Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

João Prado

[Arquivado] Informações sobre essclis.dll

Recommended Posts

Olá colegas moderadores/analistas, um dos computadores aqui da empresa esta constando este arquivo (C:\WINDOWS\system32\wbem\essclis.dll) como vírus. Utilizando o AVG eu já o removi diversas vezes, removi diretamente o arquivo, atualizei o windows, fiz uma limpeza com o Advanced SystemCare 3 e até agora nada.

 

Alguém poderia me dar maiores esclarecimentos do que é este vírus e o que ele pode causar?

 

 

Editado-

 

A descrição que aparece na verificação do AVG é esta:

Cavalo de Tróia PSW.Banker5.BCPN

 

 

Agradeço desde já

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seria melhor fazer uma limpeza seguindo orientações de nossos analistas

 

Para isso post um log conforme regra 02 deste forum

Compartilhar este post


Link para o post
Compartilhar em outros sites

Certo Mario, minha intenção era saber do que se trata e conforme o risco eu postava aqui ou tentava uma remoção por conta própria.

 

Como não houve resposta vou postar o log.

 

Logfile of HijackThis v1.99.1

Scan saved at 14:58:48, on 10/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wmiapsrv.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\CIS\MinyScanHome\MinyScanHome.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NetLogom.exe

G:\SOFTWARES PETROPOL\SPYWARE\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.106:8080

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: Windows® Internet Explorer - {6063D70C-1E80-42AC-BEA2-407A2C2AFB9E} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows® Internet Explorer - {83082478-BFAD-4D4A-B4ED-3C280EC37BA1} - C:\WINDOWS\system32\wbem\essclis.dll

O2 - BHO: Windows® Internet Explorer - {C360759E-15FF-4255-91A2-618BDC7107D9} - C:\WINDOWS\system32\wbem\essclis.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll

O2 - BHO: Windows® Internet Explorer - {C8FCD479-0339-45BF-B1D5-F4ACFE435261} - (no file)

O2 - BHO: Windows® Internet Explorer - {C93696F9-0D03-49E0-9645-C468C7E436DD} - (no file)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O2 - BHO: Windows® Internet Explorer - {F1B6A564-539A-4107-AA75-CFFD32675660} - (no file)

O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: MinyScanHome.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\Software\..\Telephony: DomainName = petropol.polimeros

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = petropol.polimeros

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

O23 - Service: bgsserv - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cartão inteligente SCardSvrGbpSv (SCardSvrGbpSv) - Unknown owner - C:\WINDOWS\system32\1041r.exe (file missing)

 

 

 

Aguardo resposta

abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! João Prado

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta 'pedirá' reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

mbam-log2010-06-11 (09-18-10)

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4188

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

11/6/2010 09:18:10

mbam-log-2010-06-11 (09-18-10).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 277046

Tempo decorrido: 1 hora(s), 0 minuto(s), 33 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 1

Chaves de Registro Infectadas: 13

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 4

Pastas Infectadas: 9

Arquivos Infectados: 51

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

C:\WINDOWS\system32\wbem\essclis.dll (Malware.Packer.Gen) -> No action taken.

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iff9lmvf (Adware.LoudMo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{83082478-bfad-4d4a-b4ed-3c280ec37ba1} (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83082478-bfad-4d4a-b4ed-3c280ec37ba1} (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83082478-bfad-4d4a-b4ed-3c280ec37ba1} (Malware.Packer.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83082478-bfad-4d4a-b4ed-3c280ec37ba1} (Malware.Packer.Gen) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c360759e-15ff-4255-91a2-618bdc7107d9} (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c360759e-15ff-4255-91a2-618bdc7107d9} (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c360759e-15ff-4255-91a2-618bdc7107d9} (Malware.Packer.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c360759e-15ff-4255-91a2-618bdc7107d9} (Malware.Packer.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

 

Pastas Infectadas:

C:\Arquivos de programas\FLV Direct Player (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> No action taken.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FLV Direct Player (Adware.FLVPlayer) -> No action taken.

 

Arquivos Infectados:

C:\Documents and Settings\bruna\FLVDirect.exe (Adware.MediaPass) -> No action taken.

C:\Documents and Settings\joao.veloso\Configurações locais\Temp\TMP7.tmp (Trojan.Dropper) -> No action taken.

C:\Documents and Settings\joao.veloso\Configurações locais\Temp\TMPA2.tmp (Trojan.Dropper) -> No action taken.

C:\Arquivos de programas\Atendimento On-line Grátis\helpdesk.exe (Spyware.Passwords) -> No action taken.

C:\Arquivos de programas\Atendimento On-line Grátis\helpdeskold.exe (Spyware.Passwords) -> No action taken.

C:\Arquivos de programas\Mozilla Firefox\extensions\{03648fb1-36e4-8178-eb89-d796c8086b85}\components\_4-64H9tz5A_px4.dll (Adware.BHO) -> No action taken.

C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP255\A0087501.dll (Malware.Packer.Gen) -> No action taken.

C:\WINDOWS\system32\iFF9lMVf.exe (Adware.LoudMo) -> No action taken.

C:\WINDOWS\system32\wbem\essclis.dll (Malware.Packer.Gen) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\player.dat (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\preload.swf (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> No action taken.

C:\Arquivos de programas\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> No action taken.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken.

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken.

 

 

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

Novo log HiJackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:24:49, on 11/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\WINDOWS\system32\wmiapsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\CIS\MinyScanHome\MinyScanHome.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

G:\SOFTWARES PETROPOL\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.106:8080

O2 - BHO: Windows® Internet Explorer - {6063D70C-1E80-42AC-BEA2-407A2C2AFB9E} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows® Internet Explorer - {C360759E-15FF-4255-91A2-618BDC7107D9} - C:\WINDOWS\system32\wbem\essclis.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll

O2 - BHO: Windows® Internet Explorer - {C8FCD479-0339-45BF-B1D5-F4ACFE435261} - (no file)

O2 - BHO: Windows® Internet Explorer - {C93696F9-0D03-49E0-9645-C468C7E436DD} - (no file)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O2 - BHO: Windows® Internet Explorer - {F1B6A564-539A-4107-AA75-CFFD32675660} - (no file)

O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: MinyScanHome.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\Software\..\Telephony: DomainName = petropol.polimeros

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = petropol.polimeros

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

O23 - Service: bgsserv - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cartão inteligente SCardSvrGbpSv (SCardSvrGbpSv) - Unknown owner - C:\WINDOWS\system32\1041r.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

/////////// Boa Noite! João Prado \\\\\\\\\\\\

 

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<!> Execute,novamente,o Malwarebytes e remova todos os ítens que foram detectados.

<!> Ps: Poste,à seguir,o relatório!

00000000000000000

ooooooooooooooooo

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este último passo é realmente necessário?

 

O que estava acontecendo é que o AVG acusava de 5 em 5 minutos o bendito vírus mas depois de remover os arquivos infectados com o malwarebytes não apareceu mais.

 

A remoção foi feita hoje pela manhã e até o final do dia não apareceu o alerta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! João Prado

 

Este último passo é realmente necessário?

<!> Sim! Mas...pode ser substituído,em sua função diagnóstico,pelo scan da ferramenta OTL.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
<!> Execute,novamente,o Malwarebytes e remova todos os ítens que foram detectados.

<!> Ps: Poste,à seguir,o relatório!

 

Já havia deletado antes, e o log se encontra no post anterior

 

 

Log ComboFix

 

ComboFix 10-06-13.04 - bruna 14/06/2010 13:14:29.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.426 [GMT -3:00]

Executando de: c:\documents and settings\bruna\desktop\Combofix.exe

Comandos utilizados :: /killall

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 354 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\WinPCap

c:\arquivos de programas\WinPCap\rpcapd.exe

c:\bancobrasil\officePLUGIN\index.html

c:\documents and settings\All Users\Desktop\FLV Direct Player.lnk

c:\windows\infosapi.dll

c:\windows\system32\2420353494.dat

c:\windows\system32\acpi.vxd

c:\windows\system32\AutoRun.inf

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wbem\essclis.dll

c:\windows\system32\wmiapsrv.exe

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Legacy_SCARDSVRGBPSV

-------\Legacy_WMIAPSRV32

-------\Service_NPF

-------\Service_SCardSvrGbpSv

-------\Service_WmiApsrv32

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-14 to 2010-06-14 ))))))))))))))))))))))))))))

.

 

2010-06-11 11:06 . 2010-06-11 11:06 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\Malwarebytes

2010-06-11 11:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 11:06 . 2010-06-11 11:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-11 11:06 . 2010-06-11 11:09 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-11 11:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 13:46 . 2010-06-10 14:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-06-09 13:11 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 12:26 . 2010-06-09 12:26 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\IObit

2010-06-08 10:31 . 2010-06-08 10:31 -------- d-----w- C:\25ad7f2832bda5d4bba4afe2414d

2010-06-01 18:50 . 2010-06-01 18:57 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\searchqutb

2010-06-01 18:50 . 2010-06-01 18:50 -------- d-----w- c:\arquivos de programas\Windows Searchqu Toolbar

2010-06-01 18:50 . 2010-06-01 18:50 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\Bandoo

2010-06-01 18:49 . 2010-06-01 18:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2010-06-01 18:49 . 2010-06-01 18:50 -------- d-----w- c:\arquivos de programas\Bandoo

2010-06-01 18:20 . 2010-06-01 18:20 124 ----a-w- c:\windows\CUZER.Reg

2010-05-31 11:05 . 2010-05-31 11:05 715776 ----a-w- c:\windows\system32\NetLogom.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-14 16:25 . 2008-03-27 20:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-06-09 13:43 . 2004-09-08 17:52 83434 ----a-w- c:\windows\system32\perfc016.dat

2010-06-09 13:43 . 2004-09-08 17:52 479312 ----a-w- c:\windows\system32\perfh016.dat

2010-06-09 13:13 . 2009-09-16 15:21 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-06-09 13:00 . 2010-02-24 13:41 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\SUPERAntiSpyware.com

2010-06-09 13:00 . 2010-02-24 13:41 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-06-02 10:34 . 2008-03-27 20:20 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-06-01 12:04 . 2010-06-01 12:04 29512 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-06-01 12:04 . 2010-06-01 12:04 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-06-01 12:03 . 2009-05-22 14:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-01 12:03 . 2008-03-11 13:27 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-26 13:48 . 2008-12-12 11:51 45472 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2010-05-23 08:30 . 2010-06-01 18:49 2269184 ----a-w- c:\documents and settings\bruna\Dados de aplicativos\Mozilla\Firefox\Profiles\5xqwa78n.default\extensions\firefox@bandoo.com\components\FFPlugin.dll

2010-05-15 03:32 . 2010-05-15 03:32 688128 ----a-w- c:\windows\system32\libeay32.dll

2010-05-15 03:32 . 2010-05-15 03:32 155648 ----a-w- c:\windows\system32\ssleay32.dll

2010-05-07 20:15 . 2010-03-03 20:08 49 ----a-w- c:\windows\wpd99.drv

2010-05-06 10:34 . 2004-09-08 17:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-09-08 17:52 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:31 . 2004-09-08 17:51 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 18:00 . 2008-09-25 17:51 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe" [2005-11-08 114688]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

MinyScanHome.lnk - c:\arquivos de programas\CIS\MinyScanHome\MinyScanHome.exe [2009-12-3 462848]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GBPLUGIN\gbiehuni.dll" [2010-03-10 324000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2010-04-14 16:03 310824 ------w- c:\arquiv~1\GbPlugin\gbiehAbn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2010-03-10 17:08 324000 ------w- c:\arquiv~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-05 11:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Run Ultr@VNC SERVER.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Run Ultr@VNC SERVER.lnk

backup=c:\windows\pss\Run Ultr@VNC SERVER.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^evelyn.PETROPOL^Menu Iniciar^Programas^Inicializar^OpenOffice.org 1.1.0.lnk]

path=c:\documents and settings\evelyn.PETROPOL\Menu Iniciar\Programas\Inicializar\OpenOffice.org 1.1.0.lnk

backup=c:\windows\pss\OpenOffice.org 1.1.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgsmsnd.exe]

2005-11-08 18:50 114688 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\bgsmsnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 22:54 3735552 ----a-w- c:\arquivos de programas\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-04 16:05 36864 ----a-w- c:\arquivos de programas\HP\HP UT\bin\hppusg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-03 17:28 7630848 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-03 17:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 20:23 118784 ------w- c:\arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-02 15:51 282624 ----a-w- c:\windows\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 07:25 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"\\\\nypol\\d\\SOFTWARES PETROPOL\\PRINTER\\P1505n\\Setup.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [22/5/2009 11:17 52872]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/12/2008 08:51 45472]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/5/2009 11:17 216200]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/5/2009 11:17 242896]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe [17/3/2006 17:25 65536]

R2 avg9wd;AVG WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [5/3/2010 08:41 308064]

R2 avgfws9;AVG Firewall;c:\arquivos de programas\AVG\AVG9\avgfws9.exe [22/12/2009 07:20 2331544]

R2 bgsserv;bgsserv;c:\windows\system32\spool\drivers\w32x86\3\bgsserv.exe [3/3/2010 16:32 159744]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [27/3/2008 17:20 55072]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [22/5/2009 11:16 30104]

S2 pestsddug;System Config;c:\windows\system32\svchost.exe -k netsvcs [8/9/2004 14:52 14336]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [22/5/2009 11:16 30104]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

pestsddug

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.0.103#D]

\ShEll\AutoRun\command - BvTGln.ExE

\ShEll\oPEN\cOmMaNd - BVTgln.exE

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-14 c:\windows\Tasks\User_Feed_Synchronization-{D104A468-4658-4957-8B27-E3BA44BF5910}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

uInternet Settings,ProxyServer = 192.168.0.106:8080

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\bruna\Dados de aplicativos\Mozilla\Firefox\Profiles\5xqwa78n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\documents and settings\bruna\Dados de aplicativos\Mozilla\Firefox\Profiles\5xqwa78n.default\extensions\firefox@bandoo.com\components\FFPlugin.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\bruna\Dados de aplicativos\Mozilla\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{0940C8A5-0FA5-4A5B-B637-4E6303EF5B9F} - c:\windows\system32\wbem\essclis.dll

BHO-{6063D70C-1E80-42AC-BEA2-407A2C2AFB9E} - (no file)

BHO-{A39FAD8E-CB1C-4BD5-942C-80AA8EC6F369} - c:\windows\system32\wbem\essclis.dll

BHO-{C360759E-15FF-4255-91A2-618BDC7107D9} - c:\windows\system32\wbem\essclis.dll

BHO-{C8FCD479-0339-45BF-B1D5-F4ACFE435261} - (no file)

BHO-{C93696F9-0D03-49E0-9645-C468C7E436DD} - (no file)

BHO-{F1B6A564-539A-4107-AA75-CFFD32675660} - (no file)

MSConfigStartUp-AVG8_TRAY - c:\arquiv~1\AVG\AVG8\avgtray.exe

MSConfigStartUp-nwiz - nwiz.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-14 13:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pestsddug]

"ServiceDll"="c:\windows\system32\psyljv.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(928)

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GBPLUGIN\gbiehuni.dll

 

- - - - - - - > 'explorer.exe'(780)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GBPLUGIN\gbiehuni.dll

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\windows\system32\webcheck.dll

c:\arquiv~1\MICROS~2\OFFICE11\MCPS.DLL

c:\arquivos de programas\Microsoft Silverlight\xapauthenticodesip.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\arquivos de programas\AVG\AVG9\avgam.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Internet Explorer\iexplore.exe

c:\arquivos de programas\Internet Explorer\iexplore.exe

c:\arquivos de programas\Internet Explorer\iexplore.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-06-14 13:31:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-06-14 16:31

 

Pré-execução: 18 pasta(s) 134.048.161.792 bytes disponíveis

Pós execução: 23 pasta(s) 134.429.040.640 bytes disponíveis

 

- - End Of File - - 0570A02347B256481E2FE1B3643A9F4D

 

 

 

 

Log HiJackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 13:34:18, on 14/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\CIS\MinyScanHome\MinyScanHome.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

G:\SOFTWARES PETROPOL\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.106:8080

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: MinyScanHome.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\Software\..\Telephony: DomainName = petropol.polimeros

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = petropol.polimeros

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgfws9.exe

O23 - Service: bgsserv - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsserv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! João Prado

 

Já havia deletado antes, e o log se encontra no post anterior

<!> Sim! Mas...técnicamente,mostra em seu relatório que nenhuma ação foi executada,em relação aos ficheiros detectados.

 

 -> No action taken.

<!> É a notificação ao final de cada linha,no log do Malwarebytes.

00000000000000000000

oooooooooooooooooooo

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\psyljv.dll

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.0.103#D]

[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pestsddug]

Driver::

"pestsddug"

NetSvc::

"pestsddug"

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segue log solicitado

 

 

 

 

ComboFix 10-06-13.04 - bruna 16/06/2010 13:00:50.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.292 [GMT -3:00]

Executando de: c:\documents and settings\bruna\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\bruna\Desktop\CFScript.txt

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

"c:\windows\system32\psyljv.dll"

.

ADS - drivers: deleted 354 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Legacy_PESTSDDUG

-------\Service_pestsddug

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-16 to 2010-06-16 ))))))))))))))))))))))))))))

.

 

2010-06-11 11:06 . 2010-06-11 11:06 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\Malwarebytes

2010-06-11 11:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 11:06 . 2010-06-11 11:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-11 11:06 . 2010-06-11 11:09 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-11 11:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 13:46 . 2010-06-10 14:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-06-09 13:11 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 12:26 . 2010-06-09 12:26 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\IObit

2010-06-08 10:31 . 2010-06-08 10:31 -------- d-----w- C:\25ad7f2832bda5d4bba4afe2414d

2010-06-01 18:50 . 2010-06-01 18:57 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\searchqutb

2010-06-01 18:50 . 2010-06-01 18:50 -------- d-----w- c:\arquivos de programas\Windows Searchqu Toolbar

2010-06-01 18:50 . 2010-06-01 18:50 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\Bandoo

2010-06-01 18:49 . 2010-05-23 08:30 2269184 ----a-w- c:\documents and settings\bruna\Dados de aplicativos\Mozilla\Firefox\Profiles\5xqwa78n.default\extensions\firefox@bandoo.com\components\FFPlugin.dll

2010-06-01 18:49 . 2010-06-01 18:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2010-06-01 18:49 . 2010-06-01 18:50 -------- d-----w- c:\arquivos de programas\Bandoo

2010-06-01 18:20 . 2010-06-01 18:20 124 ----a-w- c:\windows\CUZER.Reg

2010-06-01 12:04 . 2010-06-01 12:04 29512 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-06-01 12:04 . 2010-06-01 12:04 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-05-31 11:05 . 2010-05-31 11:05 715776 ----a-w- c:\windows\system32\NetLogom.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-16 16:09 . 2008-03-27 20:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-06-09 13:43 . 2004-09-08 17:52 83434 ----a-w- c:\windows\system32\perfc016.dat

2010-06-09 13:43 . 2004-09-08 17:52 479312 ----a-w- c:\windows\system32\perfh016.dat

2010-06-09 13:13 . 2009-09-16 15:21 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-06-09 13:00 . 2010-02-24 13:41 -------- d-----w- c:\documents and settings\bruna\Dados de aplicativos\SUPERAntiSpyware.com

2010-06-09 13:00 . 2010-02-24 13:41 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-06-02 10:34 . 2008-03-27 20:20 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-06-01 12:03 . 2009-05-22 14:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-01 12:03 . 2008-03-11 13:27 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-26 13:48 . 2008-12-12 11:51 45472 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2010-05-15 03:32 . 2010-05-15 03:32 688128 ----a-w- c:\windows\system32\libeay32.dll

2010-05-15 03:32 . 2010-05-15 03:32 155648 ----a-w- c:\windows\system32\ssleay32.dll

2010-05-07 20:15 . 2010-03-03 20:08 49 ----a-w- c:\windows\wpd99.drv

2010-05-06 10:34 . 2004-09-08 17:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-09-08 17:52 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:31 . 2004-09-08 17:51 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 18:00 . 2008-09-25 17:51 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe" [2005-11-08 114688]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

MinyScanHome.lnk - c:\arquivos de programas\CIS\MinyScanHome\MinyScanHome.exe [2009-12-3 462848]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GBPLUGIN\gbiehuni.dll" [2010-03-10 324000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2010-04-14 16:03 310824 ------w- c:\arquiv~1\GbPlugin\gbiehAbn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2010-03-10 17:08 324000 ------w- c:\arquiv~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-05 11:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Run Ultr@VNC SERVER.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Run Ultr@VNC SERVER.lnk

backup=c:\windows\pss\Run Ultr@VNC SERVER.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^evelyn.PETROPOL^Menu Iniciar^Programas^Inicializar^OpenOffice.org 1.1.0.lnk]

path=c:\documents and settings\evelyn.PETROPOL\Menu Iniciar\Programas\Inicializar\OpenOffice.org 1.1.0.lnk

backup=c:\windows\pss\OpenOffice.org 1.1.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgsmsnd.exe]

2005-11-08 18:50 114688 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\bgsmsnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 22:54 3735552 ----a-w- c:\arquivos de programas\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-04 16:05 36864 ----a-w- c:\arquivos de programas\HP\HP UT\bin\hppusg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-03 17:28 7630848 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-03 17:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 20:23 118784 ------w- c:\arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-12-02 15:51 282624 ----a-w- c:\windows\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 07:25 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"\\\\nypol\\d\\SOFTWARES PETROPOL\\PRINTER\\P1505n\\Setup.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [22/5/2009 11:17 52872]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/12/2008 08:51 45472]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/5/2009 11:17 216200]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/5/2009 11:17 242896]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe [17/3/2006 17:25 65536]

R2 avg9wd;AVG WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [5/3/2010 08:41 308064]

R2 avgfws9;AVG Firewall;c:\arquivos de programas\AVG\AVG9\avgfws9.exe [22/12/2009 07:20 2331544]

R2 bgsserv;bgsserv;c:\windows\system32\spool\drivers\w32x86\3\bgsserv.exe [3/3/2010 16:32 159744]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [27/3/2008 17:20 55072]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [22/5/2009 11:16 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [22/5/2009 11:16 30104]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-16 c:\windows\Tasks\User_Feed_Synchronization-{D104A468-4658-4957-8B27-E3BA44BF5910}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080306

uInternet Settings,ProxyServer = 192.168.0.106:8080

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\bruna\Dados de aplicativos\Mozilla\Firefox\Profiles\5xqwa78n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\bruna\Dados de aplicativos\Mozilla\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-HijackThis - g:\softwares petropol\SPYWARE\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net"]http://www.gmer.net

Rootkit scan 2010-06-16 13:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(596)

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GBPLUGIN\gbiehuni.dll

 

- - - - - - - > 'explorer.exe'(180)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\arquiv~1\GBPLUGIN\gbiehuni.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\AVG\AVG9\avgam.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-06-16 13:15:28 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-06-16 16:15

ComboFix2.txt 2010-06-14 16:31

 

Pré-execução: 22 pasta(s) 134.428.110.848 bytes disponíveis

Pós execução: 23 pasta(s) 134.448.025.600 bytes disponíveis

 

- - End Of File - - 2C48011E896ED4876B5B275F5038EFB4

 

 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! João Prado

 

<!> Desinstale: c:\arquivos de programas\FLV Direct Player <-- Caso possua!

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < AD-Remover >

<@> Salve-o em C:\Arquivos de programas\

<@> Duplo clique em AD-R.exe e instale o programa.

<@> Duplo clique no ícone criado no desktop --> Clique em Oui --> Tecle L --> Enter.

<@> Terminando,poste o relatório. ( C:\Ad-Report-CLEAN[1].log )

00000000000000000000

oooooooooooooooooooo

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\NetLogom.exe

FireFox::

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

Folder::

C:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player

C:\Documents and Settings\bruna\Local Settings\Temp\nsn13.tmp

C:\Documents and Settings\bruna\Local Settings\Temp\nsu3.tmp

c:\documents and settings\bruna\Dados de aplicativos\searchqutb

c:\arquivos de programas\Windows Searchqu Toolbar

c:\arquivos de programas\FLV Direct Player

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83082478-bfad-4d4a-b4ed-3c280ec37ba1}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83082478-bfad-4d4a-b4ed-3c280ec37ba1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83082478-bfad-4d4a-b4ed-3c280ec37ba1}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c360759e-15ff-4255-91a2-618bdc7107d9}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c360759e-15ff-4255-91a2-618bdc7107d9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c360759e-15ff-4255-91a2-618bdc7107d9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aae7910-4f59-6d62-6b24-bd39e7d875cc}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0aae7910-4f59-6d62-6b24-bd39e7d875cc}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\m-YIAC-E_]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d}]

[-HKEY_CLASSES_ROOT\CLSID\{83082478-bfad-4d4a-b4ed-3c280ec37ba1}]

[-HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline]

[-HKEY_CLASSES_ROOT\CLSID\{c360759e-15ff-4255-91a2-618bdc7107d9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FLV Video]

[-HKEY_CURRENT_USER\Software\FLV Direct Player]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp4]

[-HKEY_CURRENT_USER\Software\AppDataLow]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.