Ir ao conteúdo
  • Cadastre-se
marcostpg

Por favor analizem meu log!

Recommended Posts

meu pc esta com vírus e esta muito lento

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:04, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Turbo\Discador\pppoe.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [Conexão Turbo] "C:\Arquivos de programas\Turbo\Discador\pppoe.exe"

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www3.ecurso.com.br/plugin/streetnoagent7.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{55EE8353-F3E9-49E2-A77A-29478F377441}: NameServer = 201.10.128.3 201.10.120.3

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 9555 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok beleza!!!

Logfile of random's system information tool 1.04 (written by random/random)

Run by Marcos at 2008-11-18 16:09:41

Microsoft Windows XP Professional Service Pack 3

System drive C: has 4 GB (19%) free of 20 GB

Total RAM: 512 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09, on 2008-11-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Marcos\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Trend Micro\HijackThis\Marcos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [Conexão Turbo] "C:\Arquivos de programas\Turbo\Discador\pppoe.exe"

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www3.ecurso.com.br/plugin/streetnoagent7.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 9334 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-06-04 369064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! com bloqueador de pop-up - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Lexmark 1200 Series"=C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

"SpeedBitVideoAccelerator"=C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [2008-08-22 2705008]

"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-29 544768]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-12 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"DownloadAccelerator"=C:\Arquivos de programas\DAP\DAP.EXE [2008-08-22 3053056]

"Conexão Turbo"=C:\Arquivos de programas\Turbo\Discador\pppoe.exe [2007-09-18 2109952]

"NitroPC"=C:\Arquivos de programas\NitroPC\NitroPC.exe [2008-08-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conexão Turbo]

C:\Arquivos de programas\Turbo\Discador\pppoe.exe [2007-09-18 2109952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

C:\Arquivos de programas\DAP\DAP.EXE [2008-08-22 3053056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

C:\Arquivos de programas\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-06-04 369064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-06-04 369064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-18 16:09:41 ----D---- C:\rsit

2008-11-18 15:57:13 ----A---- C:\WINDOWS\gmer.ini

2008-11-18 15:57:11 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-18 15:57:10 ----A---- C:\WINDOWS\gmer.exe

2008-11-18 15:57:10 ----A---- C:\WINDOWS\gmer.dll

2008-11-16 11:46:04 ----D---- C:\Arquivos de programas\PDF Editor 2

2008-11-16 11:46:04 ----A---- C:\WINDOWS\cadkasdeinst01e.exe

2008-11-13 20:55:53 ----D---- C:\ComboFix

2008-11-13 20:55:53 ----A---- C:\WINDOWS\system32\CF21768.exe

2008-11-13 20:46:05 ----A---- C:\WINDOWS\system32\CF19854.exe

2008-11-13 20:30:37 ----A---- C:\Boot.bak

2008-11-13 20:30:31 ----RASHD---- C:\cmdcons

2008-11-13 20:24:56 ----A---- C:\WINDOWS\zip.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\VFIND.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\SWSC.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\SWREG.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\sed.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\NIRCMD.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\grep.exe

2008-11-13 20:24:56 ----A---- C:\WINDOWS\fdsv.exe

2008-11-13 20:24:51 ----A---- C:\WINDOWS\system32\CF15703.exe

2008-10-22 19:17:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

======List of files/folders modified in the last 1 months======

2008-11-18 16:09:52 ----D---- C:\WINDOWS\Prefetch

2008-11-18 15:57:13 ----D---- C:\WINDOWS

2008-11-18 15:57:11 ----D---- C:\WINDOWS\system32\drivers

2008-11-18 15:56:55 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-18 15:19:32 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-18 15:15:32 ----D---- C:\WINDOWS\temp

2008-11-18 15:15:27 ----A---- C:\WINDOWS\lexstat.ini

2008-11-18 15:09:49 ----D---- C:\Arquivos de programas\SpeedBit Video Accelerator

2008-11-18 15:09:09 ----D---- C:\Documents and Settings\Marcos\Dados de aplicativos\Leading

2008-11-18 15:08:57 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-18 00:08:08 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-17 23:27:52 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-17 14:04:13 ----D---- C:\temp

2008-11-16 23:31:57 ----D---- C:\WINDOWS\Minidump

2008-11-16 16:09:30 ----D---- C:\WINDOWS\system32

2008-11-16 11:46:04 ----D---- C:\Arquivos de programas

2008-11-16 11:37:07 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-11-15 10:06:50 ----HD---- C:\WINDOWS\inf

2008-11-14 18:36:20 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-11-14 18:35:44 ----SHD---- C:\WINDOWS\Installer

2008-11-14 18:35:42 ----SHD---- C:\Config.Msi

2008-11-13 20:30:37 ----RASH---- C:\boot.ini

2008-11-13 20:30:11 ----D---- C:\QooBox

2008-11-13 16:18:47 ----D---- C:\WINDOWS\Debug

2008-11-13 12:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-13 12:02:23 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 18:51:02 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-12 14:57:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-03 22:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-03 21:06:42 ----D---- C:\Arquivos de programas\Megacubo

2008-10-27 15:45:41 ----D---- C:\Arquivos de programas\SopCast

2008-10-27 15:45:16 ----D---- C:\Documents and Settings\Marcos\Dados de aplicativos\Megacubo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-12 26944]

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-12 110160]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-12 50656]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-15 20747]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-12 94032]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-30 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-30 55936]

R2 sbbotdi;sbbotdi; \??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys []

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-12 23152]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2006-05-29 64512]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-23 47360]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 bdftdif;bdftdif; \??\C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Firewall\bdftdif.sys []

S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-18 85969]

S3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-30 12288]

S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []

S3 Profos;Profos; \??\C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 RT61;Hawking HWPG1 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]

S3 Trufos;Trufos; \??\C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-11-12 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-11-12 155160]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]

R2 LIVESRV;BitDefender Desktop Update Service; C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe [2007-08-30 1074520]

R2 NwSapAgent;Agente SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 VideoAcceleratorService;VideoAcceleratorService; C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-08-22 292472]

R2 XCOMM;BitDefender Communicator; C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe [2006-01-13 86016]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-11-12 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-11-12 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE []

S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-18 16:09:05

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF6B40604]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF6B404C0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF6B4099E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF6B40098]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF6B4059A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF6B3FFD8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF6B4003C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF6B406BA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF6B4067A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF6B407FA]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 10067060 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[1064] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 10066D90 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01110CD0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 011109C0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 011094C0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0110AA00

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0110DB70

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0110B750

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0110AD30

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0110CEB0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0110FEA0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0110FEE0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 01111020

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0110FAA0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0110DAD0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0110C270

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0110B400

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0110BCF0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 011115A0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0110D200

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0110D930

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0110E560

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0110E040

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0110E4E0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0110F000

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0110E6D0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0110B0B0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0110C120

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0110FFC0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0110E180

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0110DA70

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0110D630

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0110DC80

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 01111040

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0110DF80

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 011112E0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 01111280

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 011114D0

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 01111570

IAT C:\Arquivos de programas\DAP\DAP.EXE[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 011113A0

IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.14 ----

Service C:\ARQUIV~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Quando terminar, o DDS.txt irá abrir.
  • Salve os resultados e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Version 1.0) - NTFSx86

Run by Marcos at 10:32:57.95 on 2008-11-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.512.95 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Turbo\Discador\pppoe.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcos\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://search.speedbit.com/

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn0\yt.dll

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn0\yt.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn0\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DownloadAccelerator] "c:\arquivos de programas\dap\DAP.EXE" /STARTUP

uRun: [Conexão Turbo] "c:\arquivos de programas\turbo\discador\pppoe.exe"

uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

mRun: [Lexmark 1200 Series] "c:\arquivos de programas\lexmark 1200 series\lxczbmgr.exe"

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [speedBitVideoAccelerator] "c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe"

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-system: RunStartupScriptSync = 1 (0x1)

mPolicies-system: RunStartupScriptSync = 1 (0x1)

IE: &Clean Traces - c:\arquivos de programas\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\dap\dapextie.htm

IE: Baixar link usando &BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: Download &all with DAP - c:\arquivos de programas\dap\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {55EE8353-F3E9-49E2-A77A-29478F377441} = 201.10.128.3 201.10.120.3

Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-14 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-19 110160]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-19 20560]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]

R2 sbbotdi;sbbotdi;\??\c:\arquiv~1\speedb~1\sbbotdi.sys [2008-8-22 35584]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\speedb~1\VideoAcceleratorService.exe -start -scm []

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2006-5-29 64512]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

=============== Created Last 30 ================

2008-11-19 01:09 <DIR> --d----- C:\ComboFix

2008-11-19 01:09 400,896 a------- c:\windows\system32\CF7624.exe

2008-11-19 01:07 400,896 a------- c:\windows\system32\CF7160.exe

2008-11-18 19:08 400,896 a------- c:\windows\system32\CF2365.exe

2008-11-18 18:59 400,896 a------- c:\windows\system32\CF598.exe

2008-11-18 18:57 400,896 a------- c:\windows\system32\CF203.exe

2008-11-18 17:40 <DIR> --d----- c:\arquivos de programas\Snapshot Viewer

2008-11-18 15:57 250 a------- c:\windows\gmer.ini

2008-11-16 11:46 74,752 a------- c:\windows\cadkasdeinst01e.exe

2008-11-16 11:46 <DIR> --d----- c:\arquivos de programas\PDF Editor 2

2008-11-13 20:55 400,896 a------- c:\windows\system32\CF21768.exe

2008-11-13 20:46 400,896 a------- c:\windows\system32\CF19854.exe

2008-11-13 20:30 <DIR> a-dshr-- C:\cmdcons

2008-11-13 20:24 161,792 a------- c:\windows\SWREG.exe

2008-11-13 20:24 98,816 a------- c:\windows\sed.exe

2008-11-13 20:24 400,896 a------- c:\windows\system32\CF15703.exe

2008-11-12 12:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 12:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-10-23 19:40 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-19 08:15 <DIR> --d----- c:\arquivos de programas\SpeedBit Video Accelerator

2008-11-19 08:14 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Leading

2008-11-16 11:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-11-14 18:36 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-03 21:06 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-10-27 15:45 <DIR> --d----- c:\arquivos de programas\SopCast

2008-10-27 15:45 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Megacubo

2008-10-17 19:23 <DIR> --d----- c:\arquivos de programas\MSN Messenger

2008-10-16 07:11 <DIR> --d----- c:\arquivos de programas\Messenger

2008-10-15 20:38 425,072 a------- c:\windows\system32\perfh016.dat

2008-10-15 20:38 67,232 a------- c:\windows\system32\perfc016.dat

2008-10-15 18:53 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-10-05 22:29 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Vso

2008-10-02 12:28 <DIR> --d----- c:\docume~1\marcos\dadosd~1\uTorrent

2008-09-23 21:52 <DIR> --d----- c:\arquivos de programas\VSO

2008-09-23 21:49 <DIR> --d----- c:\arquivos de programas\NitroPC

2008-09-23 13:14 <DIR> --d----- c:\arquivos de programas\NCH Swift Sound

2008-09-23 13:14 <DIR> --d----- c:\arquivos de programas\NewLive All Media To Mp3 Converter

2008-09-23 13:13 <DIR> --d----- c:\arquivos de programas\RM Converter

2008-09-23 13:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NCH Swift Sound

2008-09-23 13:12 <DIR> --d----- c:\arquivos de programas\NCH Software

2008-09-23 13:08 <DIR> --d----- c:\docume~1\marcos\dadosd~1\NCH Software

2008-09-23 13:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NCH Software

2008-09-22 23:55 <DIR> --d----- c:\arquivos de programas\Crux Calculator v5

2008-09-20 10:07 <DIR> --d----- c:\docume~1\marcos\dadosd~1\NCH Swift Sound

2008-09-16 19:31 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 23:15 1,307,648 -------- c:\windows\system32\msxml6.dll

2008-09-04 15:16 1,106,944 a------- c:\windows\system32\msxml3.dll

2008-08-26 06:11 826,368 a------- c:\windows\system32\wininet.dll

2008-08-22 21:32 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SpeedBit

2008-08-22 21:32 50,688 a------- c:\windows\system32\wbhelp2.dll

2008-08-01 12:23 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Malwarebytes

2008-08-01 12:23 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-07-11 11:43 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Hagel Technologies

2008-07-08 14:48 <DIR> --d----- c:\docume~1\marcos\dadosd~1\HTNetMeter

2008-06-24 00:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\AVS4YOU

2008-06-23 23:37 <DIR> --d----- c:\docume~1\marcos\dadosd~1\AVSMedia

2008-06-22 14:56 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Dealio

2008-06-04 12:21 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Activision

2008-06-01 16:34 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\TERMINAL Studio

2008-05-25 13:20 <DIR> --d----- c:\docume~1\marcos\dadosd~1\ADPHONE

2008-05-25 12:49 <DIR> --d----- c:\docume~1\marcos\dadosd~1\LimeWire

2008-05-19 19:40 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BitDefender

2008-05-19 18:52 <DIR> --d----- c:\docume~1\marcos\dadosd~1\BitDefender

2008-05-19 00:58 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-03-19 21:10 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Kazaa Lite

2008-03-15 14:00 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Estalo

2008-03-15 14:00 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Estalo

2008-03-11 23:53 <DIR> --d----- c:\docume~1\marcos\dadosd~1\Netscape

2008-03-06 12:57 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Lavasoft

2008-03-06 09:25 <DIR> --d----- c:\docume~1\marcos\dadosd~1\INAC

2008-03-06 09:25 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\INAC

2008-02-15 13:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BVRP Software

============= FINISH: 10:33:09.89 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-02-05 13:06:57

System Uptime: 2008-11-19 08:13:11 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7V8X-X

Processor: AMD Athlon XP 2600+ | SOCKET A | 1916/166mhz

BIOS: Award Modular BIOS v6.0 | ASUS - 42302e31 | ASUS A7V8X-X ACPI BIOS Revision 1006 | 2003-08-05 21:00:00

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 20 GiB total, 3.668 GiB free.

D: is FIXED (NTFS) - 55 GiB total, 0.907 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP70: 2008-10-15 07:30:45 - Ponto de verificação do sistema

RP71: 2008-10-15 18:39:39 - Software Distribution Service 3.0

RP72: 2008-10-16 07:08:12 - Software Distribution Service 3.0

RP73: 2008-10-17 08:11:36 - Software Distribution Service 3.0

RP74: 2008-10-18 12:00:00 - Ponto de verificação do sistema

RP75: 2008-10-19 12:25:09 - Ponto de verificação do sistema

RP76: 2008-10-20 12:59:10 - Ponto de verificação do sistema

RP77: 2008-10-21 13:54:55 - Ponto de verificação do sistema

RP78: 2008-10-22 14:19:55 - Ponto de verificação do sistema

RP79: 2008-10-23 20:17:31 - Ponto de verificação do sistema

RP80: 2008-10-24 19:14:00 - Software Distribution Service 3.0

RP81: 2008-10-26 20:36:16 - Ponto de verificação do sistema

RP82: 2008-10-27 20:46:58 - Ponto de verificação do sistema

RP83: 2008-10-29 13:47:42 - Ponto de verificação do sistema

RP84: 2008-10-30 20:53:01 - Ponto de verificação do sistema

RP85: 2008-10-31 21:11:01 - Ponto de verificação do sistema

RP86: 2008-11-02 12:35:39 - Ponto de verificação do sistema

RP87: 2008-11-03 13:03:38 - Ponto de verificação do sistema

RP88: 2008-11-04 21:10:02 - Ponto de verificação do sistema

RP89: 2008-11-06 00:59:54 - Ponto de verificação do sistema

RP90: 2008-11-07 11:28:17 - Ponto de verificação do sistema

RP91: 2008-11-08 11:28:30 - Ponto de verificação do sistema

RP92: 2008-11-09 12:32:09 - Ponto de verificação do sistema

RP93: 2008-11-10 12:47:32 - Ponto de verificação do sistema

RP94: 2008-11-11 16:14:37 - Ponto de verificação do sistema

RP95: 2008-11-12 16:25:00 - Ponto de verificação do sistema

RP96: 2008-11-13 12:01:23 - Software Distribution Service 3.0

RP97: 2008-11-13 20:30:01 - ComboFix created restore point

RP98: 2008-11-14 18:35:36 - Removed Search Settings 1.2.

RP99: 2008-11-15 19:29:21 - Ponto de verificação do sistema

RP100: 2008-11-16 19:40:57 - Ponto de verificação do sistema

RP101: 2008-11-17 20:25:29 - Ponto de verificação do sistema

RP102: 2008-11-18 18:59:26 - ComboFix created restore point

RP103: 2008-11-19 01:09:44 - ComboFix created restore point

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.2 - Português

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player

Agere Systems PCI Soft Modem

AgroUtil

Allok RM RMVB to AVI MPEG DVD Converter 2.4.0730

Ares Tube 3.2

Arquivo do WinRAR

µTorrent

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

avast! Antivirus

AVS DVDMenu Editor 1.2.1.19

AVS Video Editor 3.5

Barra de Ferramentas do Yahoo! com bloqueador de pop-up

CCleaner (remove only)

Conexão Turbo

ConvertXtoDVD 3.2.1.55b

Crux Calculator v5

Dealio Toolbar 3.4

Download Accelerator Plus (DAP)

FaxTools

Foxit Reader

Google Earth

HijackThis 2.0.2

Hotfix para Windows Internet Explorer 7 (KB947864)

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

LeadingModem 3.0

Lexmark 1200 Series

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

Megacubo 5.0.7

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MKV TO AVI CONVERTER version 3.21

MKV To AVI With Subtitle version 1.01

Motorola SM56 Speakerphone Modem

Mozilla Firefox (3.0.4)

Nero 7 Demo

NitroPC

PDF Editor 2

PowerDVD

PPP over Ethernet Protocol 0.98

Prism Video Converter

Snapshot Viewer

SopCast 3.0.3

SoundMAX

SpeedBit Video Accelerator

Spring 5.0.1 Windows (Português)

Switch Sound File Converter

Tortuga

WebFldrs XP

WinAVI Video Converter 9.0

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Toolbar

==== Event Viewer Messages ===================

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×