Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computador infectado


  • This topic is locked This topic is locked
2 replies to this topic

#1 fhrupp

fhrupp

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 08 December 2009 - 02:30 AM

Attached File  Attach.txt   9.7KB   0 downloadsAttached File  Attach.txt   9.7KB   0 downloads
DDS (Ver_09-12-01.01) - NTFSx86
Run by fernando at 4:06:28,29 on ter 08/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.446.92 [GMT -2:00]


============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\imapi.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\ARQUIV~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\DAP\DAP.EXE
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\fernando\CONFIG~1\Temp\_av_inet.tm~a02368\setuppor.exe
C:\DOCUME~1\fernando\CONFIG~1\Temp\_av_sfx.tm~a02496\avast.setup
C:\Documents and Settings\fernando\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.globo.com/
uSearch Bar =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Auxiliar de Conex„o do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\googletoolbar1.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\arquiv~1\dap\DAPIEL~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [DownloadAccelerator] "c:\arquivos de programas\dap\DAP.EXE" /STARTUP
mRun: [ATICCC] "c:\arquivos de programas\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KTPWare] c:\arquivos de programas\elantech\ktp.exe
mRun: [LManager] c:\arquiv~1\launch~1\LManager.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\blueto~1.lnk - c:\arquivos de programas\widcomm\bluetooth software\BTTray.exe
IE: &Clean Traces - c:\arquivos de programas\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\dap\dapextie.htm
IE: Download &all with DAP - c:\arquivos de programas\dap\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\arquivos de programas\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\arquivos de programas\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2009-7-15 30752]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-7-15 54048]
R4 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2009-3-4 138680]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S2 gupdate1c9eb0485a5ddaa;Google Update Service (gupdate1c9eb0485a5ddaa);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-6-12 133104]

=============== Created Last 30 ================

2009-12-07 01:08:47 0 d-----w- c:\docume~1\alluse~1\dadosd~1\SpeedBit
2009-12-07 01:08:10 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2009-12-07 01:07:58 0 d-----w- c:\arquivos de programas\DAP
2009-11-20 01:46:12 0 d-----w- c:\windows\Performance
2009-11-20 01:31:26 0 d-----w- c:\arquivos de programas\Microsoft Windows 7 Upgrade Advisor
2009-11-13 10:13:07 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2009-11-13 05:31:48 0 d-----w- c:\documents and settings\fernando\BackUp
2009-11-11 16:16:29 0 d-----w- c:\docume~1\fernando\dadosd~1\IObit
2009-11-11 16:16:28 0 d-----w- c:\arquivos de programas\IObit
2009-11-11 15:15:09 0 d-----w- c:\docume~1\alluse~1\dadosd~1\PC Drivers HeadQuarters
2009-11-11 01:37:07 0 d-----w- c:\documents and settings\fernando\Bluetooth Software

==================== Find3M ====================

2009-11-02 01:48:31 468346 ----a-w- c:\windows\system32\perfh016.dat
2009-11-02 01:48:30 79220 ----a-w- c:\windows\system32\perfc016.dat
2009-10-15 16:48:32 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

============= FINISH: 4:07:11,62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 20 December 2009 - 05:29 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 25 December 2009 - 12:52 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users