[Arquivado] Análise de LOG

[Souks 0]

Bom galera, gostaria que dessem uma olhada no meu log.

Computador fica reiniciando e dando tela azul.

Não é aquecimento, nem problema com alguma peça, acho que se eu formatasse resolveria, mas não quero formatar.

Espero que consigam me ajudar.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:05, on 9/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Claro 3G\Claro 3G.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\DllHost.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nodenable] C:\Arquivos de programas\eset\nodenable.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E76DF89D-9D94-451E-9CD7-591D6363F0E7}: NameServer = 200.169.117.222 200.169.117.221

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8530 bytes

 

Abraços.

[wings 22]

Boa tarde....

 

*Desative temporariamente seu antivírus

 

Botão direito no ícone do NOD32 ao lado do relógio > Centro de Controle > AMON > Desmarque "Módulo Residente (AMON)"

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[Souks 0]

ComboFix 10-07-08.02 - Paulo Soprana 10/07/2010 16:50:34.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3583.2876 [GMT -3:00]

Executando de: c:\documents and settings\Paulo Soprana\Meus documentos\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 2622 bytes in 2 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))

.

 

2010-07-09 14:25 . 2010-07-09 14:26 -------- d-----w- C:\HijackThis

2010-07-09 14:03 . 2010-07-09 14:03 -------- d-----w- C:\wind

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\documents and settings\Paulo Soprana\SystemRequirementsLab

2010-07-05 15:56 . 2010-07-05 21:46 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\QuickScan

2010-07-05 15:56 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-07-05 15:56 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-07-01 14:57 . 2010-07-01 14:59 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Tibia

2010-06-25 20:39 . 2010-06-25 21:14 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\LimeWire

2010-06-21 00:02 . 2010-06-21 00:02 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Media Player Classic

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-06-14 16:20 . 2010-07-09 22:52 -------- d-----w- c:\arquivos de programas\Claro 3G

2010-06-10 23:48 . 2010-06-10 23:48 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-10 19:44 . 2010-04-25 13:05 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\uTorrent

2010-07-10 16:43 . 2010-02-03 23:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-07-08 17:46 . 2010-05-18 22:52 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-08 17:46 . 2010-05-18 22:52 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-06-15 02:57 . 2010-02-06 00:08 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2010-06-14 16:20 . 2010-02-03 22:42 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-09 21:37 . 2010-03-26 15:34 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\FileZilla

2010-06-01 18:44 . 2010-06-01 18:44 503808 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcp71.dll

2010-06-01 18:44 . 2010-06-01 18:44 499712 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\jmc.dll

2010-06-01 18:44 . 2010-06-01 18:44 348160 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcr71.dll

2010-06-01 18:40 . 2010-06-01 18:40 61440 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-sse.dll

2010-06-01 18:40 . 2010-06-01 18:40 12800 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-d3d.dll

2010-05-19 16:02 . 2010-05-18 22:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-05-18 22:37 . 2010-05-18 22:37 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Leadertech

2010-05-12 12:19 . 2010-05-12 12:19 5248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys

2010-04-27 00:24 . 2010-04-27 00:24 10134 ----a-r- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2010-04-27 00:24 . 2004-08-04 12:00 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-04-27 00:24 . 2004-08-04 12:00 425426 ----a-w- c:\windows\system32\perfh016.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-02-03 3134976]

"EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"nodenable"="c:\arquivos de programas\eset\nodenable.exe" [2008-09-23 326823]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-04-25 319792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 176128]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Paulo Soprana\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Atualizador de licen‡as ESET.lnk - c:\arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-02-18 13:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-04-10 03:36 29757440 ----a-r- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-12-25 16:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-12-25 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-05-03 10:42 2938552 ----a-w- c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de Programas\\CSS\\hl2.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Paulo Soprana\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\Arquivos de Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"d:\\Arquivos de Programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58261:TCP"= 58261:TCP:Pando Media Booster

"58261:UDP"= 58261:UDP:Pando Media Booster

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/4/2010 09:22 54048]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/2/2010 19:41 222976]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/4/2010 09:22 30752]

S3 hookdriver;hookdriver;\??\c:\windows\system32\drivers\hookdriver.sys --> c:\windows\system32\drivers\hookdriver.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

.

.

------- Scan Suplementar -------

.

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {E76DF89D-9D94-451E-9CD7-591D6363F0E7} = 200.169.117.222 200.169.117.221

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-10 16:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\pluginreg.dat.bak 5733 bytes

c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\prefs.js.BAK

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 2

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(16360)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-07-10 16:54:56

ComboFix-quarantined-files.txt 2010-07-10 19:54

 

Pré-execução: 10 pasta(s) 17.712.082.944 bytes disponíveis

Pós execução: 12 pasta(s) 19.488.923.648 bytes disponíveis

 

- - End Of File - - FC8F130F8C0CF4F005B2F031C3E4973D

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\drivers\hookdriver.sys

Driver::

hookdriver

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

 

Informe também como está o PC após o procedimento.

[Souks 0]

ComboFix 10-07-08.02 - Paulo Soprana 10/07/2010 20:09:29.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3583.2802 [GMT -3:00]

Executando de: c:\documents and settings\Paulo Soprana\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Paulo Soprana\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

FILE ::

"c:\windows\system32\drivers\hookdriver.sys"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_HOOKDRIVER

-------\Service_hookdriver

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))

.

 

2010-07-09 14:25 . 2010-07-09 14:26 -------- d-----w- C:\HijackThis

2010-07-09 14:03 . 2010-07-09 14:03 -------- d-----w- C:\wind

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2010-07-09 01:22 . 2010-07-09 01:22 -------- d-----w- c:\documents and settings\Paulo Soprana\SystemRequirementsLab

2010-07-05 15:56 . 2010-07-05 21:46 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\QuickScan

2010-07-05 15:56 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-07-05 15:56 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-07-01 14:57 . 2010-07-01 14:59 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Tibia

2010-06-25 20:39 . 2010-06-25 21:14 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\LimeWire

2010-06-21 00:02 . 2010-06-21 00:02 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Media Player Classic

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-06-14 16:20 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-06-14 16:20 . 2010-07-09 22:52 -------- d-----w- c:\arquivos de programas\Claro 3G

2010-06-10 23:48 . 2010-06-10 23:48 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-10 23:13 . 2010-04-25 13:05 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\uTorrent

2010-07-10 23:13 . 2010-02-03 23:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-07-08 17:46 . 2010-05-18 22:52 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-08 17:46 . 2010-05-18 22:52 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-06-15 02:57 . 2010-02-06 00:08 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2010-06-14 16:20 . 2010-02-03 22:42 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-09 21:37 . 2010-03-26 15:34 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\FileZilla

2010-06-01 18:44 . 2010-06-01 18:44 503808 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcp71.dll

2010-06-01 18:44 . 2010-06-01 18:44 499712 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\jmc.dll

2010-06-01 18:44 . 2010-06-01 18:44 348160 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50c4e574-n\msvcr71.dll

2010-06-01 18:40 . 2010-06-01 18:40 61440 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-sse.dll

2010-06-01 18:40 . 2010-06-01 18:40 12800 ----a-w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52e83d5d-n\decora-d3d.dll

2010-05-19 16:02 . 2010-05-18 22:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-05-18 22:37 . 2010-05-18 22:37 -------- d-----w- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Leadertech

2010-05-12 12:19 . 2010-05-12 12:19 5248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys

2010-04-27 00:24 . 2010-04-27 00:24 10134 ----a-r- c:\documents and settings\Paulo Soprana\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2010-04-27 00:24 . 2004-08-04 12:00 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-04-27 00:24 . 2004-08-04 12:00 425426 ----a-w- c:\windows\system32\perfh016.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-07-10_19.54.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-10 23:12 . 2010-07-10 23:12 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-02-03 3134976]

"EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"nodenable"="c:\arquivos de programas\eset\nodenable.exe" [2008-09-23 326823]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-04-25 319792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 176128]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Paulo Soprana\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Atualizador de licen‡as ESET.lnk - c:\arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-02-18 13:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-04-10 03:36 29757440 ----a-r- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-12-25 16:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-12-25 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-05-03 10:42 2938552 ----a-w- c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de Programas\\CSS\\hl2.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Paulo Soprana\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\Arquivos de Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"d:\\Arquivos de Programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58261:TCP"= 58261:TCP:Pando Media Booster

"58261:UDP"= 58261:UDP:Pando Media Booster

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [4/4/2010 09:22 30752]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/4/2010 09:22 54048]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/2/2010 19:41 222976]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

.

.

------- Scan Suplementar -------

.

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {E76DF89D-9D94-451E-9CD7-591D6363F0E7} = 200.169.117.222 200.169.117.221

FF - ProfilePath - c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\documents and settings\Paulo Soprana\Dados de aplicativos\Mozilla\Firefox\Profiles\d697bptp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-10 20:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(736)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(2832)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-07-10 20:15:19 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-07-10 23:15

ComboFix2.txt 2010-07-10 19:54

 

Pré-execução: 11 pasta(s) 19.461.894.144 bytes disponíveis

Pós execução: 12 pasta(s) 19.389.964.288 bytes disponíveis

 

- - End Of File - - FCBBAA9DE5FA198983163401246F75B2

 

 

O computador está estável até o momento.

[wings 22]

OK...o log está limpo.

 

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

 

Um abraço.

[Souks 0]

Bom, hoje quando liguei o computador, voltou a reiniciar.

Detalhe: as vezes o leitor de cd/dvd fica abrindo.

[wings 22]

Dê uma olhada nos hardwares (memórias, atualização de drivers, etc...). Não é malware.

[Souks 0]

As vezes os problemas estabilizam, depois voltam.

Quando o computador reinicia sozinho, o meu antivirus fica desativado, dai tenho que reiniciar..

E também o monitor muda as cores as vezes, mas volta ao normal.

[wings 22]

Quase certo que seja hardware. Faremos uma varredura....

 

1.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

 

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.