Ir ao conteúdo
  • Cadastre-se
danaoliveira

Central de segurança não detecta avast - teclado e mouse com comportament

Recommended Posts

Bom dia,

há uns dias tenho notado um comportamento estranho no meu pc, quando estou teclando alguma coisa ouço um apito na cpu e meu teclado desconfigura, tipo mesmo com a tecla num lock acionada meu teclado numerico não digita numeros apenas executa função de setas. E o teclado numerico da esquerda imprime #$%¨&*() como se a tecla shift estivesse acionada. TEstei o teclado em outro micro e funciona normal.

O mouse tambem quando tento selecionar algum arquivo no explorer ele seleciona todos os arquivos da pasta.

Agora a Central de segurança não detecta o avast, ja tentei passar o antivirus no boot, mas nada foi encontrado

segue abaixo o log

desde ja agradeço

Daniela

Logfile of HijackThis v1.99.1

Scan saved at 21:40:55, on 12/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

G:\a\prog\virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Torrent Finder] "C:\Arquivos de programas\Torrent Finder\Torrent-Finder.exe" hmw

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora, estava fora da cidade... a trabalho

à noite quando eu chegar em casa eu sigo as instruções, mas já adianto que tentei seguir as instruções e quando fui postar deu erro, acho q ficou grande demais como eu não podia responder ao meu proprio post desisti e postei o logo do HijackThis mesmo. Me desculpe. Hoje sem falta sigo suas instruções.

E muito obrigada, viu....

Daniela

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Caso não consiga os outros logs, recorra à ferramenta abaixo e poste o log dela.

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Quando terminar, o DDS.txt irá abrir.
  • Salve os resultados e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-21 12:34:47

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF655D604] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF655D4C0] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF655D99E] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF655D098] <-- ROOTKIT !!!

SSDT spiq.sys ZwEnumerateKey [0xF8434CA2] <-- ROOTKIT !!!

SSDT spiq.sys ZwEnumerateValueKey [0xF8435030] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF655D59A] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF655CFD8] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF655D03C] <-- ROOTKIT !!!

SSDT spiq.sys ZwQueryKey [0xF8435108] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF655D6BA] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF655D67A] <-- ROOTKIT !!!

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF655D7FA] <-- ROOTKIT !!!

INT 0x35 ? 821D9BF8

INT 0x3E ? 823DFBF8

INT 0x3F ? 823DFBF8

---- Kernel code sections - GMER 1.0.14 ----

? spiq.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload F7A928AC 5 Bytes JMP 821D91D8

.text a44ikf9l.SYS F79C6386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a44ikf9l.SYS F79C63AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a44ikf9l.SYS F79C63C4 3 Bytes [ 00, 70, 02 ]

.text a44ikf9l.SYS F79C63C9 1 Byte [ 2E ]

.text a44ikf9l.SYS F79C63CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4367F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4381179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 43811720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 43811764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 438116AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 438116E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 438117DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 436A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] ws2_32.dll!connect 71A74A07 5 Bytes JMP 022E27A0 C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] ws2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 022E36F0 C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] ws2_32.dll!WSASend 71A768FA 5 Bytes JMP 022E33B0 C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] ws2_32.dll!WSAConnect 71A80C81 5 Bytes JMP 022E28D0 C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll

.text C:\WINDOWS\system32\winlogon.exe[536] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 1006A310 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[536] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 1006A040 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823722D8

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8447C4C] spiq.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8447CA0] spiq.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8417040] spiq.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841713C] spiq.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84170BE] spiq.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84177FC] spiq.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84176D2] spiq.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821D92D8

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!swprintf] C1815753

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeSetEvent] 00002590

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeCancelTimer] 43881855

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!sprintf] 7E8D503F

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ZwClose] E0835200

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoStartTimer] 06468A00

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ZwCreateKey] 52500000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeSetTimer] E85350F8

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!_allmul] FFFFF848

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!_except_handler3] BE7875C0

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!PoSetPowerState] 00000008

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!_aulldiv] 838D0000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!strstr] 00001A8C

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!_strupr] E850006A

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!KeTickCount] 808B8D00

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!memmove] 83FFFF68

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\a44ikf9l.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8427048] spiq.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [044E7408] C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)

IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [044E7408] C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)

IAT C:\WINDOWS\system32\services.exe[580] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[580] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823DE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP9936 \Device\00000041 spiq.sys

Device \Driver\usbuhci \Device\USBPDO-0 821D81F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 823701F8

Device \Driver\dmio \Device\DmControl\DmConfig 823701F8

Device \Driver\dmio \Device\DmControl\DmPnP 823701F8

Device \Driver\dmio \Device\DmControl\DmInfo 823701F8

Device \Driver\usbuhci \Device\USBPDO-1 821D81F8

Device \Driver\usbohci \Device\USBPDO-2 820D01F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EC2FE314-108F-46CB-ADEF-91CA251E9CE4} 82084500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823E01F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 823E01F8

Device \Driver\Cdrom \Device\CdRom0 822001F8

Device \Driver\Cdrom \Device\CdRom1 822001F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 82084500

Device \Driver\NetBT \Device\NetbiosSmb 82084500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 821D81F8

Device \Driver\usbuhci \Device\USBFDO-1 821D81F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82097500

Device \Driver\usbohci \Device\USBFDO-2 820D01F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 82097500

Device \Driver\Ftdisk \Device\FtControl 823E01F8

Device \Driver\a44ikf9l \Device\Scsi\a44ikf9l1 820C31F8

Device \Driver\a44ikf9l \Device\Scsi\a44ikf9l1Port2Path0Target0Lun0 820C31F8

Device \Driver\sptd \Device\1157431088 spiq.sys

Device \FileSystem\Cdfs \Cdfs 8207F3D8

---- Services - GMER 1.0.14 ----

Service C:\ARQUIV~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x80 0xB5 0xD6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xDD 0xB7 0x30 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x09 0xA5 0xE2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet002\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x80 0xB5 0xD6 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xDD 0xB7 0x30 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x0D 0x9E 0xAA ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x80 0xB5 0xD6 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xDD 0xB7 0x30 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x09 0xA5 0xE2 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by Daniela at 2008-11-21 12:35:52

Microsoft Windows XP Professional Service Pack 3

System drive C: has 2 GB (10%) free of 16 GB

Total RAM: 511 MB (46% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2008-10-31 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2008-09-20 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-17 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-17 378792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll [2008-10-31 441464]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar1.dll [2008-09-20 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-12 81000]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"RemoteControl"=C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-17 68856]

"Torrent Finder"=C:\Arquivos de programas\Torrent Finder\Torrent-Finder.exe hmw []

"DLD.EXE"=C:\Arquivos de programas\Download Direct\DLD.exe []

"Gadwin PrintScreen"=C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-08-20 495616]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-17 378792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-17 378792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE"="C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"

.scr - install -

.scr - config -

======List of files/folders created in the last 1 months======

2008-11-16 23:08:54 ----N---- C:\WINDOWS\UNNeroBurnRights.exe

2008-11-16 23:08:54 ----D---- C:\Arquivos de programas\Ahead

2008-11-16 23:08:54 ----A---- C:\WINDOWS\system32\NeroCo.dll

2008-11-16 11:17:05 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-16 09:45:54 ----D---- C:\separar

2008-11-14 19:01:28 ----A---- C:\WINDOWS\system32\hidserv.dll

2008-11-13 21:59:41 ----A---- C:\WINDOWS\unvise32.exe

2008-11-13 21:59:36 ----D---- C:\Arquivos de programas\Restore My Files Data Recovery v6.01

2008-11-12 23:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 23:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 23:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-12 22:15:22 ----D---- C:\Arquivos de programas\trend micro

2008-11-12 22:15:20 ----D---- C:\rsit

2008-11-12 21:57:50 ----A---- C:\WINDOWS\gmer.ini

2008-11-12 21:57:48 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-12 21:57:48 ----A---- C:\WINDOWS\gmer.exe

2008-11-12 21:57:48 ----A---- C:\WINDOWS\gmer.dll

2008-11-08 20:33:17 ----D---- C:\access

2008-11-08 14:21:02 ----D---- C:\myJavaPrograms

2008-11-06 20:02:43 ----D---- C:\Arquivos de programas\Gadwin Systems

2008-11-04 21:13:05 ----A---- C:\WINDOWS\topocr.INI

2008-11-04 21:12:36 ----D---- C:\Arquivos de programas\TopOCR

2008-11-04 18:56:57 ----D---- C:\ebooks

2008-11-02 13:40:57 ----A---- C:\WINDOWS\NCUNINST.EXE

2008-11-02 13:31:08 ----D---- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-10-25 21:43:56 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Raxco

2008-10-25 21:40:39 ----D---- C:\Arquivos de programas\RAXCO

2008-10-25 13:53:15 ----D---- C:\Arquivos de programas\Active Data Recovery Services

2008-10-25 13:00:14 ----D---- C:\Arquivos de programas\FreeUndelete

2008-10-24 20:46:03 ----D---- C:\Arquivos de programas\Download Direct

2008-10-24 11:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-21 12:22:06 ----D---- C:\WINDOWS\Prefetch

2008-11-21 12:12:56 ----D---- C:\WINDOWS\Temp

2008-11-21 12:11:39 ----D---- C:\Documents and Settings\Daniela\Dados de aplicativos\Orbit

2008-11-21 00:08:33 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-20 22:59:15 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-20 22:48:01 ----D---- C:\Arquivos de programas\Orbitdownloader

2008-11-19 20:03:13 ----RD---- C:\Arquivos de programas

2008-11-17 21:25:01 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-17 20:49:35 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-16 23:08:55 ----D---- C:\WINDOWS

2008-11-16 23:08:54 ----D---- C:\WINDOWS\system32

2008-11-16 11:17:05 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-16 10:11:25 ----D---- C:\WINDOWS\network diagnostic

2008-11-16 09:41:22 ----D---- C:\downloads

2008-11-14 19:01:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-14 19:01:24 ----D---- C:\WINDOWS\system32\drivers

2008-11-13 21:17:39 ----D---- C:\Arquivos de programas\eMule

2008-11-13 20:59:39 ----HD---- C:\WINDOWS\inf

2008-11-12 23:42:18 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 23:42:14 ----SHD---- C:\WINDOWS\Installer

2008-11-12 23:42:14 ----HD---- C:\Config.Msi

2008-11-12 23:41:15 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 23:39:54 ----D---- C:\WINDOWS\WinSxS

2008-11-12 13:57:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-03 21:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-28 19:36:23 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-10-28 19:36:12 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-10-28 19:34:48 ----D---- C:\Arquivos de programas\Runtime Software

2008-10-24 22:56:48 ----D---- C:\Arquivos de programas\cdTree

2008-10-24 01:01:19 ----D---- C:\Documents and Settings\Daniela\Dados de aplicativos\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-12 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-12 110160]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-12 50656]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-12 94032]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-12 23152]

R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-12 85969]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]

S1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

S3 a44ikf9l;a44ikf9l; C:\WINDOWS\system32\drivers\a44ikf9l.sys []

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912]

S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-11-12 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-11-12 155160]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-09-06 54784]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2008-09-08 85096]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-11-12 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-11-12 352920]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-20 138168]

S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Vá até 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:

    • C:\WINDOWS\system32\drivers\a44ikf9l.sys

[*] Clique no botão 688godt.jpg

[*] O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.

[*] Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite...

fiz o que me pediu, deu essa mensagem...

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

antes de fazer isso reparei o xp e troquei o teclado e o problema foi solucionado...

acredito eu que era um problema de hardware não de virus, vou postar o log do HijackThis se não ver nada errado pode encerrar.

Moço muito obrigada pela ajuda, fico te devendo essa, precisando......

Logfile of HijackThis v1.99.1

Scan saved at 19:34:36, on 21/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\max40\a\prog\virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Torrent Finder] "C:\Arquivos de programas\Torrent Finder\Torrent-Finder.exe" hmw

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o descrito, segue o log abaixo...

Muito obrigada moço.....

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1421

Windows 5.1.2600 Service Pack 3

24/11/2008 22:14:25

mbam-log-2008-11-24 (22-14-25).txt

Tipo de Verificação: Rápida

Objetos verificados: 49544

Tempo decorrido: 5 minute(s), 22 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\GbPluginABN.inf (Trojan.Agent) -> Quarantined and deleted successfully.

log hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 22:31:15, on 24/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

G:\a\prog\virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Torrent Finder] "C:\Arquivos de programas\Torrent Finder\Torrent-Finder.exe" hmw

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Acesse o Painel de Controlo -> Adicionar/Remover Programas; e remova os seguintes programas caso estejam presentes:

  • AskBarDis

Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png
Utilizando o Windows Explorer, procure e elimine os seguintes Arquivos e as seguintes Pastas:
Obs: Caso não encontre algum dos arquivo(s) ou pasta(s), prossiga com as restantes instruções.
C:\Arquivos de programas\AskBarDis <-a PASTA
Exemplo:
Para eliminar o arquivo C:\WINDOWS\malware.exe
Duplo-Clique em Meu Computador, ou pressione ao mesmo tempo as teclas: tecla Windows + E.
Duplo-Clique em Disco Local (C:\)
Duplo-Clique na pasta Windows,
Clique direito do mouse em malware.exe e no menu que abrirá, escolha Eliminar
O seu Java está desatualizado.
Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.
  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Reinicie normalmente o Pc. Gere e cole um Log do HijackThis e informe como está seu PC agora.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá moço

esta tudo ok agora, muito obrigada pela ajuda....

segue o novo log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:09:35, on 27/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Torrent Finder] "C:\Arquivos de programas\Torrent Finder\Torrent-Finder.exe" hmw

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 8632 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

É importante que atulize o seu JAVA.

O seu log está limpo :legal:

  1. Elimine as Pastas (caso existam): Backups do HijackThis.
  2. Desative e ative novamente a Restauração do Sistema.
  3. Leia o Proteja-seu-pc , para evitar futuras infeções.
  4. Leia este artigo para a melhoria da performance de seu pc.
  5. Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui
  6. Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif

Caso não tenha mais nenhum problema com o seu PC, clique no botão p_report.gif e diga que o problema foi resolvido.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

O problema foi resolvido....

Muito obrigada pela ajuda.

Já atualizei o java e estou usando o firefox em 95% dos acessos a net.

valeu pelas dicas moço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×