[Resolvido!]Meu computador não reinicia, não desliga, nem faz logo

[labit 0]

Oi, boa tarde!

 

Há uns dois dias meu computador começou a apresentar alguns problemas... Ele não reinicia, não desliga e nem faz logoff... A única maneira de conseguir reiniciar ou desligar é clicando em iniciar/trocar usuário e então, na tela de escolha do usuário, funciona. É a única maneira! Se alguém puder analisar meu log e me ajudar, agradeço muito! :thumbsup:

 

Abaixo segue o meu log:

Logfile of HijackThis v1.99.1

Scan saved at 13:34:10, on 09/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\winvnc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\windows\system32\aniu.exe

C:\windows\system32\argziwbn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\UQZM.exe

C:\WINDOWS\system32\FXYR.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Real\RealPlayer\realplay.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Documents and Settings\Laura\Desktop\HijackThis.exe

 

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand2526.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Google Notas - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VHVTPZ] c:\windows\system32\vhvtpz.exe

O4 - HKLM\..\Run: [RHMX] c:\windows\system32\rhmx.exe

O4 - HKLM\..\Run: [RSOYBUA] c:\windows\system32\rsoybua.exe

O4 - HKLM\..\Run: [sAMZ] c:\windows\system32\samz.exe

O4 - HKLM\..\Run: [LHGD] c:\windows\system32\lhgd.exe

O4 - HKLM\..\Run: [XAAB] c:\windows\system32\xaab.exe

O4 - HKLM\..\Run: [uQZM] c:\windows\system32\uqzm.exe

O4 - HKLM\..\Run: [FXYR] c:\windows\system32\fxyr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Anotar esta página (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu1.html

O8 - Extra context menu item: Anotar isto (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu2.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Arquivos de programas\MATLAB71\webserver\bin\win32\matlabserver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\winvnc.exe" -service (file missing)

[jgarcia 1]

Opa labit,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[labit 0]

Oi, boa noite!

Aí vai o relatorio do Banker Fix:

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 09/07/2007 - 19:29

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

E o novo log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:34:18, on 09/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\winvnc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\windows\system32\aniu.exe

C:\windows\system32\argziwbn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Laura\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand2526.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Google Notas - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [XAAB] c:\windows\system32\xaab.exe

O4 - HKLM\..\Run: [uQZM] c:\windows\system32\uqzm.exe

O4 - HKLM\..\Run: [FXYR] c:\windows\system32\fxyr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Anotar esta página (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu1.html

O8 - Extra context menu item: Anotar isto (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu2.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Arquivos de programas\MATLAB71\webserver\bin\win32\matlabserver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\winvnc.exe" -service (file missing)

 

 

Muito obrigada! :thumbsup:

[jgarcia 1]

Opa labit,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[labit 0]

Oi, boa tarde!

 

Já executei o ComboFix e estou enviando o log que ele gerou. Duas pastas foram criadas no C (ComboFix e QooBox), gostaria de saber se devo deixá-las no pc ou se posso deletá-las.

Muito obrigada! :thumbsup:

 

"Laura" - 2007-07-11 12:30:20 - ComboFix 07-07-10.1 - Service Pack 2

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\setup.exe.tmp

 

 

((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))

 

 

2007-07-11 12:29 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-11 12:26 1,124,674 --a------ C:\Temp\ComboFix.exe

2007-07-09 18:57 <DIR> d-------- C:\DOCUME~1\Laura\DADOSD~1\Help

2007-07-08 19:26 2,951,802 --a------ C:\Temp\EClea2_0.exe

2007-07-08 13:15 65,536 --a------ C:\WINDOWS\amcap533.exe

2007-07-08 13:15 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys

2007-07-08 13:15 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL

2007-07-08 13:15 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2007-07-08 13:15 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys

2007-07-08 13:15 <DIR> d-------- C:\WINDOWS\Setup533

2007-07-08 12:40 <DIR> d-------- C:\WINDOWS\pss

2007-07-08 01:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

2007-07-08 01:26 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-07-08 01:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-07-08 01:24 18,164,640 --a------ C:\Temp\aaw2007.exe

2007-07-02 20:56 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Real

2007-07-01 20:16 <DIR> d-------- C:\DOCUME~1\Irene\DADOSD~1\Real

2007-07-01 16:21 <DIR> d-------- C:\Arquivos de programas\Real

2007-07-01 16:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-07-01 16:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-07-01 16:20 <DIR> d-------- C:\DOCUME~1\Laura\DADOSD~1\Real

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\ZXFIJ.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\YVZP.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\XCBMYNNDA.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\XAAB.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\UQZM.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\UOSN.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\SSVK.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\RZKD.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\RYDM.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\RVELWAU.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\QGGPK.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\PNOF.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\OPNHMQC.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\OFGINCC.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\OCXEIITM.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\MNABZYDYU.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\MLKT.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\MDWW.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\LUPT.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\LUHZ.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\LTZPHFXFQ.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\LOWPUJND.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\LOIPLD.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\KQEPHAPDB.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\KNIV.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\JRCP.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\JGNBI.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\IYJY.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\IVXZMMDUI.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\IBKVRWJHT.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\HCHEGDJ.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\HAPCDYFCW.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\GWSNJZI.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\FXYR.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\EOWLAF.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\EOEW.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\EHWF.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\DRUPZPAY.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\DHVACCBQM.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\DGTYW.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\CYPWH.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\CRHX.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\CNXBAPP.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\BBLM.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\AKGS.exe

2007-07-01 00:54 193,024 --a------ C:\WINDOWS\system32\AGYD.exe

2007-06-28 20:28 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2007-06-28 20:27 8,231,468 --a------ C:\Temp\DIPJ2007v1.0.exe

2007-06-28 19:05 <DIR> d-------- C:\Arquivos de programas\Vdownloader

2007-06-27 20:58 73,728 -ra------ C:\WINDOWS\CtDrvIns.exe

2007-06-27 20:58 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll

2007-06-27 20:58 1,700,352 -ra------ C:\WINDOWS\system32\GdiPlus.dll

2007-06-26 19:02 255,736 --a------ C:\Temp\GoogleNotebookSetup.exe

2007-06-17 22:25 57,436 --a------ C:\WINDOWS\DASShp.dll

2007-06-17 22:25 <DIR> d-------- C:\Arquivos de programas\Microsoft Reader

2007-06-17 22:15 <DIR> d-------- C:\Temp\Livros

2007-06-12 20:57 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-06-12 20:57 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-06-12 20:57 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-06-12 20:57 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-06-12 20:57 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-06-12 20:57 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-06-12 20:57 11,048 -ra------ C:\WINDOWS\system32\drivers\Bulk536.sys

2007-06-12 20:57 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-06-12 20:56 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-12 20:56 514,859 -ra------ C:\WINDOWS\system32\drivers\Ca536av.sys

2007-06-12 20:56 47,616 --a------ C:\WINDOWS\system\IYUV_32.DLL

2007-06-12 20:56 131,072 -ra------ C:\WINDOWS\system\SP5X_32.DLL

2007-06-12 20:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-08 16:15:00 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-06-29 00:58:03 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-06-26 22:02:55 -------- d-----w C:\Arquivos de programas\Google

2007-06-04 18:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 18:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 18:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-05-25 21:34:07 -------- d-----w C:\Arquivos de programas\BrOffice.org 2.2

2007-05-22 21:48:45 14 ----a-w C:\WINDOWS\system32\systeminfo3.dll

2007-05-22 21:48:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2007-05-22 21:48:18 -------- d-----w C:\Arquivos de programas\CloneDVD

2007-05-19 22:42:51 -------- d-----w C:\Arquivos de programas\Paint.NET

2007-05-19 22:21:38 79,718 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-05-19 22:21:38 472,050 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-05-19 22:21:05 -------- d-----w C:\Arquivos de programas\MSBuild

2007-05-19 22:16:37 -------- d-----w C:\Arquivos de programas\Reference Assemblies

2007-05-01 03:42:47 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-13 18:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-04-11 00:30:43 47,315 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2007-04-11 00:30:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2007-04-11 00:30:43 2,150 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]

2007-04-28 13:53 124416 --------- C:\Arquivos de programas\Scpad\scpsssh2.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-27 10:26 2423872 -ra------ c:\arquivos de programas\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-05-19 18:12 324536 --a------ C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

2007-01-10 13:08 222392 --a------ C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCCCCCD3-666F-4F81-8B69-745DE9F6D897}]

2007-06-26 19:02 311296 --a------ C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 C:\WINDOWS\soundman.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-22 21:16]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-11-30 12:12]

"WinVNC"="C:\Arquivos de programas\UltraVNC\winvnc.exe" [2006-06-18 14:56]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-07-01 16:21]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"="C:\Arquivos de programas\Scpad\scpLIB.dll" [2007-04-28 11:23]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\WINDOWS\Downloaded Program Files\gbiehabn.dll" [2007-01-10 13:08]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{A3717295-941D-416F-9384-ED1736729F1C}"="C:\Arquivos de programas\Scpad\scpLIB.dll" [2007-04-28 11:23]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

 

 

Contents of the 'Scheduled Tasks' folder

2007-04-14 10:58:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-11 12:47:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-11 12:48:30

C:\ComboFix-quarantined-files.txt ... 2007-07-11 12:48

 

--- E O F ---

[jgarcia 1]

Opa labit,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\ZXFIJ.exe

C:\WINDOWS\system32\YVZP.exe

C:\WINDOWS\system32\XCBMYNNDA.exe

C:\WINDOWS\system32\XAAB.exe

C:\WINDOWS\system32\UQZM.exe

C:\WINDOWS\system32\UOSN.exe

C:\WINDOWS\system32\SSVK.exe

C:\WINDOWS\system32\RZKD.exe

C:\WINDOWS\system32\RYDM.exe

C:\WINDOWS\system32\RVELWAU.exe

C:\WINDOWS\system32\QGGPK.exe

C:\WINDOWS\system32\PNOF.exe

C:\WINDOWS\system32\OPNHMQC.exe

C:\WINDOWS\system32\OFGINCC.exe

C:\WINDOWS\system32\OCXEIITM.exe

C:\WINDOWS\system32\MNABZYDYU.exe

C:\WINDOWS\system32\MLKT.exe

C:\WINDOWS\system32\MDWW.exe

C:\WINDOWS\system32\LUPT.exe

C:\WINDOWS\system32\LUHZ.exe

C:\WINDOWS\system32\LTZPHFXFQ.exe

C:\WINDOWS\system32\LOWPUJND.exe

C:\WINDOWS\system32\LOIPLD.exe

C:\WINDOWS\system32\KQEPHAPDB.exe

C:\WINDOWS\system32\KNIV.exe

C:\WINDOWS\system32\JRCP.exe

C:\WINDOWS\system32\JGNBI.exe

C:\WINDOWS\system32\IYJY.exe

C:\WINDOWS\system32\IVXZMMDUI.exe

C:\WINDOWS\system32\IBKVRWJHT.exe

C:\WINDOWS\system32\HCHEGDJ.exe

C:\WINDOWS\system32\HAPCDYFCW.exe

C:\WINDOWS\system32\GWSNJZI.exe

C:\WINDOWS\system32\FXYR.exe

C:\WINDOWS\system32\EOWLAF.exe

C:\WINDOWS\system32\EOEW.exe

C:\WINDOWS\system32\EHWF.exe

C:\WINDOWS\system32\DRUPZPAY.exe

C:\WINDOWS\system32\DHVACCBQM.exe

C:\WINDOWS\system32\DGTYW.exe

C:\WINDOWS\system32\CYPWH.exe

C:\WINDOWS\system32\CRHX.exe

C:\WINDOWS\system32\CNXBAPP.exe

C:\WINDOWS\system32\BBLM.exe

C:\WINDOWS\system32\AKGS.exe

C:\WINDOWS\system32\AGYD.exe

C:\windows\system32\aniu.exe

C:\windows\system32\argziwbn.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque (e quaisquer outras em que apareçam letras embaralhadas.exe):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [XAAB] c:\windows\system32\xaab.exe

O4 - HKLM\..\Run: [uQZM] c:\windows\system32\uqzm.exe

O4 - HKLM\..\Run: [FXYR] c:\windows\system32\fxyr.exe

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[labit 0]

Olá!!

 

Executei o procedimento indicado e parece que está tudo funcionando novamente! Já está reiniciando, desligando e fazendo logoff!

Gostaria só de saber se posso deletar as pastas ComboFix e QooBox que foram criadas no "C" após a execução do ComboFix e se preciso fazer mais alguma coisa... Marquei todas as indicadas no procedimento anterior no HijackThis, mas vi que a "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =" continua aparecendo no novo log, tem problema?

 

Aí vai o novo log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 00:45:36, on 12/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\MATLAB71\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MATLAB71\bin\win32\MATLAB.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\winvnc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Laura\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand2526.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Google Notas - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Anotar esta página (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu1.html

O8 - Extra context menu item: Anotar isto (Google Notas) - res://C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19-29100877.dll/gn_menu2.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Arquivos de programas\MATLAB71\webserver\bin\win32\matlabserver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\winvnc.exe" -service (file missing)

 

 

Agradeço muito a atenção e a ajuda! Obrigada mesmo! :thumbsup:

 

Abraços!

[jgarcia 1]

Opa labit,

 

Fico feliz por saber que o problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

... quanto às sua dúvidas:

Gostaria só de saber se posso deletar as pastas ComboFix e QooBox que foram criadas no "C" após a execução do ComboFix...

Sim, você pode deletar as pastas.

 

Marquei todas as indicadas no procedimento anterior no HijackThis, mas vi que a "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =" continua aparecendo no novo log, tem problema?

Não há problema.

 

Abraços.

[labit 0]

Olá! Muito obrigada pela ajuda, o problema realmente foi resolvido! Abraços :thumbsup:

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.