[Resolvido] &nbspPc com virus

[Dom Luiz 0]

TO ENVIANDO OS DOIS LOG

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:38:04, on 26/03/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\LMabcoms.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Everything\Everything.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\PROGRA~1\FREEDO~1\fdm.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Goiatins\Desktop\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gta.adapec.to.gov.br/gta/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&client_id=B37E5B0001CBC6D4045BB4E3&src_id=11802&camp_id=-3&tb_version=2.5.15000.521

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.78.2.10:3129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1AF688-49D6-449E-819D-A4C87AD020C7}: NameServer = 201.10.128.3,201.10.120.3

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

 

--

End of file - 11128 bytes

 

 

 

 

ComboFix 11-03-26.01 - Goiatins 26/03/2011 18:26:28.4.2 - x86

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.55.1046.18.2039.758 [GMT -3:00]

Executando de: c:\users\Goiatins\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 254 bytes in 1 streams.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-26 to 2011-03-26 ))))))))))))))))))))))))))))

.

.

2011-03-26 21:45 . 2011-03-26 21:45 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-03-26 21:45 . 2011-03-26 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-26 21:45 . 2011-03-26 21:45 -------- d-----w- c:\users\administrador\AppData\Local\temp

2011-03-26 20:50 . 2011-03-26 20:50 -------- d-----w- c:\program files\CCleaner

2011-03-26 17:59 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3EC4D47-6E51-45C0-911D-14838F654261}\mpengine.dll

2011-03-24 21:19 . 2011-03-24 21:19 -------- d-----w- c:\users\Goiatins\AppData\Roaming\GIRDAC

2011-03-24 21:19 . 2011-03-24 21:19 -------- d-----w- C:\GIRDAC

2011-03-24 21:18 . 2011-03-24 21:19 -------- d-----w- c:\program files\GIRDAC PDF to Word Converter

2011-03-23 19:51 . 2011-03-23 20:02 -------- d-----w- c:\users\Goiatins\CARTÃO

2011-03-21 18:34 . 2011-03-21 18:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-03-21 18:34 . 2011-03-21 18:34 -------- d-----w- c:\users\Goiatins\AppData\Local\Conduit

2011-03-18 18:25 . 2011-03-18 18:26 -------- d-----w- C:\GTA

2011-03-18 17:45 . 2011-03-18 17:45 -------- d-----w- c:\program files\Conduit

2011-03-18 17:44 . 2011-03-21 18:34 -------- d-----w- c:\program files\mipony-plugin

2011-03-17 13:48 . 2011-03-17 13:48 -------- d-----w- C:\lexmark

2011-03-17 13:32 . 2010-01-29 13:18 67584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMUD064C.DLL

2011-03-17 13:18 . 2010-01-29 13:18 630784 ----a-w- c:\windows\system32\softcoin.dll

2011-03-17 13:18 . 2010-01-29 13:18 425984 ----a-w- c:\windows\system32\gencoin.dll

2011-03-17 13:10 . 2010-02-08 07:07 401408 ----a-w- c:\windows\system32\lexlog.dll

2011-03-17 13:10 . 2010-02-08 07:07 180224 ----a-w- c:\windows\system32\lmabtppm.dll

2011-03-17 13:06 . 2011-03-17 13:08 -------- d-----w- c:\program files\Admin

2011-03-12 15:28 . 2011-03-12 15:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-03-09 14:38 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 14:38 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 14:38 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 14:38 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 14:38 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 14:38 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-04 19:03 . 2011-03-04 19:03 -------- d-----w- c:\users\Goiatins\AppData\Roaming\McAfee

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-24 14:41 . 2011-02-17 17:56 299303 ----a-w- c:\users\1709005.zip

2011-02-24 14:38 . 2010-05-11 13:09 47008 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-02-02 23:40 . 2010-09-05 21:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 21:11 . 2010-04-17 16:00 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-12 20:41 . 2010-05-11 13:09 46664 ----a-w- c:\windows\system32\drivers\gbpkm(104).sys

2011-01-08 07:50 . 2011-02-09 23:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 05:57 . 2011-02-09 23:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:25 . 2011-02-09 22:41 2038784 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 14:57 . 2011-01-12 06:30 409600 ----a-w- c:\windows\system32\odbc32.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}]

2011-01-17 14:54 175912 ----a-w- c:\program files\mipony-plugin\prxtbmip0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{90D46C30-9F25-4104-AEA9-35C3F84477FF}"= "c:\program files\mipony-plugin\prxtbmip0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-29 124240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"rv"= 1

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2011-02-18 346568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-02-24 14:38 494880 ------w- c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-02-18 18:50 346568 ------w- c:\program files\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 01:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-05-16 11:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-08-11 14:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-09-04 20:47 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webf]

2006-10-01 11:33 1468928 ----a-w- c:\windows\config\cti\webf.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 12:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2708919601-3295503390-326002016-1000]

"EnableNotificationsRef"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2708919601-3295503390-326002016-1002]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-02-24 47008]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2011-02-24 57120]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-06-13 27648]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-03-23 c:\windows\Tasks\Norton Security Scan for Goiatins.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-06 07:14]

.

2011-03-24 c:\windows\Tasks\RMSchedule.job

- c:\program files\Registry Mechanic\RegMech.exe [2011-02-19 10:46]

.

2011-03-26 c:\windows\Tasks\User_Feed_Synchronization-{D6FCE0F9-7138-4C1D-B466-F915A64FF973}.job

- c:\windows\system32\msfeedssync.exe [2011-02-19 04:47]

.

2011-03-26 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-03-04 17:25]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://gta.adapec.to.gov.br/gta/

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 10.78.2.10:3129

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=B37E5B0001CBC6D4045BB4E3&src_id=11802&camp_id=-3&tb_version=2.5.15000.521

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Baixar com Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: Baixar com o Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: Download selecionado pelo Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: {FA1AF688-49D6-449E-819D-A4C87AD020C7} = 201.10.128.3,201.10.120.3

FF - ProfilePath - c:\users\Goiatins\AppData\Roaming\Mozilla\Firefox\Profiles\td8w9jxv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: network.proxy.ftp - 10.78.2.10

FF - prefs.js: network.proxy.ftp_port - 3129

FF - prefs.js: network.proxy.gopher - 10.78.2.10

FF - prefs.js: network.proxy.gopher_port - 3129

FF - prefs.js: network.proxy.http - 10.78.2.10

FF - prefs.js: network.proxy.http_port - 3129

FF - prefs.js: network.proxy.socks - 10.78.2.10

FF - prefs.js: network.proxy.socks_port - 3129

FF - prefs.js: network.proxy.ssl - 10.78.2.10

FF - prefs.js: network.proxy.ssl_port - 3129

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen

FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-26 18:45

Windows 6.0.6001 Service Pack 1 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2011-03-26 18:55:09

ComboFix-quarantined-files.txt 2011-03-26 21:54

ComboFix2.txt 2011-02-17 11:26

ComboFix3.txt 2011-02-08 11:57

.

Pré-execução: 176.018.591.744 bytes disponíveis

Pós execução: 178.347.458.560 bytes disponíveis

.

- - End Of File - - A91C88F9D32DADD6CC0223AA7535FB55

[wings 22]

Olá Dom Luiz

 

 

1.

*Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.c...n=2.5.15000.521

R3 - URLSearchHook: (no name) - - (no file)

*Feche o hijack

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Clique com o botão direito sobre AD-R.exe e selecione "Executar como administrador", clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt e novo log do hijack

[Dom Luiz 0]

======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 01/03/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 12:04:39 on 28/03/2011, Normal boot

 

Microsoft® Windows Vista™ Business Service Pack 1 (X86)

Goiatins@GOIATINS02 (System manufacturer System Product Name)

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Users\Goiatins\AppData\Roaming\Mozilla\FireFox\Profiles\td8w9jxv.default\conduit

 

(!) -- Temporary files deleted.

 

 

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.16 (pt-BR)] ****

 

HKLM_MozillaPlugins\@mcafee.com/MVT (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

 

-- C:\Users\Goiatins\AppData\Roaming\Mozilla\FireFox\Profiles\td8w9jxv.default --

Extensions\SkipScreen@SkipScreen (SkipScreen)

Extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} (mipony-plugin Community Toolbar)

Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar)

Prefs.js - browser.download.lastDir, C:\\Users\\Goiatins\\Desktop

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

 

========================================

 

**** Internet Explorer Version [8.0.6001.19019] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\prxtbmip0.dll)

HKLM_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\prxtbmip0.dll)

HKCU_SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - "Busca ALOT" (hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=B37E5B0001CBC6D4045...)

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files\Orbitdownloader\GrabPro.dll)

HKCU_Toolbar\WebBrowser|{90D46C30-9F25-4104-AEA9-35C3F84477FF} (C:\Program Files\mipony-plugin\prxtbmip0.dll)

HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files\Orbitdownloader\GrabPro.dll)

HKLM_Toolbar|{90d46c30-9f25-4104-aea9-35c3f84477ff} (C:\Program Files\mipony-plugin\prxtbmip0.dll)

HKLM_ElevationPolicy\041ecd2a-e72a-4ac3-8d47-0c2e93838c02 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (?)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)

HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

HKLM_ElevationPolicy\{2FA741D4-4A0F-4533-8D04-D8DF72F90DA1} - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper1.exe (?)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

HKLM_ElevationPolicy\{4536918A-95A8-498F-B542-CB906C561A43} - C:\Program Files\Google\Update\GoogleUpdate.exe (x)

HKLM_ElevationPolicy\{54AD76FE-2F21-47AF-9F07-E8563F928503} - C:\Users\Goiatins\AppData\Local\Conduit\CT2465030\mipony-pluginAutoUpdaterHelper.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} - C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe (x)

HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)

HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)

BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Program Files\Orbitdownloader\orbitcth.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\prxtbmip0.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\PROGRAM FILES\GBPLUGIN\gbieh.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540003} - "GbIehObj Class" (C:\Program Files\GbPlugin\gbiehcef.dll)

BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "Free Download Manager" (C:\Program Files\Free Download Manager\iefdm2.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 274 File(s)

C:\Program Files\Ad-Remover\Backup: 17 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 28/03/2011 11:56:56 (16098 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 28/03/2011 12:04:42 (5722 Byte(s))

 

End at: 12:05:37, 28/03/2011

 

============== E.O.F ==============

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:06:00, on 28/03/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Everything\Everything.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Goiatins\Desktop\HijackThis.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.78.2.10:3129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\prxtbmip0.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1AF688-49D6-449E-819D-A4C87AD020C7}: NameServer = 201.10.128.3,201.10.120.3

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

 

--

End of file - 8970 bytes

[wings 22]

OK...os logs estão limpos.

 

 

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

2.

*Clique [iniciar] > [Todos os programas] > [Acessórios] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.