[Resolvido] Computador lento!

1sefirot1 · Março 21, 2008

Galera... tem muito tempo que eu nao dou uma verificada no pc. e gostaria de deixar ele com o log limpo pq vou começar a usa-lo para trabalho.

Ele esta MUITO lento, e de vez em quando aparece uns executaveis na area de trabalho estranhos. Fora as travadas esporadicas.

LA VAI O LOG

Logfile of HijackThis v1.99.1

Scan saved at 15:52:17, on 27/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

C:\WINDOWS\Explorer.EXE

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ping.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\ARQUIV~1\mcafee\VIRUSS~1\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193983298159

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

DigRam · Março 22, 2008

Bom Dia! Gsbad

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_______________________________

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

1sefirot1 · Março 22, 2008

Bom dia DigRam, tudo bem?

Fiz os procedimentos citados.. aqui vão os logs..

COMBO FIX

ComboFix 08-03-22.1 - Gustavo 2008-03-28 14:16:30.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.719 [GMT -7:00]

Executando de: C:\Documents and Settings\Gustavo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\WINDOWS\svcpool.dll

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))

.

2008-03-30 18:55 . 2008-03-30 18:56 <DIR> d-------- C:\Arquivos de programas\Project64 v1.5

2008-03-30 18:14 . 2008-03-30 18:14 <DIR> d-------- C:\Arquivos de programas\Crawler

2008-03-30 18:11 . 2008-03-30 18:11 <DIR> d-------- C:\Arquivos de programas\Anark

2008-03-30 17:00 . 2008-03-28 13:51 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\MegauploadToolbar

2008-03-30 17:00 . 2008-03-30 17:00 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-03-29 19:05 . 2008-03-02 11:11 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\LimeWire

2008-03-29 19:05 . 2008-03-29 19:05 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-28 14:10 . 2008-03-28 14:18 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-03-28 08:05 . 2008-03-28 08:12 0 --a------ C:\WINDOWS\lkjsoiq

2008-03-27 19:35 . 2008-03-27 19:35 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\LEGO Company

2008-03-27 19:35 . 2008-03-27 19:36 <DIR> d-------- C:\Arquivos de programas\LEGO Company

2008-03-27 18:03 . 2008-03-27 18:03 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\TuneUp Software

2008-03-27 18:03 . 2008-03-27 18:03 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-03-27 18:03 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-03-27 18:02 . 2008-03-27 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-03-27 18:02 . 2008-03-27 18:03 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2008

2008-03-27 18:02 . 2008-03-27 18:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-19 07:51 . 2008-03-19 07:51 268 --ah----- C:\sqmdata02.sqm

2008-03-19 07:51 . 2008-03-19 07:51 244 --ah----- C:\sqmnoopt02.sqm

2008-03-18 11:01 . 2008-03-18 11:07 54,238 --a------ C:\WINDOWS\ban_cartao.html

2008-03-18 11:00 . 2008-03-18 11:00 43,089 --a------ C:\WINDOWS\temp.html

2008-03-18 11:00 . 2008-03-18 11:00 41,930 --a------ C:\WINDOWS\ban_ass.html

2008-03-13 18:57 . 2008-03-16 16:00 0 --a------ C:\WINDOWS\PlayList.Fpl

2008-03-13 18:55 . 2008-03-16 16:00 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX

2008-03-13 18:54 . 2008-03-13 18:54 <DIR> d-------- C:\WINDOWS\system32\FTCodecs

2008-03-13 18:54 . 2006-04-21 00:27 544,768 --a------ C:\WINDOWS\system32\CLVSD.ax

2008-03-13 18:54 . 2005-06-10 13:09 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-03-13 18:54 . 2003-03-25 05:49 45,056 --a------ C:\WINDOWS\system32\ogg.dll

2008-03-13 18:54 . 2008-03-16 16:00 3,209 --a------ C:\WINDOWS\FantasyDVD.ini

2008-03-13 18:54 . 2008-03-16 16:00 2,417 --a------ C:\WINDOWS\ShortCutInf.ini

2008-03-13 18:53 . 2008-03-13 18:53 <DIR> d-------- C:\Arquivos de programas\Fantasysoft-Studio

2008-03-13 18:39 . 2008-03-13 18:39 <DIR> d-------- C:\Arquivos de programas\VistaCodecPack

2008-03-09 07:12 . 2008-03-09 07:12 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-28 19:57 . 2008-02-28 19:57 <DIR> d-------- C:\WINDOWS\_tmp

2008-02-28 19:54 . 2008-02-28 19:54 759,296 --a------ C:\WINDOWS\gbiehbsb.dll

2008-02-28 19:54 . 2008-02-28 19:54 311,296 --a------ C:\WINDOWS\ping.exe

2008-02-28 19:54 . 2008-02-28 19:54 121,344 --------- C:\WINDOWS\svcpool.dll

2008-02-28 19:54 . 2008-02-28 19:57 4,016 --a------ C:\WINDOWS\svchost

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 21:15 --------- d-----w C:\Arquivos de programas\McAfee

2008-03-28 21:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\McAfee

2008-03-28 18:21 --------- d-----w C:\Arquivos de programas\eMule

2008-03-28 00:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-03-14 01:39 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-02-29 02:54 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-23 02:21 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-02-13 21:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-10 23:17 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Audacity

2008-02-10 22:51 208,896 ----a-w C:\WINDOWS\system32\lame_enc.dll

2008-02-10 21:31 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-10 21:31 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

2008-02-10 21:28 24,192 ----a-w C:\Documents and Settings\Gustavo\usbsermptxp.sys

2008-02-10 21:28 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys

2008-02-10 21:28 22,768 ----a-w C:\Documents and Settings\Gustavo\usbsermpt.sys

2008-01-10 18:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

2008-01-10 18:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

2008-02-28 19:54 759296 --a------ C:\WINDOWS\gbiehbsb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Wireless Configuration Utility HW.15.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe [2006-11-20 00:04:12 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]

R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 10:57]

S2 0216361206738838mcinstcleanup;McAfee Application Installer Cleanup (0216361206738838);C:\DOCUME~1\Gustavo\CONFIG~1\Temp\021636~1.EXE C:\ARQUIV~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-27 18:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - 0216361206738838MCINSTCLEANUP

*Newly Created Service* - SJYPKT

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-28 01:03:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2008\OneClick.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 14:18:26

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Emproxy]

"ImagePath"="C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe"

--

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McAfee HackerWatch Service]

"ImagePath"="\"C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mcmispupdmgr]

"ImagePath"="C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mcmscsvc]

"ImagePath"="C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McNASvc]

"ImagePath"="\"c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McODS]

"ImagePath"="C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mcpromgr]

"ImagePath"="C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McRedirector]

"ImagePath"="c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McShield]

"ImagePath"="C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\McSysmon]

"ImagePath"="C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe"

--

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mfeavfk]

"ImagePath"="system32\drivers\mfeavfk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mfebopk]

"ImagePath"="system32\drivers\mfebopk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mfehidk]

"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mferkdk]

"ImagePath"="system32\drivers\mferkdk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mfesmfk]

"ImagePath"="system32\drivers\mfesmfk.sys"

--

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MPFP]

"ImagePath"="System32\Drivers\Mpfp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MpfService]

"ImagePath"="\"C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\WINDOWS\svcpool.dll

.

Tempo para conclusão: 2008-03-28 14:18:55

ComboFix-quarantined-files.txt 2008-03-28 21:18:52

ComboFix2.txt 2008-03-28 21:11:46

.

2008-02-13 21:28:32 --- E O F ---

HIJACK THIS

Logfile of HijackThis v1.99.1

Scan saved at 14:19:12, on 28/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe