[Arquivado] Análise de LOG

[Souks 0]

Bom galera, gostaria que dessem uma olhada no meu log.

Computador fica reiniciando e dando tela azul.

Não é aquecimento, nem problema com alguma peça, acho que se eu formatasse resolveria, mas não quero formatar.

Espero que consigam me ajudar.

 

 

  Citar

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:05, on 9/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Claro 3G\Claro 3G.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\DllHost.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nodenable] C:\Arquivos de programas\eset\nodenable.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E76DF89D-9D94-451E-9CD7-591D6363F0E7}: NameServer = 200.169.117.222 200.169.117.221

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8530 bytes

 

Abraços.

[wings 22]

Boa tarde....

 

*Desative temporariamente seu antivírus

 

  Citar

Botão direito no ícone do NOD32 ao lado do relógio > Centro de Controle > AMON > Desmarque "Módulo Residente (AMON)"

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[Souks 0]

ComboFix 10-07-08.02 - Paulo Soprana 10/07/2010 16:50:34.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3583.2876 [GMT -3:00]

Executando de: c:\documents and settings\Paulo Soprana\Meus documentos\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 2622 bytes in 2 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))

.

 

2010-07-09 14:25 . 2010-07-09 14:26 -------- d-----w- C:\HijackThis

2010-07-09 14:03 . 2010-07-09 14:03 -------- d-----w- C:\wind

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\documents and settings\Paulo Soprana\SystemRequirementsLab

2010-07-05 15:56 . 2010-07-05 21:46 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\QuickScan

2010-07-05 15:56 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-07-05 15:56 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-07-01 14:57 . 2010-07-01 14:59 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Tibia

2010-06-25 20:39 . 2010-06-25 21:14 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\LimeWire

2010-06-21 00:02 . 2010-06-21 00:02 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Media Player Classic

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-06-14 16:20 . 2010-07-09 22:52 -------- d-----w- c:\arquivos de programas\Claro 3G

2010-06-10 23:48 . 2010-06-10 23:48 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-10 19:44 . 2010-04-25 13:05 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\uTorrent

2010-07-10 16:43 . 2010-02-03 23:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-07-08 17:46 . 2010-05-18 22:52 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-08 17:46 . 2010-05-18 22:52 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-06-15 02:57 . 2010-02-06 00:08 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2010-06-14 16:20 . 2010-02-03 22:42 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-09 21:37 . 2010-03-26 15:34 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\FileZilla

2010-06-01 18:44 . 2010-06-01 18:44 503808 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcp71.dll

2010-06-01 18:44 . 2010-06-01 18:44 499712 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\jmc.dll

2010-06-01 18:44 . 2010-06-01 18:44 348160 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcr71.dll

2010-06-01 18:40 . 2010-06-01 18:40 61440 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-sse.dll

2010-06-01 18:40 . 2010-06-01 18:40 12800 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-d3d.dll

2010-05-19 16:02 . 2010-05-18 22:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-05-18 22:37 . 2010-05-18 22:37 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Leadertech

2010-05-12 12:19 . 2010-05-12 12:19 5248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys

2010-04-27 00:24 . 2010-04-27 00:24 10134 ----a-r- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2010-04-27 00:24 . 2004-08-04 12:00 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-04-27 00:24 . 2004-08-04 12:00 425426 ----a-w- c:\windows\system32\perfh016.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-02-03 3134976]

"EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"nodenable"="c:\arquivos de programas\eset\nodenable.exe" [2008-09-23 326823]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-04-25 319792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 176128]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Paulo Soprana\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Atualizador de licen‡as ESET.lnk - c:\arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-02-18 13:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-04-10 03:36 29757440 ----a-r- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-12-25 16:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-12-25 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-05-03 10:42 2938552 ----a-w- c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de Programas\\CSS\\hl2.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Paulo Soprana\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\Arquivos de Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"d:\\Arquivos de Programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58261:TCP"= 58261:TCP:Pando Media Booster

"58261:UDP"= 58261:UDP:Pando Media Booster

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/4/2010 09:22 54048]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/2/2010 19:41 222976]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/4/2010 09:22 30752]

S3 hookdriver;hookdriver;\??\c:\windows\system32\drivers\hookdriver.sys --> c:\windows\system32\drivers\hookdriver.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

.

.

------- Scan Suplementar -------

.

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {E76DF89D-9D94-451E-9CD7-591D6363F0E7} = 200.169.117.222 200.169.117.221

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-10 16:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\pluginreg.dat.bak 5733 bytes

c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\prefs.js.BAK

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 2

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(16360)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-07-10 16:54:56

ComboFix-quarantined-files.txt 2010-07-10 19:54

 

Pré-execução: 10 pasta(s) 17.712.082.944 bytes disponíveis

Pós execução: 12 pasta(s) 19.488.923.648 bytes disponíveis

 

- - End Of File - - FC8F130F8C0CF4F005B2F031C3E4973D

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

  Citar

File::

c:\windows\system32\drivers\hookdriver.sys

Driver::

hookdriver

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

 

Informe também como está o PC após o procedimento.

[Souks 0]

ComboFix 10-07-08.02 - Paulo Soprana 10/07/2010 20:09:29.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3583.2802 [GMT -3:00]

Executando de: c:\documents and settings\Paulo Soprana\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Paulo Soprana\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

FILE ::

"c:\windows\system32\drivers\hookdriver.sys"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_HOOKDRIVER

-------\Service_hookdriver

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))

.

 

2010-07-09 14:25 . 2010-07-09 14:26 -------- d-----w- C:\HijackThis

2010-07-09 14:03 . 2010-07-09 14:03 -------- d-----w- C:\wind

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\documents and settings\Paulo Soprana\SystemRequirementsLab

2010-07-05 15:56 . 2010-07-05 21:46 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\QuickScan

2010-07-05 15:56 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-07-05 15:56 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-07-01 14:57 . 2010-07-01 14:59 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Tibia

2010-06-25 20:39 . 2010-06-25 21:14 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\LimeWire

2010-06-21 00:02 . 2010-06-21 00:02 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Media Player Classic

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-06-14 16:20 . 2010-07-09 22:52 -------- d-----w- c:\arquivos de programas\Claro 3G

2010-06-10 23:48 . 2010-06-10 23:48 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-10 23:13 . 2010-04-25 13:05 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\uTorrent

2010-07-10 23:13 . 2010-02-03 23:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-07-08 17:46 . 2010-05-18 22:52 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-08 17:46 . 2010-05-18 22:52 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-06-15 02:57 . 2010-02-06 00:08 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2010-06-14 16:20 . 2010-02-03 22:42 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-09 21:37 . 2010-03-26 15:34 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\FileZilla

2010-06-01 18:44 . 2010-06-01 18:44 503808 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcp71.dll

2010-06-01 18:44 . 2010-06-01 18:44 499712 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\jmc.dll

2010-06-01 18:44 . 2010-06-01 18:44 348160 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcr71.dll

2010-06-01 18:40 . 2010-06-01 18:40 61440 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-sse.dll

2010-06-01 18:40 . 2010-06-01 18:40 12800 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-d3d.dll

2010-05-19 16:02 . 2010-05-18 22:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-05-18 22:37 . 2010-05-18 22:37 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Leadertech

2010-05-12 12:19 . 2010-05-12 12:19 5248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys

2010-04-27 00:24 . 2010-04-27 00:24 10134 ----a-r- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2010-04-27 00:24 . 2004-08-04 12:00 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-04-27 00:24 . 2004-08-04 12:00 425426 ----a-w- c:\windows\system32\perfh016.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-07-10_19.54.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-10 23:12 . 2010-07-10 23:12 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-02-03 3134976]

"EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"nodenable"="c:\arquivos de programas\eset\nodenable.exe" [2008-09-23 326823]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-04-25 319792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 176128]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Paulo Soprana\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Atualizador de licen‡as ESET.lnk - c:\arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-02-18 13:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-04-10 03:36 29757440 ----a-r- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-12-25 16:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-12-25 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-05-03 10:42 2938552 ----a-w- c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de Programas\\CSS\\hl2.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Paulo Soprana\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\Arquivos de Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"d:\\Arquivos de Programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58261:TCP"= 58261:TCP:Pando Media Booster

"58261:UDP"= 58261:UDP:Pando Media Booster

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/4/2010 09:22 30752]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/4/2010 09:22 54048]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/2/2010 19:41 222976]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

.

.

------- Scan Suplementar -------

.

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {E76DF89D-9D94-451E-9CD7-591D6363F0E7} = 200.169.117.222 200.169.117.221

FF - ProfilePath - c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-10 20:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(736)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(2832)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-07-10 20:15:19 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-07-10 23:15

ComboFix2.txt 2010-07-10 19:54

 

Pré-execução: 11 pasta(s) 19.461.894.144 bytes disponíveis

Pós execução: 12 pasta(s) 19.389.964.288 bytes disponíveis

 

- - End Of File - - FCBBAA9DE5FA198983163401246F75B2

 

 

O computador está estável até o momento.

[wings 22]

OK...o log está limpo.

 

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

 

Um abraço.

[Souks 0]

Bom, hoje quando liguei o computador, voltou a reiniciar.

Detalhe: as vezes o leitor de cd/dvd fica abrindo.

[wings 22]

Dê uma olhada nos hardwares (memórias, atualização de drivers, etc...). Não é malware.

[Souks 0]

As vezes os problemas estabilizam, depois voltam.

Quando o computador reinicia sozinho, o meu antivirus fica desativado, dai tenho que reiniciar..

E também o monitor muda as cores as vezes, mas volta ao normal.

[wings 22]

Quase certo que seja hardware. Faremos uma varredura....

 

1.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

 

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

  Citar

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.