27 . 2009-06-30 21:32:06 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Ventrilo

2010-01-07 18:07:14 . 2009-10-14 03:49:47 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07:04 . 2009-10-14 03:49:46 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-01-02 03:50:04 . 2010-01-02 03:50:04 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\TortoiseSVN

2010-01-02 03:48:46 . 2010-01-02 03:48:46 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Subversion

2010-01-02 03:48:15 . 2010-01-02 03:48:13 -------- d-----w- C:\Arquivos de programas\TortoiseSVN

2010-01-02 03:48:14 . 2009-06-08 22:09:58 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays

2009-12-30 12:59:36 . 2009-04-22 01:52:12 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

2009-12-27 00:32:10 . 2008-10-26 04:43:16 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-12-22 19:57:08 . 2009-12-22 19:57:08 -------- d-----w- C:\Arquivos de programas\Razer

2009-12-19 06:56:21 . 2009-12-19 06:56:21 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\InstallShield

2009-12-18 21:22:27 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Skype

2009-12-18 21:22:27 . 2008-06-16 21:05:35 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2009-12-18 21:22:26 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Skype

2009-12-18 21:08:24 . 2009-12-18 21:07:41 -------- d-----w- C:\Arquivos de programas\NVIDIA Corporation

2009-12-18 21:08:00 . 2009-12-18 21:07:53 -------- d-----w- C:\Arquivos de programas\AGEIA Technologies

2009-12-18 21:07:48 . 2009-06-30 21:30:42 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-12-18 21:07:45 . 2009-12-18 21:07:45 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-12-18 20:53:52 . 2009-12-18 20:53:50 -------- d-----w- C:\Arquivos de programas\ASUS

2009-12-18 20:53:49 . 2008-06-08 02:07:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-12-10 21:50:16 . 2009-06-02 22:11:11 -------- d-----w- C:\Arquivos de programas\Curse

2009-11-23 15:40:24 . 2009-11-23 15:40:24 114048 ----a-w- C:\WINDOWS\system32\RzMwApi.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 154216 ----a-w- C:\WINDOWS\system32\nvsvc32.exe

2009-11-20 22:32:14 . 2009-11-20 22:32:14 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe

2009-11-20 22:32:14 . 2009-11-20 22:32:14 12669544 ----a-w- C:\WINDOWS\system32\nvcpl.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 110184 ----a-w- C:\WINDOWS\system32\nvmctray.dll

2009-11-20 22:32:10 . 2009-11-20 22:32:10 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll

2009-11-19 23:42:56 . 2008-06-08 02:04:22 592488 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE

.

 

------- Sigcheck -------

 

[-] 2008-05-27 21:39:16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\tcpip.sys

 

[-] 2008-05-27 21:39:27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34:46 5724184]

"Google Update"="C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 20:26:51 133104]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]

"MP4 Player"="C:\Arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 13:00:50 639488]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 19:45:34 22058792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 01:55:49 77824]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 09:32:14 18085888]

"Six Engine"="C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 21:17:54 5634560]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 22:32:14 12669544]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 22:32:14 110184]

"VX1000"="C:\WINDOWS\vVX1000.exe" [2009-07-24 17:05:24 762208]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 01:08:18 417792]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 21:16:42 141608]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 14:08:47 209153]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GbPluginBb"="C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2009-12-30 12:58:48 318240]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 11:00:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-27 21:38:14 123904]

 

C:\Documents and Settings\bossnia\Menu Iniciar\Programas\Inicializar\

CurseClientStartup.ccip [2009-12-10 0]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35:38 87352 ----a-w- C:\WINDOWS\system32\LMIinit.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Curse\\CurseClient.exe"=

"C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"C:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [21/4/2009 23:52:12 30752]

R2 AntiVirSchedulerService;Avira AntiVir Programador;C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06:00 108289]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [21/4/2009 23:52:12 54048]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20:10 47640]

S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [25/1/2009 12:52:45 717296]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys --> C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [?]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [19/12/2009 04:55:06 1684736]

S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\drivers\whfltr2k.sys [1/1/2009 02:51:47 7109]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Settings,ProxyOverride = *.local

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\

FF - prefs.js: browser.startup.homepage - www.google.com/ncr

FF - component: C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npoji610.dll

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-PIChecker - pichkc.exe

HKLM-Run-LogMeIn GUI - C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

HKLM-Run-nwiz - nwiz.exe

AddRemove-Codec pack Base (DivX, Xvid, 3ivx) - C:\WINDOWS\system32\uninst Codec pack Base (DivX

AddRemove-NVIDIA Display Control Panel - C:\Arquivos de programas\NVIDIA Corporation\Uninstall\nvuninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-08 10:22:11

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(772)

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

C:\WINDOWS\system32\LMIinit.dll

.

Tempo para conclusão: 2010-02-08 10:23:29

ComboFix-quarantined-files.txt 2010-02-08 12:23:15

 

Pré-execução: 4.103.659.520 bytes disponíveis

Pós execução: 6.975.746.048 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 462236F59206DD631FE74D21B245211B

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona" selecione

 

buy-internetsecurity10.com

buy-is2010.com

*Clique em [Remover]

*Clique [Ok] em todas as janelas.

 

2.

*Envie o arquivo abaixo para análise em http://virscan.org

 

C:\WINDOWS\system32\RzMwApi.dll

*Cole o link contendo o resultado da análise e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona" selecione

 

buy-internetsecurity10.com

buy-is2010.com

*Clique em [Remover]

*Clique [Ok] em todas as janelas.

 

Não fui capaz de executar o passo 1 pois a lista de sites confiáveis está vazia.

 

Segue o log do site de verificação:

 

VirSCAN.org Scanned Report :

Scanned time : 2010/02/08 09:23:17 (ACT)

Scanner results: Todos os softwares reportaram que não encontraram códigos maliciosos!

File Name : RzMwApi.dll

File Size : 114048 byte

File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi

MD5 : fce292a0f4a2eb0a4485e571f9c51045

SHA1 : cd06180954d756e1724f73069c21e58372c69205

Online report : http://virscan.org/report/8d3a0e82f37f4c89aa527d85c744d81f.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20100206001945 2010-02-06 43.12 -

AhnLab V3 2010.02.08.00 2010.02.08 2010-02-08 40.13 -

AntiVir 8.2.1.160 7.10.3.237 2010-02-08 0.33 -

Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 -

Arcavir 2009 201002080201 2010-02-08 0.05 -

Authentium 5.1.1 201002081015 2010-02-08 1.55 -

AVAST! 4.7.4 100208-0 2010-02-08 0.01 -

AVG 8.5.720 271.1.1/2660 2010-02-01 5.21 -

BitDefender 7.81008.5034492 7.30281 2010-02-08 5.17 -

ClamAV 0.95.3 10363 2010-02-07 0.03 -

Comodo 3.13.579 3409 2010-02-08 40.12 -

CP Secure 1.3.0.5 2010.02.08 2010-02-08 0.08 -

Dr.Web 5.0.1.12222 2010.02.08 2010-02-08 5.16 -

F-Prot 4.4.4.56 20100208 2010-02-08 1.42 -

F-Secure 7.02.73807 2010.02.08.09 2010-02-08 0.12 -

Fortinet 11.472- 11.472 2010-02-08 40.13 -

GData 19.10381/19.738 20100208 2010-02-08 40.13 -

ViRobot 20100208 2010.02.08 2010-02-08 40.13 -

Ikarus T3.1.01.80 2010.02.08.75136 2010-02-08 4.48 -

JiangMin 13.0.900 2010.02.08 2010-02-08 40.12 -

Kaspersky 5.5.10 2010.02.08 2010-02-08 0.07 -

KingSoft 2009.2.5.15 2010.2.8.17 2010-02-08 40.13 -

McAfee 5.3.00 5885 2010-02-07 3.51 -

Microsoft 1.5406 2010.02.08 2010-02-08 40.13 -

Norman 6.01.09 6.01.00 2010-01-16 4.00 -

Panda 9.05.01 2010.02.05 2010-02-05 40.12 -

Trend Micro 9.120-1004 6.834.05 2010-02-08 0.03 -

Quick Heal 10.00 2010.02.08 2010-02-08 40.13 -

Rising 20.0 22.34.00.04 2010-02-08 43.12 -

Sophos 3.04.1 4.50 2010-02-08 3.55 -

Sunbelt 3.9.2400.2 5663 2010-02-07 40.13 -

Symantec 1.3.0.24 20100201.009 2010-02-01 0.02 -

nProtect 20100207.01 7182772 2010-02-07 40.12 -

The Hacker 6.5.1.1 v00183 2010-02-08 40.13 -

VBA32 3.12.12.1 20100207.2056 2010-02-07 2.51 -

VirusBuster 4.5.11.10 10.119.44/2022653 2010-02-08 2.48 -

 

 

Novo log do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:36:05, on 8/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MP4 Player\mp4Player.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\18GYN2HW.WN7\94XBE99P.ROO\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PIChecker] pichkc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: CurseClientStartup.ccip

O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...

 

1.

*Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked]

 

O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file)

O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)

*Feche o hijack

 

2.

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

C:\WINDOWS\system32\HELPER32.DLL.VIR

DDS::

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: buy-is2010.com

 

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

 

 

 

.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rodei o combofix como requsitado (porém não havia nada sobre os trusted sites quando copiei od dados do cscript.txt), vou rodar novamente com estes dados agora..

 

segue o log do combofix

 

ComboFix 10-02-07.08 - bossnia 08/02/2010 12:56:33.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2713 [GMT -2:00]

Executando de: C:\Documents and Settings\bossnia\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\bossnia\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 ))))))))))))))))))))))))))))

.

 

2010-02-08 14:20:09 . 2009-08-06 21:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll

2010-02-08 14:20:09 . 2009-08-06 21:23:46 215920 ----a-w- C:\WINDOWS\system32\muweb.dll

2010-02-08 01:53:59 . 2010-02-08 01:53:59 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion

2010-02-08 01:43:17 . 2010-02-08 01:43:17 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-08 01:43:06 . 2010-02-08 01:43:06 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Stardock

2010-02-08 01:06:01 . 2009-11-25 13:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2010-02-08 01:06:01 . 2009-03-30 11:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2010-02-08 01:06:01 . 2009-02-13 13:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys

2010-02-08 01:06:01 . 2009-02-13 13:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys

2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Arquivos de programas\Avira

2010-02-08 00:49:14 . 2010-02-08 00:49:15 26624 ----a-w- C:\WINDOWS\system32\HELPER32.DLL.VIR

2010-02-02 21:58:25 . 2009-05-18 16:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2010-02-02 21:58:25 . 2008-04-17 15:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll

2010-02-02 21:57:54 . 2010-02-02 21:57:54 -------- d-----w- C:\Arquivos de programas\iPod

2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Arquivos de programas\iTunes

2010-02-02 21:57:31 . 2010-02-02 21:57:31 -------- d-----w- C:\Arquivos de programas\Bonjour

2010-02-02 21:56:18 . 2010-02-02 21:56:18 -------- d-----w- C:\Arquivos de programas\Apple Software Update

2010-02-02 21:55:46 . 2010-02-02 21:57:52 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Apple

2010-02-02 21:55:46 . 2010-02-02 21:55:46 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21:07 . 2010-01-31 01:21:08 -------- d-----w- C:\Arquivos de programas\CDBurnerXP

2010-01-31 01:21:07 . 2009-11-12 15:48:56 7168 ----a-w- C:\WINDOWS\system32\drivers\StarOpen.sys

2010-01-23 01:13:38 . 2007-03-28 14:05:03 35332 ----a-w- C:\WINDOWS\system32\uninst.exe

2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll

2010-01-23 00:40:54 . 2009-07-24 17:05:24 762208 ----a-w- C:\WINDOWS\vVX1000.exe

2010-01-23 00:40:54 . 2009-07-24 17:05:24 676720 ----a-w- C:\WINDOWS\system32\LCCoin30.dll

2010-01-23 00:40:54 . 2009-07-24 17:05:24 1961072 ----a-w- C:\WINDOWS\system32\drivers\VX1000.sys

2010-01-23 00:40:54 . 2009-07-24 17:05:24 175456 ----a-w- C:\WINDOWS\system32\cVX1000.dll

2010-01-22 23:04:54 . 2010-01-22 23:04:54 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Stardock

2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- dc-h--w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- d-----w- C:\Arquivos de programas\Stardock

2010-01-22 23:04:48 . 2009-10-02 17:59:29 3254528 -c--a-w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe

2010-01-22 21:51:36 . 2010-01-22 21:51:36 72488 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-08 15:00:29 . 2009-12-18 21:22:29 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Skype

2010-02-08 14:53:10 . 2008-04-14 11:00:00 79022 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-02-08 14:53:10 . 2008-04-14 11:00:00 468108 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-02-08 13:49:11 . 2008-06-16 21:08:57 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\skypePM

2010-02-08 01:25:01 . 2009-10-14 03:49:45 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-02-07 10:06:30 . 2009-12-11 10:55:06 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2010-02-02 21:57:21 . 2009-01-10 20:34:20 -------- d-----w- C:\Arquivos de programas\QuickTime

2010-02-02 21:57:01 . 2009-01-10 20:34:19 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2010-01-20 23:38:31 . 2009-04-22 01:51:52 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-01-20 23:38:18 . 2009-04-22 01:51:52 -------- d-----w- C:\Arquivos de programas\GbPlugin

2010-01-20 20:28:47 . 2010-01-20 20:28:47 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\LucasArts

2010-01-11 21:45:27 . 2009-06-30 21:32:06 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Ventrilo

2010-01-07 18:07:14 . 2009-10-14 03:49:47 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07:04 . 2009-10-14 03:49:46 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-01-02 03:50:04 . 2010-01-02 03:50:04 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\TortoiseSVN

2010-01-02 03:48:46 . 2010-01-02 03:48:46 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Subversion

2010-01-02 03:48:15 . 2010-01-02 03:48:13 -------- d-----w- C:\Arquivos de programas\TortoiseSVN

2010-01-02 03:48:14 . 2009-06-08 22:09:58 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays

2009-12-30 12:59:36 . 2009-04-22 01:52:12 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

2009-12-27 00:32:10 . 2008-10-26 04:43:16 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-12-22 19:57:08 . 2009-12-22 19:57:08 -------- d-----w- C:\Arquivos de programas\Razer

2009-12-19 06:56:21 . 2009-12-19 06:56:21 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\InstallShield

2009-12-18 21:22:27 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Skype

2009-12-18 21:22:27 . 2008-06-16 21:05:35 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2009-12-18 21:22:26 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Skype

2009-12-18 21:08:24 . 2009-12-18 21:07:41 -------- d-----w- C:\Arquivos de programas\NVIDIA Corporation

2009-12-18 21:08:00 . 2009-12-18 21:07:53 -------- d-----w- C:\Arquivos de programas\AGEIA Technologies

2009-12-18 21:07:48 . 2009-06-30 21:30:42 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-12-18 21:07:45 . 2009-12-18 21:07:45 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-12-18 20:53:52 . 2009-12-18 20:53:50 -------- d-----w- C:\Arquivos de programas\ASUS

2009-12-18 20:53:49 . 2008-06-08 02:07:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-12-10 21:50:16 . 2009-06-02 22:11:11 -------- d-----w- C:\Arquivos de programas\Curse

2009-11-23 15:40:24 . 2009-11-23 15:40:24 114048 ----a-w- C:\WINDOWS\system32\RzMwApi.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 154216 ----a-w- C:\WINDOWS\system32\nvsvc32.exe

2009-11-20 22:32:14 . 2009-11-20 22:32:14 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe

2009-11-20 22:32:14 . 2009-11-20 22:32:14 12669544 ----a-w- C:\WINDOWS\system32\nvcpl.dll

2009-11-20 22:32:14 . 2009-11-20 22:32:14 110184 ----a-w- C:\WINDOWS\system32\nvmctray.dll

2009-11-20 22:32:10 . 2009-11-20 22:32:10 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll

2009-11-19 23:42:56 . 2008-06-08 02:04:22 592488 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE

.

 

------- Sigcheck -------

 

[-] 2008-05-27 21:39:16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\tcpip.sys

 

[-] 2008-05-27 21:39:27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-08_12.22.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-16 21:12:58 . 2009-08-06 21:24:10 44768 C:\WINDOWS\system32\wups2.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\wups.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:06 53472 C:\WINDOWS\system32\wuauclt.exe

+ 2010-02-08 14:20:05 . 2009-08-06 21:24:10 44768 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2010-02-08 14:20:05 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2008-04-14 11:00:00 . 2010-02-08 14:53:10 67312 C:\WINDOWS\system32\perfc009.dat

- 2008-04-14 11:00:00 . 2010-02-08 12:20:06 67312 C:\WINDOWS\system32\perfc009.dat

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\dllcache\wups.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:06 53472 C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2008-04-14 11:00:00 . 2009-08-06 21:24:04 96480 C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-04-14 11:00:00 . 2009-08-06 21:24:04 96480 C:\WINDOWS\system32\cdm.dll

+ 2008-06-08 01:51:31 . 2009-08-06 21:24:18 209632 C:\WINDOWS\system32\wuweb.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:18 327896 C:\WINDOWS\system32\wucltui.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:23:54 575704 C:\WINDOWS\system32\wuapi.dll

- 2008-04-14 11:00:00 . 2010-02-08 12:20:06 432356 C:\WINDOWS\system32\perfh009.dat

+ 2008-04-14 11:00:00 . 2010-02-08 14:53:10 432356 C:\WINDOWS\system32\perfh009.dat

+ 2008-06-08 01:51:31 . 2009-08-06 21:24:18 209632 C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:24:18 327896 C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:23:54 575704 C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:23:46 1929952 C:\WINDOWS\system32\wuaueng.dll

+ 2008-06-08 01:51:30 . 2009-08-06 21:23:46 1929952 C:\WINDOWS\system32\dllcache\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34:46 5724184]

"Google Update"="C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 20:26:51 133104]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]

"MP4 Player"="C:\Arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 13:00:50 639488]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 19:45:34 22058792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 01:55:49 77824]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]

"PIChecker"="pichkc.exe" [bU]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [bU]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 09:32:14 18085888]

"Six Engine"="C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 21:17:54 5634560]

"nwiz"="nwiz.exe" [bU]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 22:32:14 12669544]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 22:32:14 110184]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 01:08:18 417792]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 21:16:42 141608]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 14:08:47 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 11:00:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-27 21:38:14 123904]

 

C:\Documents and Settings\bossnia\Menu Iniciar\Programas\Inicializar\

CurseClientStartup.ccip [2009-12-10 0]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35:38 87352 ----a-w- C:\WINDOWS\system32\LMIinit.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Curse\\CurseClient.exe"=

"C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"C:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [21/4/2009 23:52:12 30752]

R2 AntiVirSchedulerService;Avira AntiVir Programador;C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06:00 108289]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [21/4/2009 23:52:12 54048]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20:10 47640]

S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [25/1/2009 12:52:45 717296]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys --> C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [?]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [19/12/2009 04:55:06 1684736]

S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\drivers\whfltr2k.sys [1/1/2009 02:51:47 7109]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\

FF - prefs.js: browser.startup.homepage - www.google.com/ncr

FF - component: C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npoji610.dll

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-08 13:00:25

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(776)

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

C:\WINDOWS\system32\LMIinit.dll

 

- - - - - - - > 'explorer.exe'(2848)

C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

C:\Arquivos de programas\TortoiseGit\bin\TortoiseGit.dll

C:\Arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll

C:\Arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll

C:\Arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll

C:\WINDOWS\system32\ieframe.dll

C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll

c:\arquivos de programas\stardock\fences\DesktopDock.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

.

Tempo para conclusão: 2010-02-08 13:01:38

ComboFix-quarantined-files.txt 2010-02-08 15:01:22

 

Pré-execução: 6.984.732.672 bytes disponíveis

Pós execução: 6.971.179.008 bytes disponíveis

 

- - End Of File - - 0D9AD59827E54AB304781B2D8E146D26

 

 

 

Log novo do hijack:

Logfile of HijackThis v1.99.1

Scan saved at 13:05:28, on 8/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\MP4 Player\mp4Player.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\18GYN2HW.WN7\94XBE99P.ROO\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PIChecker] pichkc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: CurseClientStartup.ccip

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo. Não se esqueça de incluir o comando File:: no script!!

 

 

File::

C:\WINDOWS\system32\HELPER32.DLL.VIR

 

 

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-02-07.08 - bossnia 08/02/2010 13:12:15.4.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2748 [GMT -2:00]

Executando de: c:\documents and settings\bossnia\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\bossnia\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\system32\HELPER32.DLL.VIR"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\HELPER32.DLL.VIR

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 ))))))))))))))))))))))))))))

.

 

2010-02-08 15:12 . 2010-02-08 15:12 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2010-02-08 14:20 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-02-08 14:20 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-08 01:53 . 2010-02-08 01:53 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Subversion

2010-02-08 01:43 . 2010-02-08 01:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-08 01:43 . 2010-02-08 01:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Stardock

2010-02-08 01:06 . 2009-11-25 13:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-08 01:06 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-08 01:06 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-08 01:06 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-08 01:05 . 2010-02-08 01:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-02-08 01:05 . 2010-02-08 01:05 -------- d-----w- c:\arquivos de programas\Avira

2010-02-02 21:58 . 2009-05-18 16:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-02-02 21:58 . 2008-04-17 15:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-02-02 21:57 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\iPod

2010-02-02 21:57 . 2010-02-02 21:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-02 21:57 . 2010-02-02 21:58 -------- d-----w- c:\arquivos de programas\iTunes

2010-02-02 21:57 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\Bonjour

2010-02-02 21:56 . 2010-02-02 21:56 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-02-02 21:55 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-02-02 21:55 . 2010-02-02 21:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2010-01-31 01:21 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-01-23 01:13 . 2007-03-28 14:05 35332 ----a-w- c:\windows\system32\uninst.exe

2010-01-23 00:41 . 2008-04-13 21:20 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-01-23 00:41 . 2008-04-13 21:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2010-01-23 00:40 . 2009-07-24 17:05 762208 ----a-w- c:\windows\vVX1000.exe

2010-01-23 00:40 . 2009-07-24 17:05 676720 ----a-w- c:\windows\system32\LCCoin30.dll

2010-01-23 00:40 . 2009-07-24 17:05 1961072 ----a-w- c:\windows\system32\drivers\VX1000.sys

2010-01-23 00:40 . 2009-07-24 17:05 175456 ----a-w- c:\windows\system32\cVX1000.dll

2010-01-22 23:04 . 2010-01-22 23:04 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Stardock

2010-01-22 23:04 . 2010-01-22 23:04 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

2010-01-22 23:04 . 2010-01-22 23:04 -------- d-----w- c:\arquivos de programas\Stardock

2010-01-22 23:04 . 2009-10-02 17:59 3254528 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe

2010-01-22 21:51 . 2010-01-22 21:51 72488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-08 15:14 . 2008-04-14 11:00 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-02-08 15:14 . 2008-04-14 11:00 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-02-08 15:00 . 2009-12-18 21:22 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Skype

2010-02-08 13:49 . 2008-06-16 21:08 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\skypePM

2010-02-08 01:25 . 2009-10-14 03:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-07 10:06 . 2009-12-11 10:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-02 21:57 . 2009-01-10 20:34 -------- d-----w- c:\arquivos de programas\QuickTime

2010-02-02 21:57 . 2009-01-10 20:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-20 23:38 . 2009-04-22 01:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-01-20 23:38 . 2009-04-22 01:51 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-01-20 20:28 . 2010-01-20 20:28 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\LucasArts

2010-01-11 21:45 . 2009-06-30 21:32 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Ventrilo

2010-01-07 18:07 . 2009-10-14 03:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07 . 2009-10-14 03:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-02 03:50 . 2010-01-02 03:50 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\TortoiseSVN

2010-01-02 03:48 . 2010-01-02 03:48 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Subversion

2010-01-02 03:48 . 2010-01-02 03:48 -------- d-----w- c:\arquivos de programas\TortoiseSVN

2010-01-02 03:48 . 2009-06-08 22:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays

2009-12-30 12:59 . 2009-04-22 01:52 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-12-27 00:32 . 2008-10-26 04:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-12-22 19:57 . 2009-12-22 19:57 -------- d-----w- c:\arquivos de programas\Razer

2009-12-19 06:56 . 2009-12-19 06:56 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\InstallShield

2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- c:\arquivos de programas\Skype

2009-12-18 21:22 . 2008-06-16 21:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-18 21:08 . 2009-12-18 21:07 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-12-18 21:08 . 2009-12-18 21:07 -------- d-----w- c:\arquivos de programas\AGEIA Technologies

2009-12-18 21:07 . 2009-06-30 21:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-12-18 21:07 . 2009-12-18 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-12-18 20:53 . 2009-12-18 20:53 -------- d-----w- c:\arquivos de programas\ASUS

2009-12-18 20:53 . 2008-06-08 02:07 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-10 21:50 . 2009-06-02 22:11 -------- d-----w- c:\arquivos de programas\Curse

2009-11-23 15:40 . 2009-11-23 15:40 114048 ----a-w- c:\windows\system32\RzMwApi.dll

2009-11-20 22:32 . 2009-11-20 22:32 278120 ----a-w- c:\windows\system32\nvmccs.dll

2009-11-20 22:32 . 2009-11-20 22:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2009-11-20 22:32 . 2009-11-20 22:32 145000 ----a-w- c:\windows\system32\nvcolor.exe

2009-11-20 22:32 . 2009-11-20 22:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

2009-11-20 22:32 . 2009-11-20 22:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

2009-11-20 22:32 . 2009-11-20 22:32 81920 ----a-w- c:\windows\system32\nvwddi.dll

2009-11-19 23:42 . 2008-06-08 02:04 592488 ----a-w- c:\windows\system32\NVUNINST.EXE

.

 

------- Sigcheck -------

 

[-] 2008-05-27 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2008-05-27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-08_12.22.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-16 21:12 . 2009-08-06 21:24 44768 c:\windows\system32\wups2.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 35552 c:\windows\system32\wups.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 53472 c:\windows\system32\wuauclt.exe

+ 2010-02-08 14:20 . 2009-08-06 21:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2010-02-08 14:20 . 2009-08-06 21:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2008-04-14 11:00 . 2010-02-08 15:14 67312 c:\windows\system32\perfc009.dat

- 2008-04-14 11:00 . 2010-02-08 12:20 67312 c:\windows\system32\perfc009.dat

+ 2008-06-08 01:51 . 2009-08-06 21:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2008-04-14 11:00 . 2009-08-06 21:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2008-04-14 11:00 . 2009-08-06 21:24 96480 c:\windows\system32\cdm.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 209632 c:\windows\system32\wuweb.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 327896 c:\windows\system32\wucltui.dll

+ 2008-06-08 01:51 . 2009-08-06 21:23 575704 c:\windows\system32\wuapi.dll

- 2008-04-14 11:00 . 2010-02-08 12:20 432356 c:\windows\system32\perfh009.dat

+ 2008-04-14 11:00 . 2010-02-08 15:14 432356 c:\windows\system32\perfh009.dat

+ 2008-06-08 01:51 . 2009-08-06 21:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2008-06-08 01:51 . 2009-08-06 21:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2008-06-08 01:51 . 2009-08-06 21:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2008-06-08 01:51 . 2009-08-06 21:23 1929952 c:\windows\system32\wuaueng.dll

+ 2008-06-08 01:51 . 2009-08-06 21:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Google Update"="c:\documents and settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"MP4 Player"="c:\arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 639488]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 22058792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 77824]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"PIChecker"="pichkc.exe" [bU]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [bU]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]

"Six Engine"="c:\arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 5634560]

"nwiz"="nwiz.exe" [bU]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 141608]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-27 123904]

 

c:\documents and settings\bossnia\Menu Iniciar\Programas\Inicializar\

CurseClientStartup.ccip [2009-12-10 0]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58 318240 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Curse\\CurseClient.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [21/4/2009 23:52 30752]

R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06 108289]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [21/4/2009 23:52 54048]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20 47640]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys --> c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/12/2009 04:55 1684736]

S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/1/2009 02:51 7109]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/1/2009 12:52 717296]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\

FF - prefs.js: browser.startup.homepage - www.google.com/ncr

FF - component: c:\documents and settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npoji610.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-08 13:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(772)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\windows\system32\LMIinit.dll

.

Tempo para conclusão: 2010-02-08 13:17:37

ComboFix-quarantined-files.txt 2010-02-08 15:17

 

Pré-execução: 6.984.699.904 bytes disponíveis

Pós execução: 6.972.092.416 bytes disponíveis

 

- - End Of File - - CD720D684205D5A97FA39C298B393665

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o log está limpo.

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

*Delete o arquivo C:\combofix.txt

 

2.

*Execute o Malwarebytes através do ícone criado no desktop na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.