[Arquivado] Erro 800401f3 ao entrar no MSN

[Flávio Quinicário 0]

Já tentei fazer de tudo que vários fóruns da net indicam para esse erro e nada deu certo...

 

além do msn dar esse erro ao tentar conectar, há 1 lag grande no momento de digitar o e-mail no msn

no meu perfil o msn dá isso, no outro perfil, ele já deu problema + deu pra resolver, mesmo assim ainda às vezes dá 1 msg que o msn precisa ser reiniciado, + funciona normalmente

nesse perfil que não consegui fazer nada

 

portando segue o log do Hihack

obrigado, aguardo resposta...

 

Logfile of HijackThis v1.99.1

Scan saved at 15:28:38, on 5/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\NOD32\nod32krn.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NOD32\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\winlogon.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144341790015

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\NOD32\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

[jgarcia 1]

Opa Flávio Quinicário,

 

Feche o MSN LIVE MESSENGER, caso ele esteja na bandeja do Windows.

 

Vá em Iniciar -> Executar, então copie cada uma das linhas abaixo, uma de cada vez, e clique em Ok.

 

regsvr32 Dssenh.dll /s

regsvr32 Gpkcsp.dll /s

regsvr32 Slbcsp.dll /s

regsvr32 Sccbase.dll /s

regsvr32 Softpub.dll /s

regsvr32 Wintrust.dll /s

regsvr32 Initpki.dll /s

regsvr32 Rsaenh.dll /s

regsvr32 Mssip32.dll /s

regsvr32 Cryptdlg.dll /s

regsvr32 Msxml3.dll /s

 

Reinicie o PC e verifique se o problema foi resolvido.

 

Abraços.

[Flávio Quinicário 0]

Olá Jgarcia

 

não deu certo não, continua o mesmo erro...

obrigado

 

aguardo resposta...

[jgarcia 1]

Opa Flávio Quinicário,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Flávio Quinicário 0]

Olá Jgarcia

 

Ao tentar baixar o combofix, ele fez o download, + está com 0bytes de tamanho.

 

Ao executar, avisa que não é 1 aplicativo WIN32 válido.

 

E agora tb não consigo excluir ele, pois diz que pode estar sendo usado por outro programa...

 

 

Assim, segue novo log do HijackThis

 

Obrigado e aguardo nova resposta!!!!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:17:04, on 13/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\NOD32\nod32krn.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144341790015

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\NOD32\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

[jgarcia 1]

Olá Jgarcia

 

Ao tentar baixar o combofix, ele fez o download, + está com 0bytes de tamanho.

 

Ao executar, avisa que não é 1 aplicativo WIN32 válido.

 

E agora tb não consigo excluir ele, pois diz que pode estar sendo usado por outro programa...

Tente baixá-lo por meio do link abaixo:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

... e retorne com o resultado.

[Flávio Quinicário 0]

Agora deu pra instalar

 

então primeiramente segue o log do combofix

e logo depois o do highjack

 

ComboFix 07-12-16.3 - Flávio 2007-12-16 22:16:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.768 [GMT -3:00]

Executando de: C:\Documents and Settings\Flávio\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\strcodec

C:\Arquivos de programas\strcodec\ot.ico

C:\Arquivos de programas\strcodec\Thumbs.db

C:\Arquivos de programas\strcodec\ts.ico

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\gnvmhpqua.dat

C:\WINDOWS\system32\gnvmhpqua_nav.dat

C:\WINDOWS\system32\gnvmhpqua_navps.dat

C:\WINDOWS\system32\nvs2.inf

C:\WINDOWS\system32\rquywfamvz.dat

C:\WINDOWS\system32\rquywfamvz_nav.dat

C:\WINDOWS\system32\rquywfamvz_navps.dat

C:\WINDOWS\tmlpcert2007

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))))

.

 

2007-12-11 15:33 . 2007-12-14 15:06 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-04 21:31 . 2007-12-04 22:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2007-12-04 02:02 . 2007-12-04 02:02 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\CyberLink

2007-12-04 01:14 . 2007-12-04 01:57 <DIR> d-------- C:\Documents and Settings\Fabrício\Dados de aplicativos\CyberLink

2007-12-04 01:14 . 2007-12-04 01:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\CyberLink

2007-12-04 01:03 . 2007-12-05 11:55 <DIR> d-------- C:\Temp

2007-12-04 01:02 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-04 01:02 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll

2007-12-04 01:02 . 2007-12-04 22:36 0 --a------ C:\WINDOWS\lgfwup.ini

2007-12-04 00:56 . 2002-12-11 20:11 35,916 --a------ C:\WINDOWS\WMPrfPTG.prx

2007-12-04 00:55 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2007-12-04 00:38 . 2007-12-04 00:46 <DIR> d-------- C:\Documents and Settings\Fabrício\Dados de aplicativos\Ahead

2007-12-04 00:32 . 2007-12-04 00:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Ahead

2007-12-04 00:29 . 2007-12-04 00:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2007-12-04 00:29 . 2007-12-04 00:29 <DIR> d-------- C:\Arquivos de programas\Nero

2007-12-04 00:29 . 2007-12-04 00:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-11-18 18:05 . 2007-12-12 06:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-17 01:14 --------- d-----w C:\Documents and Settings\Flávio\Dados de aplicativos\Skype

2007-12-12 11:00 --------- d-----w C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2007-12-05 01:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-05 01:02 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-05 01:01 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-04 15:40 --------- d-----w C:\Documents and Settings\Flávio\Dados de aplicativos\AVG7

2007-12-04 03:54 --------- d-----w C:\Arquivos de programas\CyberLink

2007-11-17 20:10 --------- d-----w C:\Arquivos de programas\NOD32

2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 01:46 --------- d-----w C:\Documents and Settings\Fabrício\Dados de aplicativos\Skype

2007-11-09 01:22 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 04:38 29,120 ----a-w C:\Documents and Settings\Flávio\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-20 09:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-12-23 16:54 22,008 ----a-w C:\Documents and Settings\Fabrício\Dados de aplicativos\GDIPFONTCACHEV1.DAT

1999-04-01 15:53 99,840 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w C:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w C:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

2006-10-30 02:03 56 --sh--r C:\WINDOWS\system32\7B40305949.sys

2006-10-30 02:42 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2006-04-13 11:25]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\NOD32\nod32kui.exe" [2006-04-06 11:36]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 07:20 C:\WINDOWS\SOUNDMAN.EXE]

"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" []

"NvCplDaemon"="RUNDLL32.exe" [2004-11-22 23:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-07-20 10:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RunDLL32.exe" [2004-11-22 23:00 C:\WINDOWS\system32\rundll32.exe]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" []

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-04 12:39]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55]

"RemoteControl"="F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]

"LanguageShortcut"="F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-11-22 23:00]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-04 12:39]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Microsoft Office.lnk - F:\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

WinZip Quick Pick.lnk - F:\Arquivos de programas\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2006-10-16 16:32 226344]

 

R3 padenum;Enumerador de dispositivos de NTPAD;C:\WINDOWS\system32\DRIVERS\padenum.sys

R3 VendorJoystickEnabler;Driver para joystick paralelo de consola;C:\WINDOWS\system32\drivers\ntpad.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S3 Amqsn0ct;Amqsn0ct;C:\WINDOWS\system32\autofmt.exe

S3 CA500AI;GSmart Mini Still Image Capture;C:\WINDOWS\system32\Drivers\BULK2NM.sys

S3 CA500AV;GSmart Mini WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-12-16 17:00:00 C:\WINDOWS\Tasks\AF04D53891DB4770.job"

- c:\docume~1\fabrci~1\dadosd~1\errori~1\Active Up Free.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 22:18:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Arquivos de programas\NOD32\pr_imon.dll

.

Tempo para conclusão: 2007-12-16 22:19:36

.

2007-12-13 06:47:38 --- E O F ---

 

 

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:31:10, on 16/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\NOD32\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\NOD32\nod32krn.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

F:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144341790015

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\NOD32\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

 

Obrigado

aguardo resposta!!!

[jgarcia 1]

Opa Flávio Quinicário,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\NeroDigital.ini

C:\WINDOWS\lgfwup.ini

C:\WINDOWS\WMPrfPTG.prx

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

Retorne com novos logs do ComboFix e HijackThis.

 

Um abraço.

[Flávio Quinicário 0]

Olá Jgarcia, aconteçe algo interessante assim que executo o combofix.

 

Como é a segunda vez que executo ele, e aconteçeu denovo....

Aconteçe o seguinte, assim que ele faz todo seu processamento e fecha automático.

 

Aparece 1 janela do firewall do Windows perguntando ce eu quero bloquear, não bloquear, ou perguntar depois, o MSN!!!

daí eu clico em não bloquear...

 

após isso, assim que eu abro o msn, ele não tem lag +, só que tb não dá pra conectar e ele volta com o erro 80048883...

 

então segue o log

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:49:54, on 19/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\NOD32\nod32krn.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NOD32\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

F:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144341790015

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\NOD32\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

 

 

 

ComboFix 07-12-16.3 - Flávio 2007-12-19 23:04:28.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.735 [GMT -3:00]

Executando de: E:\Flávio_new\aplicativos\ComboFix.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))

.

 

2007-12-04 21:31 . 2007-12-04 22:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2007-12-04 02:02 . 2007-12-04 02:02 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\CyberLink

2007-12-04 01:14 . 2007-12-04 01:57 <DIR> d-------- C:\Documents and Settings\Fabrício\Dados de aplicativos\CyberLink

2007-12-04 01:14 . 2007-12-04 01:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\CyberLink

2007-12-04 01:03 . 2007-12-05 11:55 <DIR> d-------- C:\Temp

2007-12-04 01:02 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-04 01:02 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll

2007-12-04 00:55 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2007-12-04 00:38 . 2007-12-04 00:46 <DIR> d-------- C:\Documents and Settings\Fabrício\Dados de aplicativos\Ahead

2007-12-04 00:32 . 2007-12-04 00:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Ahead

2007-12-04 00:29 . 2007-12-04 00:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2007-12-04 00:29 . 2007-12-04 00:29 <DIR> d-------- C:\Arquivos de programas\Nero

2007-12-04 00:29 . 2007-12-04 00:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 01:58 --------- d-----w C:\Documents and Settings\Flávio\Dados de aplicativos\Skype

2007-12-17 20:08 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-12 11:00 --------- d-----w C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2007-12-05 01:02 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-05 01:01 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-04 15:40 --------- d-----w C:\Documents and Settings\Flávio\Dados de aplicativos\AVG7

2007-12-04 03:54 --------- d-----w C:\Arquivos de programas\CyberLink

2007-11-17 20:10 --------- d-----w C:\Arquivos de programas\NOD32

2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 01:46 --------- d-----w C:\Documents and Settings\Fabrício\Dados de aplicativos\Skype

2007-11-09 01:22 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 04:38 29,120 ----a-w C:\Documents and Settings\Flávio\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-20 09:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-12-23 16:54 22,008 ----a-w C:\Documents and Settings\Fabrício\Dados de aplicativos\GDIPFONTCACHEV1.DAT

1999-04-01 15:53 99,840 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w C:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w C:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

2006-10-30 02:03 56 --sh--r C:\WINDOWS\system32\7B40305949.sys

2006-10-30 02:42 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2006-04-13 11:25]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\NOD32\nod32kui.exe" [2006-04-06 11:36]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 07:20 C:\WINDOWS\SOUNDMAN.EXE]

"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" []

"NvCplDaemon"="RUNDLL32.exe" [2004-11-22 23:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-07-20 10:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RunDLL32.exe" [2004-11-22 23:00 C:\WINDOWS\system32\rundll32.exe]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" []

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-04 12:39]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55]

"RemoteControl"="F:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]

"LanguageShortcut"="F:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-11-22 23:00]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-04 12:39]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Microsoft Office.lnk - F:\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

WinZip Quick Pick.lnk - F:\Arquivos de programas\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2006-10-16 16:32 226344]

 

R3 padenum;Enumerador de dispositivos de NTPAD;C:\WINDOWS\system32\DRIVERS\padenum.sys

R3 VendorJoystickEnabler;Driver para joystick paralelo de consola;C:\WINDOWS\system32\drivers\ntpad.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S3 Amqsn0ct;Amqsn0ct;C:\WINDOWS\system32\autofmt.exe

S3 CA500AI;GSmart Mini Still Image Capture;C:\WINDOWS\system32\Drivers\BULK2NM.sys

S3 CA500AV;GSmart Mini WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-12-20 02:00:00 C:\WINDOWS\Tasks\AF04D53891DB4770.job"

- c:\docume~1\fabrci~1\dadosd~1\errori~1\Active Up Free.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-19 23:06:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Arquivos de programas\NOD32\pr_imon.dll

.

Tempo para conclusão: 2007-12-19 23:07:31

C:\ComboFix2.txt ... 2007-12-19 22:54

C:\ComboFix3.txt ... 2007-12-16 22:19

.

2007-12-13 06:47:38 --- E O F ---

[Flávio Quinicário 0]

Outra coisa que dá erro, na primeira resposta que você me deu é que esse comando regsvr32 Msxml3.dll /s

não tem êxito ao ser executado...

 

Espero ter ajudado com essa info tb!!!

[jgarcia 1]

Opa Flávio Quinicário,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.