bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Tem uma aplicação se passando por antivirus pulando no meio da minha tela toda hora.. nunca instalei esta aplicação.. e o hijack classifica ela como very nasty. Por favor, me ajudem Bossnia Seque o log do hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:55:32, on 7/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vVX1000.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\smss32.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\MP4 Player\mp4Player.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Program Files\InternetSecurity2010\IS2010.exe C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PIChecker] pichkc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe O4 - Startup: CurseClientStartup.ccip O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.buy-is2010.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.is10-soft-download.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM) O15 - Trusted Zone: http://*.buy-is2010.com (HKLM) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 Boa noite..... 1. *Baixe o MalwareBytes Anti-malware e salve-o no desktop: *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. Feche-o. *Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro) *Execute o programa através do ícone criado no desktop e na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Selecione todos os resultados e clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Reinicie o PC *Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt *Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Obrigado pela resposta tão rápida... eu gostaria muito de poder responder rápido assim, mas meu computador levou a noite toda para fazer o scan. LOG do MALWAREBYTES: Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 2955 Windows 5.1.2600 Service Pack 3 (Safe Mode) 14/10/2009 08:15:36 mbam-log-2009-10-14 (08-15-36).txt Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|H:\|) Objetos verificados: 456808 Tempo decorrido: 2 hour(s), 56 minute(s), 25 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 3 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\Documents and Settings\bossnia\Configurações locais\Temp\3tX0OKMW.exe.part (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\bossnia\Configurações locais\Temp\~DP9.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. C:\Documents and Settings\bossnia\Configurações locais\Temp\~DPA.exe (Trojan.Agent) -> Quarantined and deleted successfully. Log do Hijack: Logfile of HijackThis v1.99.1 Scan saved at 09:09:56, on 8/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\smss32.exe C:\WINDOWS\vVX1000.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\MP4 Player\mp4Player.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Program Files\InternetSecurity2010\IS2010.exe C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Java\jre1.6.0\bin\jucheck.exe C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PIChecker] pichkc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe O4 - Startup: CurseClientStartup.ccip O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.buy-is2010.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.is10-soft-download.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM) O15 - Trusted Zone: http://*.buy-is2010.com (HKLM) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 1. Baixe o WinsockXPFix e salve-o no desktop *Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix. a) Clique em [Reg-Backup] > [OK] > [OK] > [YES] (espere o término) > [OK] B) Clique em [Fix] > [YES] > [OK] > Reinicie o PC 2. *Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona", selecione os sites: http://*.buy-internetsecurity10.comhttp://*.buy-is2010.com http://*.is-software-download.com http://*.is-software-download25.com http://*.is10-soft-download.com *Clique em [Remover] *Clique [Ok] em todas as janelas. 3. *Desative seu antivírus temporariamente Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable". *Baixe o EliStarA *Execute-o. Ao final do processo, cole o relatório criado em C:\infosat.txt e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Onde encontro esse Reg-Backup ? (ele deve ser rodado antes de se fazer o procedimento 2, ou apenas no caso de perder conexao com a internet depois do procedimento 3? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 Onde encontro esse Reg-Backup ? Não entendi...por quê perguntas isso? Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 1. Baixe o WinsockXPFix e salve-o no desktop *Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix. a) Clique em [Reg-Backup] > [OK] > [OK] > [YES] (espere o término) > [OK] Porque no primeiro procedimento você manda eu rodar o reg-backup e eu não tenho isso instalado. Ou eu deveria rodar isso apenas no caso de perder a conexao com a internet? (e no cso o reg-backup seria alguma opção do winsockfix) Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Rodei o elistarA (porém sem rodar o reg-backup e o fix do primeiro procedimento) Segue o log: (8-2-2010 11:37:42 (GMT)) EliStartPage v20.27 ©2010 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2010) -------------------------------------------------- Lista de Acciones (por Acción Directa): [HKLM\...\Run] Por favor, envienos una muestra del fichero C:\WINDOWS\SYSTEM32\SMSS32.EXE a "virus@satinfo.es". Gracias. Por favor, envienos una muestra del fichero C:\Muestras\SMSS32.EXE.Muestra EliStartPage v20.27 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\SMSS32.EXE --> Eliminado Por favor, envienos una muestra del fichero C:\Muestras\WINLOGON32.EXE.Muestra EliStartPage v20.27 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\WINLOGON32.EXE --> Eliminado Por favor, envienos una muestra del fichero C:\Muestras\HELPER32.DLL.Muestra EliStartPage v20.27 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\HELPER32.DLL --> Renombrado a .VIR C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek C:\WINDOWS\SYSTEM32\WARNING.HTML --> Eliminado (Fichero Complementario). C:\Documents and Settings\bossnia\Menu Iniciar\Internet Security 2010.lnk --> Eliminado (Fichero Complementario). C:\Documents and Settings\bossnia\Desktop\Internet Security 2010.lnk --> Eliminado (Fichero Complementario). C:\Documents and Settings\bossnia\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk --> Eliminado (Fichero Complementario). Restaurado WinSock2 (LSPs). Entrada Eliminada [HKLM\...\Run] "Alcmtr"="ALCMTR.EXE" Entrada Eliminada [HKCU\...\Run] "Internet Security 2010"="C:\Program Files\InternetSecurity2010\IS2010.exe" Entrada Eliminada [HKCU\...\Run] "smss32.exe"="C:\WINDOWS\system32\smss32.exe" Entrada Eliminada [HKLM\...\Run] "smss32.exe"="C:\WINDOWS\system32\smss32.exe" Segue o log do hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 09:43:00, on 8/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\vVX1000.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\MP4 Player\mp4Player.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Program Files\InternetSecurity2010\IS2010.exe C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\H02HWV0Q.AR6\AE4CTPN1.XEH\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PIChecker] pichkc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\bossnia\Meus documentos\Downloads\EliStarA.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: CurseClientStartup.ccip O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM) O15 - Trusted Zone: http://*.buy-is2010.com (HKLM) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 Porque no primeiro procedimento você manda eu rodar o reg-backup e eu não tenho isso instalado. Ou eu deveria rodar isso apenas no caso de perder a conexao com a internet? (e no cso o reg-backup seria alguma opção do winsockfix) Leia com atenção: Se a conexão cair ou não for recuperada, após o procedimento 3, execute o WinsockFix. Ou seja, você só irá executar este programa caso após realizar o procedimento 3 a conexão cair ou não for recuperada. A opção [Reg-Backup] é um botão dentro do programa. Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Ok, fiz os procedimentos, só estava com medo de pular alguma parte do procedimento e por isso a dúvida sobre o reg-backup. Os logs postei antes da sua ultima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 OK...vamos continuar. 1. *Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona", selecione os sites: http://*.buy-internetsecurity10.com (HKLM)http://*.buy-is2010.com (HKLM) *Clique em [Remover] *Clique [Ok] em todas as janelas. 2. *Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked] F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe *Feche o hijack 3. *Delete o EliStarA e o relatório C:\infosat.txt 4. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Duplo-clique no arquivo Combofix.exe *Aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo. *Após a instalação, clique em [sIM] para continuar. *Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Meu computador travou depois de executar o combofix, reiniciei e encontrei o arquivo combofix.txt dentro do diretório c:\combofix, segue o log. ComboFix 10-02-07.07 - bossnia 08/02/2010 10:19:24.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2944 [GMT -2:00] Executando de: C:\Documents and Settings\bossnia\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ADS - drivers: deleted 250 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Muestras C:\Muestras\HELPER32.DLL.Muestra EliStartPage v20.27 C:\Muestras\SMSS32.EXE.Muestra EliStartPage v20.27 C:\Muestras\WINLOGON32.EXE.Muestra EliStartPage v20.27 C:\WINDOWS\system32\11478.exe C:\WINDOWS\system32\11942.exe C:\WINDOWS\system32\12382.exe C:\WINDOWS\system32\14604.exe C:\WINDOWS\system32\153.exe C:\WINDOWS\system32\15724.exe C:\WINDOWS\system32\16827.exe C:\WINDOWS\system32\17421.exe C:\WINDOWS\system32\18467.exe C:\WINDOWS\system32\18716.exe C:\WINDOWS\system32\19169.exe C:\WINDOWS\system32\20417.exe C:\WINDOWS\system32\23281.exe C:\WINDOWS\system32\24464.exe C:\WINDOWS\system32\26500.exe C:\WINDOWS\system32\26962.exe C:\WINDOWS\system32\28145.exe C:\WINDOWS\system32\292.exe C:\WINDOWS\system32\29358.exe C:\WINDOWS\system32\2995.exe C:\WINDOWS\system32\31959.exe C:\WINDOWS\system32\32391.exe C:\WINDOWS\system32\3902.exe C:\WINDOWS\system32\41.exe C:\WINDOWS\system32\4827.exe C:\WINDOWS\system32\491.exe C:\WINDOWS\system32\5436.exe C:\WINDOWS\system32\5705.exe C:\WINDOWS\system32\6334.exe C:\WINDOWS\system32\9961.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))) . 2010-02-08 01:53:59 . 2010-02-08 01:53:59 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion 2010-02-08 01:43:17 . 2010-02-08 01:43:17 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-08 01:43:06 . 2010-02-08 01:43:06 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Stardock 2010-02-08 01:06:01 . 2009-11-25 13:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-02-08 01:06:01 . 2009-03-30 11:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys 2010-02-08 01:06:01 . 2009-02-13 13:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-02-08 01:06:01 . 2009-02-13 13:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Arquivos de programas\Avira 2010-02-08 00:49:14 . 2010-02-08 00:49:15 26624 ----a-w- C:\WINDOWS\system32\HELPER32.DLL.VIR 2010-02-02 21:58:25 . 2009-05-18 16:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2010-02-02 21:58:25 . 2008-04-17 15:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll 2010-02-02 21:57:54 . 2010-02-02 21:57:54 -------- d-----w- C:\Arquivos de programas\iPod 2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Arquivos de programas\iTunes 2010-02-02 21:57:31 . 2010-02-02 21:57:31 -------- d-----w- C:\Arquivos de programas\Bonjour 2010-02-02 21:56:18 . 2010-02-02 21:56:18 -------- d-----w- C:\Arquivos de programas\Apple Software Update 2010-02-02 21:55:46 . 2010-02-02 21:57:52 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Apple 2010-02-02 21:55:46 . 2010-02-02 21:55:46 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21:07 . 2010-01-31 01:21:08 -------- d-----w- C:\Arquivos de programas\CDBurnerXP 2010-01-31 01:21:07 . 2009-11-12 15:48:56 7168 ----a-w- C:\WINDOWS\system32\drivers\StarOpen.sys 2010-01-23 01:13:38 . 2007-03-28 14:05:03 35332 ----a-w- C:\WINDOWS\system32\uninst.exe 2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll 2010-01-23 00:40:54 . 2009-07-24 17:05:24 762208 ----a-w- C:\WINDOWS\vVX1000.exe 2010-01-23 00:40:54 . 2009-07-24 17:05:24 676720 ----a-w- C:\WINDOWS\system32\LCCoin30.dll 2010-01-23 00:40:54 . 2009-07-24 17:05:24 1961072 ----a-w- C:\WINDOWS\system32\drivers\VX1000.sys 2010-01-23 00:40:54 . 2009-07-24 17:05:24 175456 ----a-w- C:\WINDOWS\system32\cVX1000.dll 2010-01-22 23:04:54 . 2010-01-22 23:04:54 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Stardock 2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- dc-h--w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} 2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- d-----w- C:\Arquivos de programas\Stardock 2010-01-22 23:04:48 . 2009-10-02 17:59:29 3254528 -c--a-w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe 2010-01-22 21:51:36 . 2010-01-22 21:51:36 72488 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-08 12:20:06 . 2008-04-14 11:00:00 79022 ----a-w- C:\WINDOWS\system32\perfc016.dat 2010-02-08 12:20:06 . 2008-04-14 11:00:00 468108 ----a-w- C:\WINDOWS\system32\perfh016.dat 2010-02-08 01:25:01 . 2009-10-14 03:49:45 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2010-02-08 00:28:32 . 2009-12-18 21:22:29 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Skype 2010-02-07 10:06:30 . 2009-12-11 10:55:06 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat 2010-02-06 10:08:36 . 2008-06-16 21:08:57 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\skypePM 2010-02-02 21:57:21 . 2009-01-10 20:34:20 -------- d-----w- C:\Arquivos de programas\QuickTime 2010-02-02 21:57:01 . 2009-01-10 20:34:19 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2010-01-20 23:38:31 . 2009-04-22 01:51:52 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2010-01-20 23:38:18 . 2009-04-22 01:51:52 -------- d-----w- C:\Arquivos de programas\GbPlugin 2010-01-20 20:28:47 . 2010-01-20 20:28:47 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\LucasArts 2010-01-11 21:45:27 . 2009-06-30 21:32:06 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Ventrilo 2010-01-07 18:07:14 . 2009-10-14 03:49:47 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07:04 . 2009-10-14 03:49:46 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2010-01-02 03:50:04 . 2010-01-02 03:50:04 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\TortoiseSVN 2010-01-02 03:48:46 . 2010-01-02 03:48:46 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Subversion 2010-01-02 03:48:15 . 2010-01-02 03:48:13 -------- d-----w- C:\Arquivos de programas\TortoiseSVN 2010-01-02 03:48:14 . 2009-06-08 22:09:58 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays 2009-12-30 12:59:36 . 2009-04-22 01:52:12 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys 2009-12-27 00:32:10 . 2008-10-26 04:43:16 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2009-12-22 19:57:08 . 2009-12-22 19:57:08 -------- d-----w- C:\Arquivos de programas\Razer 2009-12-19 06:56:21 . 2009-12-19 06:56:21 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\InstallShield 2009-12-18 21:22:27 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Skype 2009-12-18 21:22:27 . 2008-06-16 21:05:35 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2009-12-18 21:22:26 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Skype 2009-12-18 21:08:24 . 2009-12-18 21:07:41 -------- d-----w- C:\Arquivos de programas\NVIDIA Corporation 2009-12-18 21:08:00 . 2009-12-18 21:07:53 -------- d-----w- C:\Arquivos de programas\AGEIA Technologies 2009-12-18 21:07:48 . 2009-06-30 21:30:42 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-12-18 21:07:45 . 2009-12-18 21:07:45 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-12-18 20:53:52 . 2009-12-18 20:53:50 -------- d-----w- C:\Arquivos de programas\ASUS 2009-12-18 20:53:49 . 2008-06-08 02:07:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information 2009-12-10 21:50:16 . 2009-06-02 22:11:11 -------- d-----w- C:\Arquivos de programas\Curse 2009-11-23 15:40:24 . 2009-11-23 15:40:24 114048 ----a-w- C:\WINDOWS\system32\RzMwApi.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 154216 ----a-w- C:\WINDOWS\system32\nvsvc32.exe 2009-11-20 22:32:14 . 2009-11-20 22:32:14 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe 2009-11-20 22:32:14 . 2009-11-20 22:32:14 12669544 ----a-w- C:\WINDOWS\system32\nvcpl.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 110184 ----a-w- C:\WINDOWS\system32\nvmctray.dll 2009-11-20 22:32:10 . 2009-11-20 22:32:10 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll 2009-11-19 23:42:56 . 2008-06-08 02:04:22 592488 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE . ------- Sigcheck ------- [-] 2008-05-27 21:39:16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\tcpip.sys [-] 2008-05-27 21:39:27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34:46 5724184] "Google Update"="C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 20:26:51 133104] "DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560] "MP4 Player"="C:\Arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 13:00:50 639488] "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 19:45:34 22058792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 01:55:49 77824] "googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 09:32:14 18085888] "Six Engine"="C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 21:17:54 5634560] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 22:32:14 12669544] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 22:32:14 110184] "VX1000"="C:\WINDOWS\vVX1000.exe" [2009-07-24 17:05:24 762208] "QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 01:08:18 417792] "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 21:16:42 141608] "avgnt"="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 14:08:47 209153] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GbPluginBb"="C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2009-12-30 12:58:48 318240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 11:00:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-27 21:38:14 123904] C:\Documents and Settings\bossnia\Menu Iniciar\Programas\Inicializar\ CurseClientStartup.ccip [2009-12-10 0] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 23:35:38 87352 ----a-w- C:\WINDOWS\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"= "C:\\Arquivos de programas\\Curse\\CurseClient.exe"= "C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"= "C:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\iTunes\\iTunes.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [21/4/2009 23:52:12 30752] R2 AntiVirSchedulerService;Avira AntiVir Programador;C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06:00 108289] R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [21/4/2009 23:52:12 54048] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20:10 47640] S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [25/1/2009 12:52:45 717296] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys --> C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [?] S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [19/12/2009 04:55:06 1684736] S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\drivers\whfltr2k.sys [1/1/2009 02:51:47 7109] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Conteúdo da pasta 'Tarefas Agendadas' . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local Trusted Zone: buy-internetsecurity10.com Trusted Zone: buy-is2010.com DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\ FF - prefs.js: browser.startup.homepage - www.google.com/ncr FF - component: C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava11.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava12.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava13.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava14.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava32.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npoji610.dll ---- FIREFOX POLICIES ---- C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-PIChecker - pichkc.exe HKLM-Run-LogMeIn GUI - C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe HKLM-Run-nwiz - nwiz.exe AddRemove-Codec pack Base (DivX, Xvid, 3ivx) - C:\WINDOWS\system32\uninst Codec pack Base (DivX AddRemove-NVIDIA Display Control Panel - C:\Arquivos de programas\NVIDIA Corporation\Uninstall\nvuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-08 10:22:11 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(772) C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll C:\WINDOWS\system32\LMIinit.dll . Tempo para conclusão: 2010-02-08 10:23:29 ComboFix-quarantined-files.txt 2010-02-08 12:23:15 Pré-execução: 4.103.659.520 bytes disponíveis Pós execução: 6.975.746.048 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 462236F59206DD631FE74D21B245211B Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 1. *Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona" selecione buy-internetsecurity10.combuy-is2010.com *Clique em [Remover] *Clique [Ok] em todas as janelas. 2. *Envie o arquivo abaixo para análise em http://virscan.org C:\WINDOWS\system32\RzMwApi.dll *Cole o link contendo o resultado da análise e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 1. *Abra o Internet Explorer, clique em [Ferramentas] > [Opções da Internet] > [segurança] > [sites Confiáveis] > [sites], no campo "Adicionar este site à zona" selecione buy-internetsecurity10.combuy-is2010.com *Clique em [Remover] *Clique [Ok] em todas as janelas. Não fui capaz de executar o passo 1 pois a lista de sites confiáveis está vazia. Segue o log do site de verificação: VirSCAN.org Scanned Report : Scanned time : 2010/02/08 09:23:17 (ACT) Scanner results: Todos os softwares reportaram que não encontraram códigos maliciosos! File Name : RzMwApi.dll File Size : 114048 byte File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : fce292a0f4a2eb0a4485e571f9c51045 SHA1 : cd06180954d756e1724f73069c21e58372c69205 Online report : http://virscan.org/report/8d3a0e82f37f4c89aa527d85c744d81f.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100206001945 2010-02-06 43.12 - AhnLab V3 2010.02.08.00 2010.02.08 2010-02-08 40.13 - AntiVir 8.2.1.160 7.10.3.237 2010-02-08 0.33 - Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 - Arcavir 2009 201002080201 2010-02-08 0.05 - Authentium 5.1.1 201002081015 2010-02-08 1.55 - AVAST! 4.7.4 100208-0 2010-02-08 0.01 - AVG 8.5.720 271.1.1/2660 2010-02-01 5.21 - BitDefender 7.81008.5034492 7.30281 2010-02-08 5.17 - ClamAV 0.95.3 10363 2010-02-07 0.03 - Comodo 3.13.579 3409 2010-02-08 40.12 - CP Secure 1.3.0.5 2010.02.08 2010-02-08 0.08 - Dr.Web 5.0.1.12222 2010.02.08 2010-02-08 5.16 - F-Prot 4.4.4.56 20100208 2010-02-08 1.42 - F-Secure 7.02.73807 2010.02.08.09 2010-02-08 0.12 - Fortinet 11.472- 11.472 2010-02-08 40.13 - GData 19.10381/19.738 20100208 2010-02-08 40.13 - ViRobot 20100208 2010.02.08 2010-02-08 40.13 - Ikarus T3.1.01.80 2010.02.08.75136 2010-02-08 4.48 - JiangMin 13.0.900 2010.02.08 2010-02-08 40.12 - Kaspersky 5.5.10 2010.02.08 2010-02-08 0.07 - KingSoft 2009.2.5.15 2010.2.8.17 2010-02-08 40.13 - McAfee 5.3.00 5885 2010-02-07 3.51 - Microsoft 1.5406 2010.02.08 2010-02-08 40.13 - Norman 6.01.09 6.01.00 2010-01-16 4.00 - Panda 9.05.01 2010.02.05 2010-02-05 40.12 - Trend Micro 9.120-1004 6.834.05 2010-02-08 0.03 - Quick Heal 10.00 2010.02.08 2010-02-08 40.13 - Rising 20.0 22.34.00.04 2010-02-08 43.12 - Sophos 3.04.1 4.50 2010-02-08 3.55 - Sunbelt 3.9.2400.2 5663 2010-02-07 40.13 - Symantec 1.3.0.24 20100201.009 2010-02-01 0.02 - nProtect 20100207.01 7182772 2010-02-07 40.12 - The Hacker 6.5.1.1 v00183 2010-02-08 40.13 - VBA32 3.12.12.1 20100207.2056 2010-02-07 2.51 - VirusBuster 4.5.11.10 10.119.44/2022653 2010-02-08 2.48 - Novo log do Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 12:36:05, on 8/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\MP4 Player\mp4Player.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\18GYN2HW.WN7\94XBE99P.ROO\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PIChecker] pichkc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: CurseClientStartup.ccip O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM) O15 - Trusted Zone: http://*.buy-is2010.com (HKLM) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 OK... 1. *Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked] O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) *Feche o hijack 2. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::C:\WINDOWS\system32\HELPER32.DLL.VIR DDS:: Trusted Zone: buy-internetsecurity10.com Trusted Zone: buy-is2010.com *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt e novo log do hijack . Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 Rodei o combofix como requsitado (porém não havia nada sobre os trusted sites quando copiei od dados do cscript.txt), vou rodar novamente com estes dados agora.. segue o log do combofix ComboFix 10-02-07.08 - bossnia 08/02/2010 12:56:33.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2713 [GMT -2:00] Executando de: C:\Documents and Settings\bossnia\Desktop\ComboFix.exe Comandos utilizados :: C:\Documents and Settings\bossnia\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ADS - drivers: deleted 204 bytes in 1 streams. (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))) . 2010-02-08 14:20:09 . 2009-08-06 21:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll 2010-02-08 14:20:09 . 2009-08-06 21:23:46 215920 ----a-w- C:\WINDOWS\system32\muweb.dll 2010-02-08 01:53:59 . 2010-02-08 01:53:59 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion 2010-02-08 01:43:17 . 2010-02-08 01:43:17 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-08 01:43:06 . 2010-02-08 01:43:06 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Stardock 2010-02-08 01:06:01 . 2009-11-25 13:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-02-08 01:06:01 . 2009-03-30 11:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys 2010-02-08 01:06:01 . 2009-02-13 13:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-02-08 01:06:01 . 2009-02-13 13:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2010-02-08 01:05:59 . 2010-02-08 01:05:59 -------- d-----w- C:\Arquivos de programas\Avira 2010-02-08 00:49:14 . 2010-02-08 00:49:15 26624 ----a-w- C:\WINDOWS\system32\HELPER32.DLL.VIR 2010-02-02 21:58:25 . 2009-05-18 16:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2010-02-02 21:58:25 . 2008-04-17 15:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll 2010-02-02 21:57:54 . 2010-02-02 21:57:54 -------- d-----w- C:\Arquivos de programas\iPod 2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-02 21:57:50 . 2010-02-02 21:58:25 -------- d-----w- C:\Arquivos de programas\iTunes 2010-02-02 21:57:31 . 2010-02-02 21:57:31 -------- d-----w- C:\Arquivos de programas\Bonjour 2010-02-02 21:56:18 . 2010-02-02 21:56:18 -------- d-----w- C:\Arquivos de programas\Apple Software Update 2010-02-02 21:55:46 . 2010-02-02 21:57:52 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Apple 2010-02-02 21:55:46 . 2010-02-02 21:55:46 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21:13 . 2010-01-31 01:21:13 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21:07 . 2010-01-31 01:21:08 -------- d-----w- C:\Arquivos de programas\CDBurnerXP 2010-01-31 01:21:07 . 2009-11-12 15:48:56 7168 ----a-w- C:\WINDOWS\system32\drivers\StarOpen.sys 2010-01-23 01:13:38 . 2007-03-28 14:05:03 35332 ----a-w- C:\WINDOWS\system32\uninst.exe 2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2010-01-23 00:41:59 . 2008-04-13 21:20:42 54784 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll 2010-01-23 00:40:54 . 2009-07-24 17:05:24 762208 ----a-w- C:\WINDOWS\vVX1000.exe 2010-01-23 00:40:54 . 2009-07-24 17:05:24 676720 ----a-w- C:\WINDOWS\system32\LCCoin30.dll 2010-01-23 00:40:54 . 2009-07-24 17:05:24 1961072 ----a-w- C:\WINDOWS\system32\drivers\VX1000.sys 2010-01-23 00:40:54 . 2009-07-24 17:05:24 175456 ----a-w- C:\WINDOWS\system32\cVX1000.dll 2010-01-22 23:04:54 . 2010-01-22 23:04:54 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Stardock 2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- dc-h--w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} 2010-01-22 23:04:48 . 2010-01-22 23:04:48 -------- d-----w- C:\Arquivos de programas\Stardock 2010-01-22 23:04:48 . 2009-10-02 17:59:29 3254528 -c--a-w- C:\Documents and Settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe 2010-01-22 21:51:36 . 2010-01-22 21:51:36 72488 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-08 15:00:29 . 2009-12-18 21:22:29 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Skype 2010-02-08 14:53:10 . 2008-04-14 11:00:00 79022 ----a-w- C:\WINDOWS\system32\perfc016.dat 2010-02-08 14:53:10 . 2008-04-14 11:00:00 468108 ----a-w- C:\WINDOWS\system32\perfh016.dat 2010-02-08 13:49:11 . 2008-06-16 21:08:57 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\skypePM 2010-02-08 01:25:01 . 2009-10-14 03:49:45 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2010-02-07 10:06:30 . 2009-12-11 10:55:06 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat 2010-02-02 21:57:21 . 2009-01-10 20:34:20 -------- d-----w- C:\Arquivos de programas\QuickTime 2010-02-02 21:57:01 . 2009-01-10 20:34:19 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2010-01-20 23:38:31 . 2009-04-22 01:51:52 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2010-01-20 23:38:18 . 2009-04-22 01:51:52 -------- d-----w- C:\Arquivos de programas\GbPlugin 2010-01-20 20:28:47 . 2010-01-20 20:28:47 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\LucasArts 2010-01-11 21:45:27 . 2009-06-30 21:32:06 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Ventrilo 2010-01-07 18:07:14 . 2009-10-14 03:49:47 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07:04 . 2009-10-14 03:49:46 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2010-01-02 03:50:04 . 2010-01-02 03:50:04 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\TortoiseSVN 2010-01-02 03:48:46 . 2010-01-02 03:48:46 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\Subversion 2010-01-02 03:48:15 . 2010-01-02 03:48:13 -------- d-----w- C:\Arquivos de programas\TortoiseSVN 2010-01-02 03:48:14 . 2009-06-08 22:09:58 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays 2009-12-30 12:59:36 . 2009-04-22 01:52:12 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys 2009-12-27 00:32:10 . 2008-10-26 04:43:16 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2009-12-22 19:57:08 . 2009-12-22 19:57:08 -------- d-----w- C:\Arquivos de programas\Razer 2009-12-19 06:56:21 . 2009-12-19 06:56:21 -------- d-----w- C:\Documents and Settings\bossnia\Dados de aplicativos\InstallShield 2009-12-18 21:22:27 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Skype 2009-12-18 21:22:27 . 2008-06-16 21:05:35 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2009-12-18 21:22:26 . 2009-12-18 21:22:26 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Skype 2009-12-18 21:08:24 . 2009-12-18 21:07:41 -------- d-----w- C:\Arquivos de programas\NVIDIA Corporation 2009-12-18 21:08:00 . 2009-12-18 21:07:53 -------- d-----w- C:\Arquivos de programas\AGEIA Technologies 2009-12-18 21:07:48 . 2009-06-30 21:30:42 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-12-18 21:07:45 . 2009-12-18 21:07:45 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-12-18 20:53:52 . 2009-12-18 20:53:50 -------- d-----w- C:\Arquivos de programas\ASUS 2009-12-18 20:53:49 . 2008-06-08 02:07:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information 2009-12-10 21:50:16 . 2009-06-02 22:11:11 -------- d-----w- C:\Arquivos de programas\Curse 2009-11-23 15:40:24 . 2009-11-23 15:40:24 114048 ----a-w- C:\WINDOWS\system32\RzMwApi.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 154216 ----a-w- C:\WINDOWS\system32\nvsvc32.exe 2009-11-20 22:32:14 . 2009-11-20 22:32:14 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe 2009-11-20 22:32:14 . 2009-11-20 22:32:14 12669544 ----a-w- C:\WINDOWS\system32\nvcpl.dll 2009-11-20 22:32:14 . 2009-11-20 22:32:14 110184 ----a-w- C:\WINDOWS\system32\nvmctray.dll 2009-11-20 22:32:10 . 2009-11-20 22:32:10 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll 2009-11-19 23:42:56 . 2008-06-08 02:04:22 592488 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE . ------- Sigcheck ------- [-] 2008-05-27 21:39:16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\tcpip.sys [-] 2008-05-27 21:39:27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-08_12.22.13 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-16 21:12:58 . 2009-08-06 21:24:10 44768 C:\WINDOWS\system32\wups2.dll + 2008-06-08 01:51:30 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\wups.dll + 2008-06-08 01:51:30 . 2009-08-06 21:24:06 53472 C:\WINDOWS\system32\wuauclt.exe + 2010-02-08 14:20:05 . 2009-08-06 21:24:10 44768 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-02-08 14:20:05 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-04-14 11:00:00 . 2010-02-08 14:53:10 67312 C:\WINDOWS\system32\perfc009.dat - 2008-04-14 11:00:00 . 2010-02-08 12:20:06 67312 C:\WINDOWS\system32\perfc009.dat + 2008-06-08 01:51:30 . 2009-08-06 21:24:10 35552 C:\WINDOWS\system32\dllcache\wups.dll + 2008-06-08 01:51:30 . 2009-08-06 21:24:06 53472 C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-04-14 11:00:00 . 2009-08-06 21:24:04 96480 C:\WINDOWS\system32\dllcache\cdm.dll + 2008-04-14 11:00:00 . 2009-08-06 21:24:04 96480 C:\WINDOWS\system32\cdm.dll + 2008-06-08 01:51:31 . 2009-08-06 21:24:18 209632 C:\WINDOWS\system32\wuweb.dll + 2008-06-08 01:51:30 . 2009-08-06 21:24:18 327896 C:\WINDOWS\system32\wucltui.dll + 2008-06-08 01:51:30 . 2009-08-06 21:23:54 575704 C:\WINDOWS\system32\wuapi.dll - 2008-04-14 11:00:00 . 2010-02-08 12:20:06 432356 C:\WINDOWS\system32\perfh009.dat + 2008-04-14 11:00:00 . 2010-02-08 14:53:10 432356 C:\WINDOWS\system32\perfh009.dat + 2008-06-08 01:51:31 . 2009-08-06 21:24:18 209632 C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-06-08 01:51:30 . 2009-08-06 21:24:18 327896 C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-06-08 01:51:30 . 2009-08-06 21:23:54 575704 C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-06-08 01:51:30 . 2009-08-06 21:23:46 1929952 C:\WINDOWS\system32\wuaueng.dll + 2008-06-08 01:51:30 . 2009-08-06 21:23:46 1929952 C:\WINDOWS\system32\dllcache\wuaueng.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55:46 85768 ----a-w- C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34:46 5724184] "Google Update"="C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 20:26:51 133104] "DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560] "MP4 Player"="C:\Arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 13:00:50 639488] "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 19:45:34 22058792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 01:55:49 77824] "googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648] "PIChecker"="pichkc.exe" [bU] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 09:32:14 18085888] "Six Engine"="C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 21:17:54 5634560] "nwiz"="nwiz.exe" [bU] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 22:32:14 12669544] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 22:32:14 110184] "QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 01:08:18 417792] "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 21:16:42 141608] "avgnt"="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 14:08:47 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 11:00:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-27 21:38:14 123904] C:\Documents and Settings\bossnia\Menu Iniciar\Programas\Inicializar\ CurseClientStartup.ccip [2009-12-10 0] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 23:35:38 87352 ----a-w- C:\WINDOWS\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"= "C:\\Arquivos de programas\\Curse\\CurseClient.exe"= "C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"= "C:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\iTunes\\iTunes.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [21/4/2009 23:52:12 30752] R2 AntiVirSchedulerService;Avira AntiVir Programador;C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06:00 108289] R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [21/4/2009 23:52:12 54048] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20:10 47640] S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [25/1/2009 12:52:45 717296] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys --> C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [?] S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [19/12/2009 04:55:06 1684736] S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\drivers\whfltr2k.sys [1/1/2009 02:51:47 7109] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\ FF - prefs.js: browser.startup.homepage - www.google.com/ncr FF - component: C:\Documents and Settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava11.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava12.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava13.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava14.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjava32.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: C:\Arquivos de programas\Java\jre1.6.0\bin\npoji610.dll ---- FIREFOX POLICIES ---- C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-08 13:00:25 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(776) C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll C:\WINDOWS\system32\LMIinit.dll - - - - - - - > 'explorer.exe'(2848) C:\Arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll C:\Arquivos de programas\TortoiseGit\bin\TortoiseGit.dll C:\Arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll C:\Arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll C:\Arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll C:\WINDOWS\system32\ieframe.dll C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll c:\arquivos de programas\stardock\fences\DesktopDock.dll C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\PortableDeviceTypes.dll C:\WINDOWS\system32\PortableDeviceApi.dll C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll . Tempo para conclusão: 2010-02-08 13:01:38 ComboFix-quarantined-files.txt 2010-02-08 15:01:22 Pré-execução: 6.984.732.672 bytes disponíveis Pós execução: 6.971.179.008 bytes disponíveis - - End Of File - - 0D9AD59827E54AB304781B2D8E146D26 Log novo do hijack: Logfile of HijackThis v1.99.1 Scan saved at 13:05:28, on 8/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\MP4 Player\mp4Player.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Documents and Settings\bossnia\Configurações locais\Apps\2.0\18GYN2HW.WN7\94XBE99P.ROO\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\TortoiseGit\bin\TGitCache.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\bossnia\Desktop\desktop antigo\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PIChecker] pichkc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MP4 Player] "C:\Arquivos de programas\MP4 Player\mp4Player.exe" hmw O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: CurseClientStartup.ccip O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo. Não se esqueça de incluir o comando File:: no script!! File::C:\WINDOWS\system32\HELPER32.DLL.VIR *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
bossnia 0 Denunciar post Postado Fevereiro 8, 2010 ComboFix 10-02-07.08 - bossnia 08/02/2010 13:12:15.4.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2748 [GMT -2:00] Executando de: c:\documents and settings\bossnia\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\bossnia\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\HELPER32.DLL.VIR" . ADS - drivers: deleted 204 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\HELPER32.DLL.VIR . (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))) . 2010-02-08 15:12 . 2010-02-08 15:12 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS 2010-02-08 14:20 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-02-08 14:20 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-02-08 01:53 . 2010-02-08 01:53 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Subversion 2010-02-08 01:43 . 2010-02-08 01:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-08 01:43 . 2010-02-08 01:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Stardock 2010-02-08 01:06 . 2009-11-25 13:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-08 01:06 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-08 01:06 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-08 01:06 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-08 01:05 . 2010-02-08 01:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-02-08 01:05 . 2010-02-08 01:05 -------- d-----w- c:\arquivos de programas\Avira 2010-02-02 21:58 . 2009-05-18 16:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-02-02 21:58 . 2008-04-17 15:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-02-02 21:57 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\iPod 2010-02-02 21:57 . 2010-02-02 21:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-02 21:57 . 2010-02-02 21:58 -------- d-----w- c:\arquivos de programas\iTunes 2010-02-02 21:57 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\Bonjour 2010-02-02 21:56 . 2010-02-02 21:56 -------- d-----w- c:\arquivos de programas\Apple Software Update 2010-02-02 21:55 . 2010-02-02 21:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-02-02 21:55 . 2010-02-02 21:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited 2010-01-31 01:21 . 2010-01-31 01:21 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2010-01-31 01:21 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-01-23 01:13 . 2007-03-28 14:05 35332 ----a-w- c:\windows\system32\uninst.exe 2010-01-23 00:41 . 2008-04-13 21:20 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2010-01-23 00:41 . 2008-04-13 21:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll 2010-01-23 00:40 . 2009-07-24 17:05 762208 ----a-w- c:\windows\vVX1000.exe 2010-01-23 00:40 . 2009-07-24 17:05 676720 ----a-w- c:\windows\system32\LCCoin30.dll 2010-01-23 00:40 . 2009-07-24 17:05 1961072 ----a-w- c:\windows\system32\drivers\VX1000.sys 2010-01-23 00:40 . 2009-07-24 17:05 175456 ----a-w- c:\windows\system32\cVX1000.dll 2010-01-22 23:04 . 2010-01-22 23:04 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Stardock 2010-01-22 23:04 . 2010-01-22 23:04 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} 2010-01-22 23:04 . 2010-01-22 23:04 -------- d-----w- c:\arquivos de programas\Stardock 2010-01-22 23:04 . 2009-10-02 17:59 3254528 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe 2010-01-22 21:51 . 2010-01-22 21:51 72488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-08 15:14 . 2008-04-14 11:00 79022 ----a-w- c:\windows\system32\perfc016.dat 2010-02-08 15:14 . 2008-04-14 11:00 468108 ----a-w- c:\windows\system32\perfh016.dat 2010-02-08 15:00 . 2009-12-18 21:22 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Skype 2010-02-08 13:49 . 2008-06-16 21:08 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\skypePM 2010-02-08 01:25 . 2009-10-14 03:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-02-07 10:06 . 2009-12-11 10:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-02 21:57 . 2009-01-10 20:34 -------- d-----w- c:\arquivos de programas\QuickTime 2010-02-02 21:57 . 2009-01-10 20:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-20 23:38 . 2009-04-22 01:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2010-01-20 23:38 . 2009-04-22 01:51 -------- d-----w- c:\arquivos de programas\GbPlugin 2010-01-20 20:28 . 2010-01-20 20:28 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\LucasArts 2010-01-11 21:45 . 2009-06-30 21:32 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Ventrilo 2010-01-07 18:07 . 2009-10-14 03:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07 . 2009-10-14 03:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 03:50 . 2010-01-02 03:50 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\TortoiseSVN 2010-01-02 03:48 . 2010-01-02 03:48 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\Subversion 2010-01-02 03:48 . 2010-01-02 03:48 -------- d-----w- c:\arquivos de programas\TortoiseSVN 2010-01-02 03:48 . 2009-06-08 22:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays 2009-12-30 12:59 . 2009-04-22 01:52 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2009-12-27 00:32 . 2008-10-26 04:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-12-22 19:57 . 2009-12-22 19:57 -------- d-----w- c:\arquivos de programas\Razer 2009-12-19 06:56 . 2009-12-19 06:56 -------- d-----w- c:\documents and settings\bossnia\Dados de aplicativos\InstallShield 2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- c:\arquivos de programas\Skype 2009-12-18 21:22 . 2008-06-16 21:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-12-18 21:22 . 2009-12-18 21:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-12-18 21:08 . 2009-12-18 21:07 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2009-12-18 21:08 . 2009-12-18 21:07 -------- d-----w- c:\arquivos de programas\AGEIA Technologies 2009-12-18 21:07 . 2009-06-30 21:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-12-18 21:07 . 2009-12-18 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-12-18 20:53 . 2009-12-18 20:53 -------- d-----w- c:\arquivos de programas\ASUS 2009-12-18 20:53 . 2008-06-08 02:07 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-12-10 21:50 . 2009-06-02 22:11 -------- d-----w- c:\arquivos de programas\Curse 2009-11-23 15:40 . 2009-11-23 15:40 114048 ----a-w- c:\windows\system32\RzMwApi.dll 2009-11-20 22:32 . 2009-11-20 22:32 278120 ----a-w- c:\windows\system32\nvmccs.dll 2009-11-20 22:32 . 2009-11-20 22:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2009-11-20 22:32 . 2009-11-20 22:32 145000 ----a-w- c:\windows\system32\nvcolor.exe 2009-11-20 22:32 . 2009-11-20 22:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll 2009-11-20 22:32 . 2009-11-20 22:32 110184 ----a-w- c:\windows\system32\nvmctray.dll 2009-11-20 22:32 . 2009-11-20 22:32 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-11-19 23:42 . 2008-06-08 02:04 592488 ----a-w- c:\windows\system32\NVUNINST.EXE . ------- Sigcheck ------- [-] 2008-05-27 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-05-27 . 14170C297963AC4F5775CA678B4D6E4B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-08_12.22.13 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-16 21:12 . 2009-08-06 21:24 44768 c:\windows\system32\wups2.dll + 2008-06-08 01:51 . 2009-08-06 21:24 35552 c:\windows\system32\wups.dll + 2008-06-08 01:51 . 2009-08-06 21:24 53472 c:\windows\system32\wuauclt.exe + 2010-02-08 14:20 . 2009-08-06 21:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-02-08 14:20 . 2009-08-06 21:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-04-14 11:00 . 2010-02-08 15:14 67312 c:\windows\system32\perfc009.dat - 2008-04-14 11:00 . 2010-02-08 12:20 67312 c:\windows\system32\perfc009.dat + 2008-06-08 01:51 . 2009-08-06 21:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-06-08 01:51 . 2009-08-06 21:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 11:00 . 2009-08-06 21:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 11:00 . 2009-08-06 21:24 96480 c:\windows\system32\cdm.dll + 2008-06-08 01:51 . 2009-08-06 21:24 209632 c:\windows\system32\wuweb.dll + 2008-06-08 01:51 . 2009-08-06 21:24 327896 c:\windows\system32\wucltui.dll + 2008-06-08 01:51 . 2009-08-06 21:23 575704 c:\windows\system32\wuapi.dll - 2008-04-14 11:00 . 2010-02-08 12:20 432356 c:\windows\system32\perfh009.dat + 2008-04-14 11:00 . 2010-02-08 15:14 432356 c:\windows\system32\perfh009.dat + 2008-06-08 01:51 . 2009-08-06 21:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2008-06-08 01:51 . 2009-08-06 21:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-06-08 01:51 . 2009-08-06 21:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2008-06-08 01:51 . 2009-08-06 21:23 1929952 c:\windows\system32\wuaueng.dll + 2008-06-08 01:51 . 2009-08-06 21:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2009-08-13 20:55 85768 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Google Update"="c:\documents and settings\bossnia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "MP4 Player"="c:\arquivos de programas\MP4 Player\mp4Player.exe" [2007-09-19 639488] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-04-23 22058792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-06-08 77824] "googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PIChecker"="pichkc.exe" [bU] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888] "Six Engine"="c:\arquivos de programas\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-13 5634560] "nwiz"="nwiz.exe" [bU] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 141608] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-27 123904] c:\documents and settings\bossnia\Menu Iniciar\Programas\Inicializar\ CurseClientStartup.ccip [2009-12-10 0] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\arquivos de programas\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-12-30 12:58 318240 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Curse\\CurseClient.exe"= "c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [21/4/2009 23:52 30752] R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/2/2010 23:06 108289] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [21/4/2009 23:52 54048] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [28/5/2009 01:20 47640] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys --> c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/12/2009 04:55 1684736] S3 whfltr2k;e-WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/1/2009 02:51 7109] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/1/2009 12:52 717296] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\ FF - prefs.js: browser.startup.homepage - www.google.com/ncr FF - component: c:\documents and settings\bossnia\Dados de aplicativos\Mozilla\Firefox\Profiles\vip1ajqf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\arquivos de programas\Java\jre1.6.0\bin\npoji610.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-08 13:16 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(772) c:\arquivos de programas\GBPLUGIN\gbieh.dll c:\windows\system32\LMIinit.dll . Tempo para conclusão: 2010-02-08 13:17:37 ComboFix-quarantined-files.txt 2010-02-08 15:17 Pré-execução: 6.984.699.904 bytes disponíveis Pós execução: 6.972.092.416 bytes disponíveis - - End Of File - - CD720D684205D5A97FA39C298B393665 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 OK...o log está limpo. 1. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Surgirá a mensagem: "ComboFix está desinstalado" *Clique [OK] *Delete o arquivo C:\combofix.txt 2. *Execute o Malwarebytes através do ícone criado no desktop na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo] *Clique na aba [Logs], selecione o relatório e clique em [Remover] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 8, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
