[Arquivado] Internet Explorer inicia sozinho a todo tempo

Nandotrin · Março 22, 2008

Boa Noite!

Sei que hoje é feriado mas desde ontem o internet explorer fica abrindo sozinho a todo minuto não sei mais o que fazer, já passei o AVG teste completo, o windows defender e até o Stinger, mas nada.

Peço por gentileza e encarecidamente a ajuda de vocês.

Segue abaixo o log do HiJack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:51:15, on 21/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Power Manager\PM.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\TIM Web Movel\TIM Web Movel.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [PowerManager] C:\Arquivos de programas\Power Manager\PM.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{43858291-AFE6-42BC-A496-5AD8C23BD75B}: NameServer = 189.40.238.6 189.40.238.7

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

O24 - Desktop Component 1: (no name) - C:\Documents and Settings\FeSu\Desktop\papel de parede\padrao.html

--

End of file - 6450 bytes

Leandro Senni · Março 22, 2008

se o IE ta logo pode usa o Mozilla é bom tb...

ate alguem te ajuda...

Thiago Retondar · Março 22, 2008

Olá Nandotrin, não se desespere!

Faça o seguinte, se puder use o Kapersky ele é muito bom, caso não tenha dinheiro para pagar a licença, use a versão trial dele, mas verifique tudo!

Vá em Iniciar>Painel de Controle> Adicionar ou Remover Programas e desintale o Internet Explorer (clique em 'Exibir Atualizações' e remova elas também)

Depois disso vamos limpar o registro do IE no Windows!

Primeiro: Iniciar> Pesquisar> Todos Arquivos e Pastas> digite "IE" e tudo o que aparecer você deleta, depois digita 'IE' e tudo que aparecer você deleta, depois 'Internet' e tudo que aparecer você deleta depois só 'Explorer' e tudo que aparecer você deleta! Ahh delete somente arquivos relacionados ao IE!

Segundo: Iniciar> Execultar> regedit e tecle CTRL+ F e digite tudo relacionado ao IE!

Se não der certo, faça um backup e formate a máquina.

Mas atenção não delete nada que esteja relacionado a outros programas! Não me responsabilizo por nada que acontecer!

Falou e boa sorte!

jgarcia · Março 22, 2008

Opa Nandotrin,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Nandotrin · Março 23, 2008

Boa Noite!

Ok, obrigado, segue abaixo os LOGS:

log do COMBOFIX:

ComboFix 08-03-22.1 - FeSu 2008-03-22 22:57:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.165 [GMT -3:00]

Executando de: C:\Documents and Settings\FeSu\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-21 23:21 . 2008-03-21 23:21 3,631 --a------ C:\FA.tmp

2008-03-21 22:39 . 2008-03-21 22:50 <DIR> d-------- C:\Hijack

2008-03-21 22:19 . 2008-03-21 22:19 <DIR> d-------- C:\Arquivos de programas\Windows Defender

2008-03-21 22:09 . 2008-03-21 22:09 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-21 21:56 . 2006-09-25 10:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-21 21:56 . 2006-09-25 10:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-03-21 21:55 . 2006-09-25 13:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-21 21:55 . 2006-11-21 10:03 <DIR> dr------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-21 21:55 . 2006-09-25 10:07 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-21 21:55 . 2006-09-25 13:17 <DIR> dra------ C:\Documents and Settings\Administrador\Favoritos

2008-03-21 21:55 . 2006-09-25 13:17 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-21 21:55 . 2006-09-25 13:17 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-03-21 06:19 . 2008-03-21 06:14 93,696 --a------ C:\KillBox-Beta.exe

2008-03-14 12:36 . 2008-03-14 12:36 <DIR> d-------- C:\Documents and Settings\FeSu\Dados de aplicativos\Template

2008-03-14 12:36 . 2008-03-14 12:36 0 --a------ C:\Documents and Settings\FeSu\Dados de aplicativos\wklnhst.dat

2008-03-09 09:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-09 09:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-09 09:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-08 10:35 . 2008-03-08 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-08 10:35 . 2008-03-08 10:37 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-08 10:35 . 2008-03-08 10:36 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-05 10:29 . 2008-03-05 10:29 <DIR> d-------- C:\Progra~1

2008-03-05 10:29 . 2008-03-05 10:29 <DIR> d-------- C:\Documents and Settings\FeSu\Dados de aplicativos\ICAClient

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 01:24 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird

2008-03-21 20:47 --------- d-----w C:\Documents and Settings\FeSu\Dados de aplicativos\AVG7

2008-03-20 20:31 --------- d-----w C:\Documents and Settings\FeSu\Dados de aplicativos\BrOffice.org2

2008-03-18 19:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-18 19:20 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-15 15:32 --------- d-----w C:\Arquivos de programas\Vono

2008-03-07 03:54 --------- d-----w C:\Arquivos de programas\Java

2008-03-02 02:56 --------- d-----w C:\Arquivos de programas\Discador UOL 10.0 Light

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="sm56hlpr.exe" [2005-09-16 01:01 557056 C:\WINDOWS\sm56hlpr.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\SOUNDMAN.EXE]

"VTTimer"="VTTimer.exe" [2005-03-07 15:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-10-31 16:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

"PowerManager"="C:\Arquivos de programas\Power Manager\PM.exe" [2006-06-30 16:42 159744]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 10:53 579072]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Share-to-Web Namespace Daemon"="C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Source= C:\Documents and Settings\FeSu\Desktop\papel de parede\padrao.html

FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 16:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^FeSu^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk]

path=C:\Documents and Settings\FeSu\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.0.lnk

backup=C:\WINDOWS\pss\BrOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\.IAP{0000.0000.0000.0001}]

--a------ 2008-03-15 12:32 1750689 C:\Arquivos de programas\Vono\Softfone Vono\System\Vono.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agematis FAM]

C:\Arquivos de programas\steek\steekUP\FAM\fileAccessManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 20:16 286720 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2004-09-25 00:37 1691648 C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\steekUP]

C:\Arquivos de programas\steek\steekUP\steekUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Vono_Manager"=2 (0x2)

"StreamloadService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\Vono\\Softfone Vono\\System\\Vono.exe"=

"C:\\Arquivos de programas\\Yip1\\Yip.exe"=

"C:\\Fernando\\FileZilla\\FileZilla.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R2 Vono_Manager;Vono Manager;"C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe" [2008-03-15 12:32]

R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-13 09:22]

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f05e97-3bb3-11dc-b918-da12bfe6ea6a}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f05e98-3bb3-11dc-b918-da12bfe6ea6a}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f05e9b-3bb3-11dc-b918-da12bfe6ea6a}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f2f9f4-3bbf-11dc-b91a-0014a5eae1f1}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8e72aa2-c935-11dc-baeb-0014a5eae1f1}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8e72aa3-c935-11dc-baeb-0014a5eae1f1}]

\Shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-29 13:28:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-03-23 01:25:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 23:00:52

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-22 23:02:14

ComboFix-quarantined-files.txt 2008-03-23 02:02:04

.

2008-03-12 13:03:38 --- E O F ---

E agora o log do HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:08, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Power Manager\PM.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896