Tem varios email com esse titulo enviados por mim nos meus email hotmail,uol!!!!!!
O teclado tambem não funciona!!
quando abro o emai pela1° vez ele fecha a pagina
Logfile of HijackThis v1.99.1
Scan saved at 22:17:37, on 8/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe
C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\path\javahr.exe
c:\path\javahr2.exe
C:\Arquivos de programas\Kiwee Toolbar2\1.4.127\kwtbaim.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B1NR1TIJ\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F89CEB6F-335E-43EC-BD6B-7F72D7801158} - c:\path\javahn.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [javahr] c:\path\javahr.exe
O4 - HKCU\..\Run: [javahr2] c:\path\javahr2.exe
O4 - HKCU\..\Run: [javahl] c:\path\javahl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239053432250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239052723453
O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://music.msn.com.br/Download.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Versão Completa hotmail fotos 15/03
Páginas: 1, 2
- Faça o download do ComboFix de sUBs e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
- Desative, temporariamente, o antivírus;
- Feche todas as janelas abertas;
- Dê um duplo clique no ComboFix;
- Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br - Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
- O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
- Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
- Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
- Para parar ou sair do ComboFix, tecle "N".
- Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
- Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
http://www.linhadefensiva.org/forum/index.php?showtopic=595
Segue em anexo.
- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;
| CODE |
| Folder:: C:\uacpath C:\path Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "javahl"=- |
- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:
Se solicitado pressione "Enter" para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
Segue abaixo ComboFix.txt
ComboFix 10-04-10.02 - Administrador 10/04/2010 19:42:34.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.512.163 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - drivers: deleted 204 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\path
c:\path\Id
C:\uacpath
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))
.
2010-04-01 23:04 . 2010-04-01 23:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-03-18 01:53 . 2010-03-18 01:53 -------- d-----w- c:\arquivos de programas\Conduit
2010-03-18 01:52 . 2010-03-18 01:53 -------- d-----w- c:\arquivos de programas\Zynga
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 22:59 . 2008-07-23 16:42 3699013664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-10 22:54 . 2004-03-19 15:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2010-04-10 22:52 . 2008-07-23 16:42 43347788 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-10 15:34 . 2009-02-27 00:34 -------- d-----w- c:\arquivos de programas\GbPlugin
2010-04-10 14:40 . 2009-02-27 00:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin
2010-04-09 01:29 . 2005-10-27 22:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Symantec
2010-04-01 23:04 . 2010-04-01 23:04 503808 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\msvcp71.dll
2010-04-01 23:04 . 2010-04-01 23:04 499712 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\jmc.dll
2010-04-01 23:04 . 2010-04-01 23:04 348160 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\msvcr71.dll
2010-04-01 23:04 . 2010-04-01 23:04 61440 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5aa13c67-n\decora-sse.dll
2010-04-01 23:04 . 2010-04-01 23:04 12800 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5aa13c67-n\decora-d3d.dll
2010-04-01 22:57 . 2009-12-27 19:43 -------- d-----w- c:\arquivos de programas\Java
2010-03-31 00:23 . 2009-04-18 00:36 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-03-31 00:21 . 2009-12-31 23:31 -------- d-----w- c:\arquivos de programas\Eusing Free Registry Cleaner
2010-03-10 17:12 . 2009-02-27 00:34 30336 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2010-03-09 07:28 . 2009-12-27 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 14:58 . 2001-10-28 15:07 67232 ----a-w- c:\windows\system32\perfc016.dat
2010-02-21 14:58 . 2001-10-28 15:07 425072 ----a-w- c:\windows\system32\perfh016.dat
2010-02-20 13:14 . 2007-10-11 20:59 2142488 ----a-w- c:\windows\system32\drivers\LVMVDrv.sys.off
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-14 23:05 . 2006-07-22 00:42 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-02-14 23:03 . 2008-01-23 21:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2010-02-14 17:50 . 2010-02-14 17:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Norton
2006-10-11 08:04 . 2006-01-20 18:35 61036 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-01-20 18:35 48742 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-01-20 18:35 29313 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-01-20 18:35 41082 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-01-20 18:35 166510 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 15:05 2353176 ----a-w- c:\arquivos de programas\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="c:\arquivos de programas\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogitechCommunicationsManager"="c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-02-18 12:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
c:\arquiv~1\GbPlugin\gbiehuni.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 17:59 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 03:57 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:45 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
2008-03-14 17:07 56456 ----a-w- c:\arquivos de programas\Kiwee Toolbar2\1.4.127\kwtbaim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 18:33 563984 ----a-w- c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 18:37 2178832 ----a-w- c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-06-01 20:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-06-01 20:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-26 00:18 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"is-S74N2"=2 (0x2)
"gusvc"=3 (0x3)
"GbpSv"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3646:UDP"= 3646:UDP:shareaza
"6346:TCP"= 6346:TCP:shareaza
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [29/12/2009 18:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [29/12/2009 18:09 5248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [26/2/2009 21:34 30336]
R1 is-S74N2drv;is-S74N2drv;c:\windows\system32\drivers\85115634.sys [23/7/2008 20:01 148496]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [19/8/2008 23:34 8944]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [19/8/2008 23:34 55024]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [26/2/2009 21:34 53632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2010 19:59 102448]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [5/2/2010 19:54 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/5/2007 09:55 23888]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [19/8/2008 23:34 7408]
S4 is-S74N2;is-S74N2; [x]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\arquivos de programas\Arquivos comuns\Symantec Shared\CCSVCHST.EXE [24/8/2007 18:07 149352]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-05 22:54]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-05 22:54]
2010-04-06 c:\windows\Tasks\Norton AntiVirus - Verificação completa no sistema - Administrador.job
- c:\arquivos de programas\Norton AntiVirus\Navw32.exe [2007-08-26 17:19]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Liberar pop-ups desta página
IE: Liberar pop-ups deste site
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} - hxxp://music.msn.com.br/Download.cab
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\utib0pj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORFÃOS REMOVIDOS - - - -
URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 19:55
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8229A140]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8579fc3
\Driver\ACPI -> ACPI.sys @ 0xf84c6cb8
\Driver\atapi -> 0x8229a140
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2688)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-04-10 20:02:23 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-04-10 23:02
ComboFix2.txt 2010-04-10 15:43
ComboFix3.txt 2008-11-13 14:57
ComboFix4.txt 2008-01-19 16:56
Pré-execução: 24 pasta(s) 13.227.261.952 bytes disponíveis
Pós execução: 23 pasta(s) 13.225.320.448 bytes disponíveis
- - End Of File - - A96A78854F411ED303D6E1E2426618CB
Segue abaixo log do HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 20:10:21, on 10/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\AUPDATE.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\8O2BB64G\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239053432250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239052723453
O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://music.msn.com.br/Download.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
ComboFix 10-04-10.02 - Administrador 10/04/2010 19:42:34.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.512.163 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - drivers: deleted 204 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\path
c:\path\Id
C:\uacpath
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))
.
2010-04-01 23:04 . 2010-04-01 23:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-03-18 01:53 . 2010-03-18 01:53 -------- d-----w- c:\arquivos de programas\Conduit
2010-03-18 01:52 . 2010-03-18 01:53 -------- d-----w- c:\arquivos de programas\Zynga
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 22:59 . 2008-07-23 16:42 3699013664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-10 22:54 . 2004-03-19 15:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2010-04-10 22:52 . 2008-07-23 16:42 43347788 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-10 15:34 . 2009-02-27 00:34 -------- d-----w- c:\arquivos de programas\GbPlugin
2010-04-10 14:40 . 2009-02-27 00:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin
2010-04-09 01:29 . 2005-10-27 22:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Symantec
2010-04-01 23:04 . 2010-04-01 23:04 503808 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\msvcp71.dll
2010-04-01 23:04 . 2010-04-01 23:04 499712 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\jmc.dll
2010-04-01 23:04 . 2010-04-01 23:04 348160 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e77e944-n\msvcr71.dll
2010-04-01 23:04 . 2010-04-01 23:04 61440 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5aa13c67-n\decora-sse.dll
2010-04-01 23:04 . 2010-04-01 23:04 12800 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5aa13c67-n\decora-d3d.dll
2010-04-01 22:57 . 2009-12-27 19:43 -------- d-----w- c:\arquivos de programas\Java
2010-03-31 00:23 . 2009-04-18 00:36 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-03-31 00:21 . 2009-12-31 23:31 -------- d-----w- c:\arquivos de programas\Eusing Free Registry Cleaner
2010-03-10 17:12 . 2009-02-27 00:34 30336 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2010-03-09 07:28 . 2009-12-27 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 14:58 . 2001-10-28 15:07 67232 ----a-w- c:\windows\system32\perfc016.dat
2010-02-21 14:58 . 2001-10-28 15:07 425072 ----a-w- c:\windows\system32\perfh016.dat
2010-02-20 13:14 . 2007-10-11 20:59 2142488 ----a-w- c:\windows\system32\drivers\LVMVDrv.sys.off
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-14 23:05 . 2006-07-22 00:42 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-02-14 23:03 . 2008-01-23 21:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2010-02-14 17:50 . 2010-02-14 17:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Norton
2006-10-11 08:04 . 2006-01-20 18:35 61036 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-01-20 18:35 48742 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-01-20 18:35 29313 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-01-20 18:35 41082 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-01-20 18:35 166510 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 15:05 2353176 ----a-w- c:\arquivos de programas\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\arquivos de programas\Zynga\tbZyng.dll" [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="c:\arquivos de programas\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogitechCommunicationsManager"="c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-02-18 12:19 323360 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
c:\arquiv~1\GbPlugin\gbiehuni.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 17:59 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 03:57 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:45 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
2008-03-14 17:07 56456 ----a-w- c:\arquivos de programas\Kiwee Toolbar2\1.4.127\kwtbaim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 18:33 563984 ----a-w- c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 18:37 2178832 ----a-w- c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-06-01 20:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-06-01 20:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-26 00:18 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"is-S74N2"=2 (0x2)
"gusvc"=3 (0x3)
"GbpSv"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3646:UDP"= 3646:UDP:shareaza
"6346:TCP"= 6346:TCP:shareaza
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [29/12/2009 18:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [29/12/2009 18:09 5248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [26/2/2009 21:34 30336]
R1 is-S74N2drv;is-S74N2drv;c:\windows\system32\drivers\85115634.sys [23/7/2008 20:01 148496]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [19/8/2008 23:34 8944]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [19/8/2008 23:34 55024]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [26/2/2009 21:34 53632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2010 19:59 102448]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [5/2/2010 19:54 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/5/2007 09:55 23888]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [19/8/2008 23:34 7408]
S4 is-S74N2;is-S74N2; [x]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\arquivos de programas\Arquivos comuns\Symantec Shared\CCSVCHST.EXE [24/8/2007 18:07 149352]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-05 22:54]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-05 22:54]
2010-04-06 c:\windows\Tasks\Norton AntiVirus - Verificação completa no sistema - Administrador.job
- c:\arquivos de programas\Norton AntiVirus\Navw32.exe [2007-08-26 17:19]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Liberar pop-ups desta página
IE: Liberar pop-ups deste site
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} - hxxp://music.msn.com.br/Download.cab
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\utib0pj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORFÃOS REMOVIDOS - - - -
URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 19:55
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8229A140]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8579fc3
\Driver\ACPI -> ACPI.sys @ 0xf84c6cb8
\Driver\atapi -> 0x8229a140
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2688)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-04-10 20:02:23 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-04-10 23:02
ComboFix2.txt 2010-04-10 15:43
ComboFix3.txt 2008-11-13 14:57
ComboFix4.txt 2008-01-19 16:56
Pré-execução: 24 pasta(s) 13.227.261.952 bytes disponíveis
Pós execução: 23 pasta(s) 13.225.320.448 bytes disponíveis
- - End Of File - - A96A78854F411ED303D6E1E2426618CB
Segue abaixo log do HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 20:10:21, on 10/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\AUPDATE.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\8O2BB64G\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Arquivos de programas\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239053432250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239052723453
O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://music.msn.com.br/Download.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Faça o download do Gmer:
http://www.gmer.net/gmer.zip
Após o download, extraia o arquivo para uma pasta de fácil acesso e renomeie o executável para qualquer nome, em seguida rode o programa.
No programa, clique em Scan, e espere até o final da varredura.
Ao final, clique em Copy, e em seguida abra o Bloco de Notas, e aperte CTRL + V, salve o arquivo com qualquer nome, em seguida anexe-o na sua proxima mensagem, conforme instruções abaixo:
http://www.linhadefensiva.org/forum/index.php?showtopic=595
http://www.gmer.net/gmer.zip
Após o download, extraia o arquivo para uma pasta de fácil acesso e renomeie o executável para qualquer nome, em seguida rode o programa.
No programa, clique em Scan, e espere até o final da varredura.
Ao final, clique em Copy, e em seguida abra o Bloco de Notas, e aperte CTRL + V, salve o arquivo com qualquer nome, em seguida anexe-o na sua proxima mensagem, conforme instruções abaixo:
http://www.linhadefensiva.org/forum/index.php?showtopic=595
Não consegui executar o programa pedido. Ele salva mas quando vai executar aparece que precisa ser fechado.tentei por diversas vezes.
- Faça o download do Rooter e salve-o no desktop:
http://eric71.geekstogo.com/tools/Rooter.exe
http://eric71.geekstogo.com/tools/Rooter.exe
- Duplo clique no Rooter.exe para executar a ferramenta
- Poste o log que estará no bloco de notas.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.11
Mozilla Firefox 2.0 (pt-BR)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:12 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 19:24.02
Path : C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\D303TKLS\Rooter[1].exe
User : Administrador ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (832)
______ \??\C:\WINDOWS\system32\csrss.exe (928)
______ \??\C:\WINDOWS\system32\winlogon.exe (968)
______ C:\WINDOWS\system32\services.exe (1012)
______ C:\WINDOWS\system32\lsass.exe (1024)
______ C:\ARQUIV~1\GbPlugin\GbpSv.exe (1196)
______ C:\WINDOWS\system32\svchost.exe (1224)
______ C:\WINDOWS\system32\svchost.exe (1332)
______ C:\WINDOWS\System32\svchost.exe (1456)
______ C:\WINDOWS\System32\svchost.exe (1544)
______ C:\WINDOWS\system32\svchost.exe (1716)
______ C:\WINDOWS\Explorer.EXE (1928)
______ C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe (1988)
______ C:\WINDOWS\system32\spoolsv.exe (640)
______ C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe (1400)
______ C:\Arquivos de programas\Java\jre6\bin\jqs.exe (1564)
______ C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (316)
______ C:\WINDOWS\system32\HPZipm12.exe (716)
______ C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (840)
______ C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (692)
______ C:\WINDOWS\system32\wdfmgr.exe (1068)
______ C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (2628)
______ C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe (2676)
______ C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe (2792)
______ C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe (2828)
______ C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3036)
______ C:\WINDOWS\system32\ctfmon.exe (3044)
______ C:\Arquivos de programas\internet explorer\iexplore.exe (3408)
______ C:\WINDOWS\System32\alg.exe (1736)
______ C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe (2420)
______ C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe (2276)
______ C:\Arquivos de programas\Kiwee Toolbar2\1.4.127\kwtbaim.exe (2516)
______ C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (1356)
______ C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (2860)
______ C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\D303TKLS\Rooter[1].exe (2892)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:40007729664)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Norton AntiVirus - Verificação completa no sistema - Administrador.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:25.21
.
C:\Rooter$\Rooter_1.txt - (12/04/2010 | 19:25.21)
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.11
Mozilla Firefox 2.0 (pt-BR)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:12 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 19:24.02
Path : C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\D303TKLS\Rooter[1].exe
User : Administrador ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (832)
______ \??\C:\WINDOWS\system32\csrss.exe (928)
______ \??\C:\WINDOWS\system32\winlogon.exe (968)
______ C:\WINDOWS\system32\services.exe (1012)
______ C:\WINDOWS\system32\lsass.exe (1024)
______ C:\ARQUIV~1\GbPlugin\GbpSv.exe (1196)
______ C:\WINDOWS\system32\svchost.exe (1224)
______ C:\WINDOWS\system32\svchost.exe (1332)
______ C:\WINDOWS\System32\svchost.exe (1456)
______ C:\WINDOWS\System32\svchost.exe (1544)
______ C:\WINDOWS\system32\svchost.exe (1716)
______ C:\WINDOWS\Explorer.EXE (1928)
______ C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe (1988)
______ C:\WINDOWS\system32\spoolsv.exe (640)
______ C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe (1400)
______ C:\Arquivos de programas\Java\jre6\bin\jqs.exe (1564)
______ C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (316)
______ C:\WINDOWS\system32\HPZipm12.exe (716)
______ C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (840)
______ C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (692)
______ C:\WINDOWS\system32\wdfmgr.exe (1068)
______ C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (2628)
______ C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe (2676)
______ C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe (2792)
______ C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe (2828)
______ C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3036)
______ C:\WINDOWS\system32\ctfmon.exe (3044)
______ C:\Arquivos de programas\internet explorer\iexplore.exe (3408)
______ C:\WINDOWS\System32\alg.exe (1736)
______ C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe (2420)
______ C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe (2276)
______ C:\Arquivos de programas\Kiwee Toolbar2\1.4.127\kwtbaim.exe (2516)
______ C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (1356)
______ C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (2860)
______ C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\D303TKLS\Rooter[1].exe (2892)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:40007729664)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Norton AntiVirus - Verificação completa no sistema - Administrador.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:25.21
.
C:\Rooter$\Rooter_1.txt - (12/04/2010 | 19:25.21)
- Faça o download do RootRepeal
http://rootrepeal.googlepages.com/
http://rootrepeal.googlepages.com/
- Extraia o arquivo no desktop;
- Desative o antivírus;
- Duplo clique sobre o RootRepeal para executá-lo;
- Clique em "Files" e no botão "Scan";
- Selecione os drives existentes na máquina;
- Quando terminar, clique em "Save Report " e cole o log na sua próxima resposta.
Não consegui rodar o programa. Ele foi instalado normalmente porem quando tentava rodar aparecia que o sistema de memoria virtual estava baixo e por isso não iria executar. Tentei por varias vezes mas acaba por reiniciar o computador porque ele não funcionava mais.
Abra o Painel de Controle > Sistema > Avançado\Desempenho > Configurações > Avançado\Memória virtual > Alterar.
Marque: Tamanho gerenciado pelo sistema e clique em "Definir"
Reinicie o computador e tente novamente executar o RootRepeal
Marque: Tamanho gerenciado pelo sistema e clique em "Definir"
Reinicie o computador e tente novamente executar o RootRepeal
Fiz o que foi orientado e novamente não funcionou.Ficou uma tela dizendo que stava instalando e que aguardasse. Passou 10 minutos e continuava rodando sem nada acontecer. So voltou a funcionar reiniciando o computador.
- Faça o download do catchme.exe
http://www2.gmer.net/catchme.exe
http://www2.gmer.net/catchme.exe
- Duplo clique no catchme.exe
- Clique no botão scan
- Poste o conteúdo do arquivo catchme.log
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 19:15:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Rootkit scan 2010-04-14 19:15:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Páginas: 1, 2
Esta é uma versão "lo-fi" do conteúdo. Para acessar a versão completa com mais informações, formatação e imagens, por favor clique aqui .