Jump to content


Foto

Analise de Log




Existem 11 respostas neste tópico

#1 jguidi    

jguidi
  • Participante
  • 6 mensagens

Publicado 28 July 2009 - 08:13 PM

Boa noite,

Prezados, solicito que analisem o meu log, já fiz todos os procedimentos de leia-me do fórum.

O meu problema começou quando acessei o site do PDT, e fui solicitado para que instalasse uma nova versão do flash. Instalei e reiniciei a máquina. Acredito que o JAVA da SUN também restou comprometido, após a execução de um programam daquela plataforma, que não me recordo o nome agora.

Bem, no final das contas, toda vez que minha máquina é iniciada recebo uma mesnsagem "file acces denied", alguns sites param de abrir, realmente, nem a página inicial, ou qualquer subdominio ou página do endereço, como o site do Banco do Brasil, site da Linha Defensiva, nada abre... Quanto ao Banco do Brasil, andei pesquisando na Net e já aviso de antemão, que não é problema com o teclado virtual... o que acontece é que nada do site abre, como se o site não existisse, a mesma coisa acontece com o da linha defensiva... uso a versão mais nova do IE, Google Chrome e Mozila, mas em nenhum deles abrem estes sites... Encontrei um complemento no meu IE chamado "Discutir" (nunca ouvi falar) que usa o arquivo shdocvw.dll .

Enfim, segue meu log, ficarei grato no que puderem me ajudar, abraços:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:48, on 28/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system\wuaucldt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\The Cleaner\cleaner6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 189.126.119.73 bb.com.br
O1 - Hosts: 189.126.119.73 bancodobrasil.com.br
O1 - Hosts: 189.126.119.73 bradesco.com.br
O1 - Hosts: 189.126.119.73 itau.com.br
O1 - Hosts: 189.126.119.73 itaupersonnalite.com.br
O1 - Hosts: 189.126.119.73 itauprivatebank.com.br
O1 - Hosts: 189.126.119.73 santander.com.br
O1 - Hosts: 189.126.119.73 banespa.com.br
O1 - Hosts: 189.126.119.73 santanderbanespa.com.br
O1 - Hosts: 189.126.119.73 citibank.com.br
O1 - Hosts: 189.126.119.73 citibank.com
O1 - Hosts: 189.126.119.73 infoseg.gov.br
O1 - Hosts: 189.126.119.73 real.com.br
O1 - Hosts: 189.126.119.73 bancoreal.com.br
O1 - Hosts: 189.126.119.73 unibanco.com
O1 - Hosts: 189.126.119.73 unibanco.com.br
O1 - Hosts: 189.126.119.73 serasa.com.br
O1 - Hosts: 189.126.119.73 infobusca.informarketing.com
O1 - Hosts: 189.126.119.73 equifax.com.br
O1 - Hosts: 189.126.119.73 sci.com.br
O1 - Hosts: 189.126.119.73 e-tim.timbrasil.com.br
O1 - Hosts: 189.126.119.73 cbp.3dsolution.com.br
O1 - Hosts: 189.126.119.73 visanet.com.br
O1 - Hosts: 189.126.119.73 cetelem.com.br
O1 - Hosts: 189.126.119.73 banrisul.com.br
O1 - Hosts: 189.126.119.73 paypal.com.br
O1 - Hosts: 189.126.119.73 paypal.com
O1 - Hosts: 189.126.97.116 virustotal.com.br
O1 - Hosts: 189.126.97.116 linhadefensiva.com.br
O1 - Hosts: 189.126.97.116 linhadefensiva.org
O1 - Hosts: 189.126.119.73 www.bb.com.br
O1 - Hosts: 189.126.119.73 www.bancodobrasil.com.br
O1 - Hosts: 189.126.119.73 www.bradesco.com.br
O1 - Hosts: 189.126.119.73 www.itau.com.br
O1 - Hosts: 189.126.119.73 www.itaupersonnalite.com.br
O1 - Hosts: 189.126.119.73 www.itauprivatebank.com.br
O1 - Hosts: 189.126.119.73 www.santander.com.br
O1 - Hosts: 189.126.119.73 www.banespa.com.br
O1 - Hosts: 189.126.119.73 www.santanderbanespa.com.br
O1 - Hosts: 189.126.119.73 www.citibank.com.br
O1 - Hosts: 189.126.119.73 www.citibank.com
O1 - Hosts: 189.126.119.73 www.infoseg.gov.br
O1 - Hosts: 189.126.119.73 www.unibanco.com
O1 - Hosts: 189.126.119.73 www.unibanco.com.br
O1 - Hosts: 189.126.119.73 www.real.com.br
O1 - Hosts: 189.126.119.73 www.bancoreal.com.br
O1 - Hosts: 189.126.119.73 www.serasa.com.br
O1 - Hosts: 189.126.119.73 www.equifax.com.br
O1 - Hosts: 189.126.119.73 www.sci.com.br
O1 - Hosts: 189.126.119.73 www.infobusca.informarketing.com
O1 - Hosts: 189.126.119.73 www.e-tim.timbrasil.com.br
O1 - Hosts: 189.126.119.73 www.cbp.3dsolution.com.br
O1 - Hosts: 189.126.119.73 www.visanet.com.br
O1 - Hosts: 189.126.119.73 www.cetelem.com.br
O1 - Hosts: 189.126.119.73 www.banrisul.com.br
O1 - Hosts: 189.126.119.73 www.paypal.com.br
O1 - Hosts: 189.126.119.73 www.paypal.com
O1 - Hosts: 189.126.119.73 www.virustotal.com.br
O1 - Hosts: 189.126.119.73 www.linhadefensiva.com.br
O1 - Hosts: 189.126.119.73 www.linhadefensiva.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system\wuaucldt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1244960040269
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Micros...b?1248356873049
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11492 bytes

PUBLICIDADE  
 

#2 Anonymous    

Anonymous

    joram

  • Participante
  • 2947 mensagens

Publicado 28 July 2009 - 09:18 PM

Boa Noite! jguidi

<@> Baixe: < LopS&D >
<@> Salve-o no Disco Local-C!
<@> Instale o programa e clique em: LopSD.cmd
<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

Posted Image

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

Posted Image

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.
<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )
<@> Poste,também,HijackThis atualizado.

Abraços!
joram

#3 jguidi    

jguidi
  • Participante
  • 6 mensagens

Publicado 28 July 2009 - 10:32 PM

Boa noite, joram. Obrigado ai.

(Y)

Fiz o que você pediu, seguem os logs.

Log do Lop SD:



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron™ Processor 3500+ )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Julio Guidi ( Administrator )
BOOT : Normal boot
antivírus : avast! antivírus 4.8.1229 [VPS 090728-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:4 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 28/07/2009|22:16 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Lista de pastas em Local

[17/12/2007|07:24] C:\Users\JULIOG~1\AppData\Local\{C8A2BB40-90D2-4928-AB81-2A84EFB7EA4C}
[16/06/2008|00:01] C:\Users\JULIOG~1\AppData\Local\ABBYY
[12/12/2007|17:01] C:\Users\JULIOG~1\AppData\Local\Adobe
[16/07/2009|11:23] C:\Users\JULIOG~1\AppData\Local\Apps
[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\AtStart.txt
[28/07/2009|18:23] C:\Users\JULIOG~1\AppData\Local\d3d9caps.dat
[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Dados de aplicativos
[15/06/2009|23:29] C:\Users\JULIOG~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16/07/2009|11:26] C:\Users\JULIOG~1\AppData\Local\Deployment
[25/10/2008|21:21] C:\Users\JULIOG~1\AppData\Local\DNA
[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\DSwitch.txt
[30/08/2008|10:43] C:\Users\JULIOG~1\AppData\Local\eMule
[26/05/2009|14:35] C:\Users\JULIOG~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/07/2009|11:27] C:\Users\JULIOG~1\AppData\Local\Google
[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Hist¢rico
[28/07/2009|19:13] C:\Users\JULIOG~1\AppData\Local\IconCache.db
[29/03/2009|23:36] C:\Users\JULIOG~1\AppData\Local\Microsoft
[02/07/2009|22:53] C:\Users\JULIOG~1\AppData\Local\Microsoft Games
[01/04/2008|19:30] C:\Users\JULIOG~1\AppData\Local\Mozilla
[21/12/2007|20:08] C:\Users\JULIOG~1\AppData\Local\Pando
[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\QSwitch.txt
[15/12/2007|01:37] C:\Users\JULIOG~1\AppData\Local\QuickPlay
[28/07/2009|22:16] C:\Users\JULIOG~1\AppData\Local\Temp
[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Temporary Internet Files
[25/05/2006|16:52] C:\Users\JULIOG~1\AppData\Local\unrar.dll
[24/02/2008|12:13] C:\Users\JULIOG~1\AppData\Local\VirtualStore

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[28/07/2009 19:16][--a------] C:\Windows\tasks\AWC Startup.job
[28/07/2009 21:31][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000UA.job
[25/07/2009 11:36][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000Core.job
[28/07/2009 19:16][--ah-----] C:\Windows\tasks\SA.DAT
[28/07/2009 19:14][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[15/06/2008|23:53] C:\ProgramData\ABBYY
[11/08/2007|07:58] C:\ProgramData\Adobe
[02/11/2006|09:59] C:\ProgramData\Application Data
[22/05/2008|16:05] C:\ProgramData\CyberLink
[21/11/2006|12:59] C:\ProgramData\Dados de aplicativos
[02/11/2006|09:59] C:\ProgramData\Desktop
[21/11/2006|12:59] C:\ProgramData\Documentos
[02/11/2006|09:59] C:\ProgramData\Documents
[15/12/2007|10:50] C:\ProgramData\eMule
[02/11/2006|09:59] C:\ProgramData\Favorites
[21/11/2006|12:59] C:\ProgramData\Favoritos
[30/06/2009|09:37] C:\ProgramData\GbPlugin
[11/08/2007|08:19] C:\ProgramData\Hewlett-Packard
[05/02/2008|10:39] C:\ProgramData\HotSync
[12/12/2007|15:48] C:\ProgramData\HP
[11/08/2007|07:37] C:\ProgramData\InstallShield
[09/02/2008|08:38] C:\ProgramData\LUUnInstall.LiveUpdate
[21/11/2006|12:59] C:\ProgramData\Menu Iniciar
[21/03/2009|10:46] C:\ProgramData\Microsoft
[21/11/2006|12:59] C:\ProgramData\Modelos
[23/07/2009|10:36] C:\ProgramData\NOS
[23/07/2009|13:50] C:\ProgramData\NVIDIA
[28/07/2009|19:18] C:\ProgramData\nvModes.001
[28/07/2009|18:25] C:\ProgramData\nvModes.dat
[28/07/2009|22:11] C:\ProgramData\pdf995
[26/06/2009|15:56] C:\ProgramData\Roxio
[10/01/2009|21:28] C:\ProgramData\Sonic
[28/07/2009|18:46] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|09:59] C:\ProgramData\Start Menu
[09/02/2008|08:38] C:\ProgramData\Symantec
[02/11/2006|09:59] C:\ProgramData\Templates
[25/10/2008|01:58] C:\ProgramData\WindowsSearch
[12/12/2007|16:59] C:\ProgramData\WLInstaller

--------------------\\ Lista de pastas em C:\Program Files

[15/06/2008|23:55] C:\Program Files\ABBYY FineReader 7.0 Professional Edition
[24/02/2008|11:37] C:\Program Files\Adobe
[09/02/2008|08:39] C:\Program Files\Alwil Software
[21/11/2006|12:59] C:\Program Files\Arquivos Comuns [c:\Program Files\Common Files]
[25/10/2008|21:21] C:\Program Files\BitTorrent
[12/12/2007|16:48] C:\Program Files\BrOffice.org 2.3
[28/07/2009|18:40] C:\Program Files\Common Files
[23/07/2009|12:43] C:\Program Files\CONEXANT
[24/05/2009|13:19] C:\Program Files\Cool2000
[11/05/2009|07:12] C:\Program Files\Copernic Summarizer
[05/06/2008|00:20] C:\Program Files\Corel
[08/10/2008|00:20] C:\Program Files\CyberLink
[11/05/2009|07:10] C:\Program Files\Despertador do Funcion rio P£blico 2.0
[07/04/2009|01:51] C:\Program Files\DivX
[31/01/2009|17:46] C:\Program Files\DNA
[17/08/2008|10:39] C:\Program Files\docPrint v3.3
[30/08/2008|10:43] C:\Program Files\DreMule
[19/07/2009|00:20] C:\Program Files\Easy Text To HTML Converter
[13/12/2007|00:51] C:\Program Files\FTP Commander
[30/06/2009|09:37] C:\Program Files\GbPlugin
[30/11/2008|01:20] C:\Program Files\GoldWave
[11/08/2007|08:16] C:\Program Files\Hewlett-Packard
[11/08/2007|08:00] C:\Program Files\HP
[11/08/2007|08:09] C:\Program Files\HPQ
[14/06/2009|02:26] C:\Program Files\Image Comparer
[28/03/2009|12:34] C:\Program Files\ImTOO
[11/05/2009|10:58] C:\Program Files\InstallShield Installation Information
[28/01/2008|23:19] C:\Program Files\Internet Download Manager
[22/07/2009|03:00] C:\Program Files\Internet Explorer
[28/07/2009|18:35] C:\Program Files\IObit
[28/07/2009|18:53] C:\Program Files\Java
[21/04/2009|06:05] C:\Program Files\K-Lite Codec Pack
[05/04/2008|22:29] C:\Program Files\Macromedia
[23/07/2009|02:49] C:\Program Files\Megacubo
[21/03/2009|10:49] C:\Program Files\Microsoft
[12/12/2007|22:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[07/12/2008|22:30] C:\Program Files\Microsoft FrontPage
[02/11/2006|09:35] C:\Program Files\Microsoft Games
[07/12/2008|22:29] C:\Program Files\Microsoft Office
[23/07/2009|09:57] C:\Program Files\Microsoft Silverlight
[07/12/2008|22:31] C:\Program Files\Microsoft Visual Studio
[11/06/2009|03:02] C:\Program Files\Microsoft Works
[17/09/2008|01:47] C:\Program Files\Movie Maker
[18/07/2009|13:36] C:\Program Files\Mozilla Firefox
[02/11/2006|09:35] C:\Program Files\MSBuild
[12/12/2007|22:10] C:\Program Files\MSXML 4.0
[23/07/2009|10:36] C:\Program Files\NOS
[05/02/2008|10:48] C:\Program Files\Palm
[24/02/2008|12:02] C:\Program Files\pdf995
[06/02/2008|19:30] C:\Program Files\PhotoFiltre
[21/04/2009|11:32] C:\Program Files\Real
[02/11/2006|09:35] C:\Program Files\Reference Assemblies
[11/08/2007|07:43] C:\Program Files\Roxio
[11/08/2007|08:07] C:\Program Files\Servi‡os online
[06/06/2009|00:37] C:\Program Files\SopCast
[28/07/2009|18:37] C:\Program Files\Spybot - Search & Destroy
[09/02/2008|08:37] C:\Program Files\Symantec
[11/08/2007|07:23] C:\Program Files\Synaptics
[28/07/2009|19:49] C:\Program Files\The Cleaner
[28/07/2009|20:00] C:\Program Files\Trend Micro
[27/04/2009|01:20] C:\Program Files\TVUPlayer
[02/11/2006|09:58] C:\Program Files\Uninstall Information
[24/02/2008|12:07] C:\Program Files\Virtual PDF Printer
[24/02/2008|11:52] C:\Program Files\Virtual Pictures
[17/09/2008|01:47] C:\Program Files\Windows Calendar
[17/09/2008|01:47] C:\Program Files\Windows Collaboration
[17/09/2008|01:47] C:\Program Files\Windows Defender
[21/03/2009|10:48] C:\Program Files\Windows Live
[29/03/2009|23:39] C:\Program Files\Windows Live Safety Center
[21/03/2009|10:48] C:\Program Files\Windows Live SkyDrive
[16/07/2009|03:01] C:\Program Files\Windows Mail
[11/03/2009|03:06] C:\Program Files\Windows Media Player
[21/11/2006|12:59] C:\Program Files\Windows NT
[17/09/2008|01:47] C:\Program Files\Windows Photo Gallery
[17/09/2008|01:47] C:\Program Files\Windows Sidebar
[03/01/2008|02:02] C:\Program Files\WinRAR

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[18/10/2008|16:04] C:\Program Files\Common Files\Adobe
[05/06/2008|00:20] C:\Program Files\Common Files\Corel
[07/12/2008|22:31] C:\Program Files\Common Files\Designer
[05/02/2008|10:35] C:\Program Files\Common Files\InstallShield
[11/08/2007|08:08] C:\Program Files\Common Files\LightScribe
[06/03/2009|03:00] C:\Program Files\Common Files\Microsoft shared
[21/04/2009|11:32] C:\Program Files\Common Files\Real
[11/08/2007|07:41] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|08:18] C:\Program Files\Common Files\Services
[21/11/2006|12:59] C:\Program Files\Common Files\Sistema [c:\Program Files\Common Files\System]
[11/08/2007|07:41] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines
[11/08/2007|07:44] C:\Program Files\Common Files\SureThing Shared
[09/02/2008|08:38] C:\Program Files\Common Files\Symantec Shared
[07/12/2008|22:30] C:\Program Files\Common Files\System
[24/02/2008|11:38] C:\Program Files\Common Files\Vbox
[21/03/2009|10:46] C:\Program Files\Common Files\Windows Live
[12/12/2007|17:03] C:\Program Files\Common Files\WindowsLiveInstaller
[21/04/2009|11:32] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 75 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO


--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 22:16:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\Users\JULIOG~1\Desktop\M£sicas\HIP HOP\March Hits 2009\The Hidden Corner\Eminem - Crack A Bottle.mp3
C:\Users\JULIOG~1\Documents\ImTOO Software Studio\3GP Video Converter\crack.js
C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen
C:\Users\JULIOG~1\Downloads\eMule\Incoming\Tmpgenc Dvd Author 3 With Divx Authoring Crack Full 100% Valid.rar
C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\file_id.diz
C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\frp7kg.exe
C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\ssg.nfo
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus.rar
C:\Users\JULIOG~1\Downloads\Programs\3GP+Video+Converter\keygen.exe
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\file_id.diz
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\L33VaNcL33F.nfo
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TDA3_Retail_3.0.5.149_install_EN.exe
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.en.lic
C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.exe
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TDA3_Retail_3.0.5.149_install_EN.exe
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\file_id.diz
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\L33VaNcL33F.nfo
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.en.lic
C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.exe
C:\Users\JULIOG~1\Sites\Estudio\busca\EMBRACE\submitwolf-keygen.exe


[F:107][D:12]-> C:\Users\JULIOG~1\AppData\Local\Temp
[F:117][D:1]-> C:\Users\JULIOG~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:52][D:4]-> C:\Users\JULIOG~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 28/07/2009|22:21 - Option : [2]



-------------- // -------------------

Log do Hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:31, on 28/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system\wuaucldt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Users\Julio Guidi\msie81xp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 189.126.119.73 bb.com.br
O1 - Hosts: 189.126.119.73 bancodobrasil.com.br
O1 - Hosts: 189.126.119.73 bradesco.com.br
O1 - Hosts: 189.126.119.73 itau.com.br
O1 - Hosts: 189.126.119.73 itaupersonnalite.com.br
O1 - Hosts: 189.126.119.73 itauprivatebank.com.br
O1 - Hosts: 189.126.119.73 santander.com.br
O1 - Hosts: 189.126.119.73 banespa.com.br
O1 - Hosts: 189.126.119.73 santanderbanespa.com.br
O1 - Hosts: 189.126.119.73 citibank.com.br
O1 - Hosts: 189.126.119.73 citibank.com
O1 - Hosts: 189.126.119.73 infoseg.gov.br
O1 - Hosts: 189.126.119.73 real.com.br
O1 - Hosts: 189.126.119.73 bancoreal.com.br
O1 - Hosts: 189.126.119.73 unibanco.com
O1 - Hosts: 189.126.119.73 unibanco.com.br
O1 - Hosts: 189.126.119.73 serasa.com.br
O1 - Hosts: 189.126.119.73 infobusca.informarketing.com
O1 - Hosts: 189.126.119.73 equifax.com.br
O1 - Hosts: 189.126.119.73 sci.com.br
O1 - Hosts: 189.126.119.73 e-tim.timbrasil.com.br
O1 - Hosts: 189.126.119.73 cbp.3dsolution.com.br
O1 - Hosts: 189.126.119.73 visanet.com.br
O1 - Hosts: 189.126.119.73 cetelem.com.br
O1 - Hosts: 189.126.119.73 banrisul.com.br
O1 - Hosts: 189.126.119.73 paypal.com.br
O1 - Hosts: 189.126.119.73 paypal.com
O1 - Hosts: 189.126.97.116 virustotal.com.br
O1 - Hosts: 189.126.97.116 linhadefensiva.com.br
O1 - Hosts: 189.126.97.116 linhadefensiva.org
O1 - Hosts: 189.126.119.73 www.bb.com.br
O1 - Hosts: 189.126.119.73 www.bancodobrasil.com.br
O1 - Hosts: 189.126.119.73 www.bradesco.com.br
O1 - Hosts: 189.126.119.73 www.itau.com.br
O1 - Hosts: 189.126.119.73 www.itaupersonnalite.com.br
O1 - Hosts: 189.126.119.73 www.itauprivatebank.com.br
O1 - Hosts: 189.126.119.73 www.santander.com.br
O1 - Hosts: 189.126.119.73 www.banespa.com.br
O1 - Hosts: 189.126.119.73 www.santanderbanespa.com.br
O1 - Hosts: 189.126.119.73 www.citibank.com.br
O1 - Hosts: 189.126.119.73 www.citibank.com
O1 - Hosts: 189.126.119.73 www.infoseg.gov.br
O1 - Hosts: 189.126.119.73 www.unibanco.com
O1 - Hosts: 189.126.119.73 www.unibanco.com.br
O1 - Hosts: 189.126.119.73 www.real.com.br
O1 - Hosts: 189.126.119.73 www.bancoreal.com.br
O1 - Hosts: 189.126.119.73 www.serasa.com.br
O1 - Hosts: 189.126.119.73 www.equifax.com.br
O1 - Hosts: 189.126.119.73 www.sci.com.br
O1 - Hosts: 189.126.119.73 www.infobusca.informarketing.com
O1 - Hosts: 189.126.119.73 www.e-tim.timbrasil.com.br
O1 - Hosts: 189.126.119.73 www.cbp.3dsolution.com.br
O1 - Hosts: 189.126.119.73 www.visanet.com.br
O1 - Hosts: 189.126.119.73 www.cetelem.com.br
O1 - Hosts: 189.126.119.73 www.banrisul.com.br
O1 - Hosts: 189.126.119.73 www.paypal.com.br
O1 - Hosts: 189.126.119.73 www.paypal.com
O1 - Hosts: 189.126.119.73 www.virustotal.com.br
O1 - Hosts: 189.126.119.73 www.linhadefensiva.com.br
O1 - Hosts: 189.126.119.73 www.linhadefensiva.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system\wuaucldt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1244960040269
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Micros...b?1248356873049
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11653 bytes

#4 Anonymous    

Anonymous

    joram

  • Participante
  • 2947 mensagens

Publicado 28 July 2009 - 10:44 PM

Boa Noite! jguidi

<@> Baixe: < HostsXpert >
<@> Salve-a no Desktop!
<@> Descompacte-a e execute: HostsXpert.exe
<@> Feche todas as janelas e o navegador!
<@> Clique em Restore Microsoft's Hosts file --> Ok.
<@> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.
<@> Finalize o programa e reinicie o computador!
<><><><><><><><><>
<@> Baixe: < Posted Image > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!
joram

#5 jguidi    

jguidi
  • Participante
  • 6 mensagens

Publicado 28 July 2009 - 11:34 PM

O ComboFix não está rodando. Já tentei renomea-lo para kombo.exe. Já até rodei em modo de segurança e também, como administrador. Está dando uma mensagem de erro,

"Cuidado:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe
ComboFix.exe pode ser baixado em qualquer um dos sites acima. Se você baixou de outro site, é provável que ele esteja infectado. Para sua tranquilidade, recomendo que você delete a cópia atual e baixe uma cópia limpa."

Alguma idéia?

#6 Anonymous    

Anonymous

    joram

  • Participante
  • 2947 mensagens

Publicado 28 July 2009 - 11:55 PM

O ComboFix não está rodando. Já tentei renomea-lo para kombo.exe. Já até rodei em modo de segurança e também, como administrador. Está dando uma mensagem de erro,

"Cuidado:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe
ComboFix.exe pode ser baixado em qualquer um dos sites acima. Se você baixou de outro site, é provável que ele esteja infectado. Para sua tranquilidade, recomendo que você delete a cópia atual e baixe uma cópia limpa."

Alguma idéia?

<><><><><><><><>
Opa! jguidi

<!> Siga então,com o HostsXpert.
<><><><><><><><>
<@> Baixe: < Malwarebytes >
<@> Atualize o programa!
<@> Escolha o escaneamento Completo!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Terminando,clique em "Remover itens".
<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt <--
<><><><><><><><>
<@> Baixe: < DDS > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.
<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.
<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--
<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.
<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--
<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.
<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.
<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

Abraços!
joram

#7 jguidi    

jguidi
  • Participante
  • 6 mensagens

Publicado 29 July 2009 - 12:06 AM

Caro amigo,

No final das contas acabou rodando o ComboFix, apenas dei um ok na mensagem que aparecia e o autoscan foi realizado, vou enviar os logs do ComboFix e do Hijack.

Log do ComboFix:

ComboFix 09-07-28.01 - Julio Guidi 28/07/2009 23:46.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.1470.537 [GMT -3:00]
Executando de: c:\users\Julio Guidi\Desktop\ComboFix.exe
AV: avast! antivírus 4.8.1229 [VPS 090728-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivírus 4.8.1229 [VPS 090728-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2477048456-252282721-4059469227-500

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))
.

2009-07-29 02:54 . 2009-07-29 02:55 -------- d-----w- c:\users\Julio Guidi\AppData\Local\temp
2009-07-29 02:18 . 2009-07-29 02:18 -------- d-s---w- C:\Kombo
2009-07-29 01:15 . 2009-07-29 01:21 -------- d-----w- C:\Lop SD
2009-07-29 01:14 . 2009-07-29 01:14 -------- d-----w- C:\Lop
2009-07-29 00:13 . 2009-07-29 00:13 399360 ---h--w- c:\users\Julio Guidi\msie81xp.exe
2009-07-28 23:00 . 2009-07-28 23:00 -------- d-----w- c:\program files\Trend Micro
2009-07-28 22:32 . 2009-07-28 22:44 -------- d-----w- C:\LinhaDefensiva
2009-07-28 21:53 . 2009-07-28 21:53 -------- d-----w- c:\program files\Java
2009-07-28 21:37 . 2009-07-28 21:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-28 21:37 . 2009-07-28 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 21:35 . 2009-07-28 21:35 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\IObit
2009-07-28 21:31 . 2009-07-28 22:49 -------- d-----w- c:\program files\The Cleaner
2009-07-23 16:29 . 2007-01-03 14:20 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-23 16:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-23 16:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-23 16:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-23 16:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-23 16:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-23 16:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-23 16:02 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-23 15:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-23 15:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-23 15:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-23 15:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-23 15:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 13:29 . 2009-07-23 13:36 -------- d-----w- c:\programdata\NOS
2009-07-23 13:29 . 2009-07-23 13:36 -------- d-----w- c:\program files\NOS
2009-07-20 15:07 . 2009-07-20 15:07 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\Uniblue
2009-07-19 14:37 . 2009-07-19 14:37 2375680 ----a-w- c:\windows\system\jumpm.exe
2009-07-19 14:37 . 2009-07-19 14:37 214528 ---h--w- c:\windows\system\wuaucldt.exe
2009-07-19 03:20 . 2009-07-19 03:20 -------- d-----w- c:\program files\Easy Text To HTML Converter
2009-07-19 03:04 . 2009-07-19 03:04 -------- d-----w- c:\users\Julio Guidi\.fop
2009-07-19 03:04 . 2009-07-19 03:04 -------- d-----w- c:\users\Julio Guidi\.docx4all
2009-07-19 03:02 . 2009-07-19 03:02 -------- d-----w- c:\users\Julio Guidi\.javafxcache
2009-07-19 03:01 . 2009-07-19 03:01 -------- d-----w- c:\users\Julio Guidi\.vfsjfilechooser
2009-07-16 14:26 . 2009-07-16 14:27 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Google
2009-07-16 14:23 . 2009-07-16 14:23 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Apps
2009-07-16 14:23 . 2009-07-16 14:26 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Deployment
2009-07-15 13:39 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:39 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:39 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:39 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-30 05:00 . 2009-06-15 22:19 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 02:44 . 2008-02-24 15:02 -------- d-----w- c:\programdata\pdf995
2009-07-29 02:44 . 2008-02-24 15:02 60 ----a-w- c:\windows\wpd99.drv
2009-07-29 02:26 . 2006-11-06 01:23 634202 ----a-w- c:\windows\system32\prfh0416.dat
2009-07-29 02:26 . 2006-11-06 01:23 121888 ----a-w- c:\windows\system32\prfc0416.dat
2009-07-28 21:53 . 2009-02-03 00:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 21:35 . 2008-08-18 23:29 -------- d-----w- c:\program files\IObit
2009-07-28 21:25 . 2009-07-23 16:29 68742 ----a-w- c:\programdata\nvModes.dat
2009-07-28 21:23 . 2008-04-03 23:14 7620 ----a-w- c:\users\Julio Guidi\AppData\Local\d3d9caps.dat
2009-07-23 16:50 . 2007-12-12 19:38 -------- d-----w- c:\programdata\NVIDIA
2009-07-23 15:43 . 2007-08-11 10:20 -------- d-----w- c:\program files\CONEXANT
2009-07-23 12:57 . 2009-03-05 02:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-23 05:49 . 2009-04-27 04:19 -------- d-----w- c:\program files\Megacubo
2009-07-16 06:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 12:37 . 2009-02-28 13:45 -------- d-----w- c:\programdata\GbPlugin
2009-06-30 12:37 . 2009-02-28 13:45 -------- d-----w- c:\program files\GbPlugin
2009-06-26 18:56 . 2009-01-11 01:13 -------- d-----w- c:\programdata\Roxio
2009-06-26 17:20 . 2007-12-12 19:52 1 ----a-w- c:\users\Julio Guidi\AppData\Roaming\BrOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-26 17:20 . 2007-12-12 19:51 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\BrOffice.org2
2009-06-14 05:26 . 2009-06-14 05:26 -------- d-----w- c:\program files\Image Comparer
2009-06-11 06:02 . 2007-08-11 10:55 -------- d-----w- c:\program files\Microsoft Works
2009-06-06 03:37 . 2009-04-27 04:19 -------- d-----w- c:\program files\SopCast
2009-05-26 17:35 . 2007-12-12 14:40 91728 ----a-w- c:\users\Julio Guidi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-25 22:05 . 2009-05-25 22:05 10134 ----a-r- c:\users\Julio Guidi\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-10 23:54 . 2007-12-12 18:48 38079 ----a-w- c:\users\Julio Guidi\AppData\Roaming\nvModes.dat
2009-05-09 05:50 . 2009-06-14 06:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-14 06:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 16:36 . 2009-05-11 23:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-01 16:03 . 2008-05-01 16:03 608 --sha-w- c:\windows\System32\winzvprt5.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-16 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\program files\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gerenciador de HotSync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Gerenciador de HotSync.lnk
backup=c:\windows\pss\Gerenciador de HotSync.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\IDMan

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F097F5EF-279E-43C9-9853-BBFEE9960587}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{3782F639-7816-402A-B161-4D3AE8190C4B}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"TCP Query User{9663C8BE-CA3C-4985-9431-6032BDCF9ADA}c:\\program files\\dremule\\emule.exe"= UDP:c:\program files\dremule\emule.exe:Dreamule
"UDP Query User{6F35F484-8446-4B4B-A316-DA2A16D86241}c:\\program files\\dremule\\emule.exe"= TCP:c:\program files\dremule\emule.exe:Dreamule
"TCP Query User{EDB4BC33-C0CB-47C6-8A34-8E2E70F090A4}c:\\program files\\dremule\\emule.exe"= UDP:c:\program files\dremule\emule.exe:Dreamule
"UDP Query User{88C73A6A-4675-49C5-BBBA-91B4A9941D71}c:\\program files\\dremule\\emule.exe"= TCP:c:\program files\dremule\emule.exe:Dreamule
"{1A45DD18-0424-426B-88CD-EB3775A82F2D}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{6B318D8D-E71D-4D91-A522-E9DFE2FBA433}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{5E89CDCC-48B0-4BDD-B53B-F02B8C3D3171}"= UDP:53541:53541
"{8FBBE789-68BA-4386-A7C8-C74514FBFFEC}"= TCP:14931:14931
"TCP Query User{D491449C-08B7-4AC6-90AD-E2117EC925DF}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{ECD70FA5-A8A6-4C11-8B83-02E946CD528E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{17885EE0-4A51-4906-A1E4-41F7876C08CE}c:\\users\\julio guidi\\program files\\dna\\btdna.exe"= UDP:c:\users\julio guidi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{041BA2AB-1044-4D32-9664-8EFBA726B1BD}c:\\users\\julio guidi\\program files\\dna\\btdna.exe"= TCP:c:\users\julio guidi\program files\dna\btdna.exe:btdna.exe
"{1D9B8AC7-B3FD-4AD4-993A-F9009F9C7471}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3E550B93-FAFB-4810-8353-6970BAFC6AAD}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{C58791F5-11ED-4247-988E-63C206651F42}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{6C6385B7-1DAD-442A-B95A-5C38542C3ADA}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{19D5721B-7948-40C4-9D1B-11ACF4AA8857}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{A5A38FD4-CB14-40E7-BB64-F3EB3A154FD7}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 GbpKm;Gbp KernelMode;c:\windows\System32\drivers\gbpkm.sys [30/06/2009 02:00 27056]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 01:26 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/02/2008 08:39 51280]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [28/02/2009 10:45 53552]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/07/2009 18:37 1153368]
S3 usb2vcom;USB Data Cable;c:\windows\System32\drivers\usb2vcom.sys [04/10/2008 11:46 28704]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\Microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-07-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-28 12:55]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000Core.job
- c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 14:26]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000UA.job
- c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 14:26]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.globo.com/
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Julio Guidi\AppData\Roaming\Mozilla\Firefox\Profiles\yjq2dfmr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Julio Guidi\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 23:55
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-2172417707-4275060026-1713001662-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7e,cc,a4,11,28,5c,79,07,19,75,05,e9,4d,9e,9b,8d,20,5c,3e,dd,24,
0b,5f,85,dc,ef,20,8c,c3,18,22,d6,51,60,f9,51,15,85,d7,7f,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2172417707-4275060026-1713001662-1000_Classes\CLSID\{7a09ffc5-b447-4116-b0b3-5e58888cde6c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,62,3b,0d,e0,83,f3,8a,5e,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (Y) (Users)
@Denied: (Y) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-07-29 23:57
ComboFix-quarantined-files.txt 2009-07-29 02:57

Pré-execução: 24.816.861.184 bytes disponíveis
Pós execução: 24.803.590.144 bytes disponíveis

228 --- E O F --- 2009-07-28 21:36


----------- // -----------------

Log do Hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:19, on 29/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1244960040269
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Micros...b?1248356873049
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7756 bytes

#8 Anonymous    

Anonymous

    joram

  • Participante
  • 2947 mensagens

Publicado 29 July 2009 - 12:39 AM

Bom Dia! jguidi

<!> você possui 2 antivírus: Norton + Avast.
<!> Desinstale o Norton,se for do seu agrado.
<><><><><><><><>
<@> Baixe Malwarebytes e poste seu relatório.

Abraços!
joram

#9 jguidi    

jguidi
  • Participante
  • 6 mensagens

Publicado 29 July 2009 - 11:22 AM

Bom Dia! jguidi

<!> você possui 2 antivírus: Norton + Avast.
<!> Desinstale o Norton,se for do seu agrado.
<><><><><><><><>
<@> Baixe Malwarebytes e poste seu relatório.

Abraços!


Bom dia Amigo,

Segue o log do Malwarebytes:

Malwarebytes' Anti-Malware 1.39
Versão do banco de dados: 2525
Windows 6.0.6001 Service Pack 1

29/07/2009 11:16:28
mbam-log-2009-07-29 (11-16-28).txt

Tipo de Verificação: Completa (C:\|D:\|)
Objetos verificados: 266135
Tempo decorrido: 1 hour(s), 19 minute(s), 32 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 3

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
c:\program files\Megacubo\bin\sopcore.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Windows\system\wuaucldt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Windows\system\jumpm.exe (Trojan.Banker) -> Quarantined and deleted successfully.

#10 Anonymous    

Anonymous

    joram

  • Participante
  • 2947 mensagens

Publicado 29 July 2009 - 02:00 PM

Boa Tarde! jguidi

<!> Alguns problemas foram removidos pelo antimalware. ( MBAM )
<!> O log do HijackThis,está limpo! (Y)
°°°°°°°°°°°°°°°°°°°°°°°
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
°°°°°°°°°°°°°°°°°°°°°°°
<!> Tudo Ok?

Abraços!
joram


PUBLICIDADE