Luci@n@ 0 Denunciar post Postado Abril 11, 2008 Sempre quando abro uma janela do internet explorer, abre uma janela que só é visualizada clicando no alt tab de iexplore com o nome GbiehBSB, eu nao consigo finalizar o processo e o ie trava. Segue log do hijack Logfile of HijackThis v1.99.1 Scan saved at 10:11:37, on 11/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\luciana\Desktop\HijackThis.exe O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cce017ffdfca46c4b6b7f8e5ae173ae1 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cce017ffdfca46c4b6b7f8e5ae173ae1 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: *.unifacs.com.br O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 12, 2008 Bom Dia! Luci@n@ Logfile of HijackThis v1.99.1Scan saved at 10:11:37, on 11/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) >@< O seu sistema operativo,está desatualizado.Pois,já estamos no SP2 e o Internet Explorer,na versão 7.00. ______________________________ >@< Este site preferencial,foi voçê quem o estabeleceu? < *.unifacs.com.br > ______________________________ >@< Abra o HijackThis >> Clique: Do a system scan only >> Abaixo,marque as entradas! O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing) >@< Finalize-as clicando em,Fix checked. ______________________________ >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: antivírus,antispywares e Firewall. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! ______________________________ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Luci@n@ 0 Denunciar post Postado Abril 19, 2008 Bom Dia! Luci@n@ Logfile of HijackThis v1.99.1Scan saved at 10:11:37, on 11/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) >@< O seu sistema operativo,está desatualizado.Pois,já estamos no SP2 e o Internet Explorer,na versão 7.00. ______________________________ >@< Este site preferencial,foi voçê quem o estabeleceu? < *.unifacs.com.br > ______________________________ >@< Abra o HijackThis >> Clique: Do a system scan only >> Abaixo,marque as entradas! O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing) >@< Finalize-as clicando em,Fix checked. ______________________________ >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: antivírus,antispywares e Firewall. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! ______________________________ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Esse site *.unifacs.com.br foi eu que estabeleci como seguro. Segue log com ComboFix ComboFix 08-04-18.3 - Adm 2008-04-19 18:59:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.214 [GMT -3:00] Executando de: C:\Documents and Settings\Adm\Desktop\kombo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: C:\ARQUIV~1\GBPLUG~1\gbpdist.dll ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Adm\Configurações locais\Temporary Internet Files\PSE_205_ptb.exe C:\WINDOWS\system32\_003840_.tmp.dll C:\WINDOWS\system32\_004005_.tmp.dll C:\WINDOWS\system32\_004006_.tmp.dll C:\WINDOWS\system32\_004007_.tmp.dll C:\WINDOWS\system32\_004008_.tmp.dll C:\WINDOWS\system32\_004015_.tmp.dll C:\WINDOWS\system32\_004016_.tmp.dll C:\WINDOWS\system32\_004017_.tmp.dll C:\WINDOWS\system32\_004019_.tmp.dll C:\WINDOWS\system32\_004020_.tmp.dll C:\WINDOWS\system32\_004023_.tmp.dll C:\WINDOWS\system32\_004024_.tmp.dll C:\WINDOWS\system32\_004026_.tmp.dll C:\WINDOWS\system32\_004027_.tmp.dll C:\WINDOWS\system32\_004028_.tmp.dll C:\WINDOWS\system32\_004030_.tmp.dll C:\WINDOWS\system32\_004031_.tmp.dll C:\WINDOWS\system32\_004033_.tmp.dll C:\WINDOWS\system32\_004037_.tmp.dll C:\WINDOWS\system32\_004038_.tmp.dll C:\WINDOWS\system32\_004040_.tmp.dll C:\WINDOWS\system32\_004041_.tmp.dll C:\WINDOWS\system32\_004042_.tmp.dll C:\WINDOWS\system32\_004043_.tmp.dll C:\WINDOWS\system32\_004045_.tmp.dll C:\WINDOWS\system32\_004046_.tmp.dll C:\WINDOWS\system32\_004047_.tmp.dll C:\WINDOWS\system32\_004048_.tmp.dll C:\WINDOWS\system32\_004051_.tmp.dll C:\WINDOWS\system32\_004053_.tmp.dll C:\WINDOWS\system32\_004054_.tmp.dll C:\WINDOWS\system32\_004055_.tmp.dll C:\WINDOWS\system32\_004059_.tmp.dll C:\WINDOWS\system32\Walcult.exe . ((((((((((((((((((((((( Ficheiros criados de 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))) . 2008-04-19 18:42 . 2008-04-19 18:59 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-04-19 18:38 . 2008-04-19 18:38 <DIR> d-------- C:\ComboFix 2008-04-19 17:58 . 2008-04-19 17:58 3,488 --a------ C:\WINDOWS\svchost 2008-04-18 14:34 . 2008-04-17 15:21 63,488 -ra------ C:\WINDOWS\system\imagens016.exe 2008-04-17 14:42 . 2002-09-09 14:09 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-04-17 14:42 . 2002-10-01 03:43 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS 2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-04-17 14:42 . 2002-09-20 08:44 14,336 -ra------ C:\WINDOWS\system32\dshow508.ax 2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-04-17 14:37 . 2008-04-17 14:37 <DIR> d-------- C:\WINDOWS\Setup2K 2008-04-17 14:37 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe 2008-04-17 14:37 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe 2008-04-17 14:37 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini 2008-04-17 14:37 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src 2008-04-17 14:37 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini 2008-04-08 07:15 . 2008-04-08 07:15 <DIR> d-------- C:\Nova pasta 2008-04-06 12:24 . 2008-04-06 12:24 7 ---hs---- C:\WINDOWS\system32\smss24.ini 2008-04-06 12:23 . 2008-04-06 12:24 22,528 --a------ C:\WINDOWS\system32\partizan12rCGfJAN.exe 2008-04-05 23:50 . 2008-04-19 18:50 <DIR> d-------- C:\Arquivos de programas\GbPluggin 2008-04-04 20:14 . 2008-04-04 20:14 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-19 19:46 . 2008-03-19 19:47 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-19 10:15 . 2008-03-19 10:49 <DIR> d-------- C:\Loto . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 17:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-04-08 14:54 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar 2008-04-07 00:24 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-03-25 09:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-03-21 19:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\uTorrent 2008-03-21 15:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\Image Zone Express 2008-03-09 17:05 --------- d-----w C:\Arquivos de programas\Programas RFB 2008-03-09 16:51 --------- d-----w C:\Arquivos de programas\Java 2008-03-09 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java 2008-02-24 21:46 --------- d-----w C:\Arquivos de programas\Alwil Software 2008-02-21 22:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Panda Software 2007-12-07 00:10 20,360 ----a-w C:\Documents and Settings\luciana\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2007-06-08 15:41 19,968 ----a-w C:\Documents and Settings\Adm\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}] 2008-04-18 14:35 734208 --a------ C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "@"="" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ] "ALUAlert"="C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE" [ ] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "hpqSRMon"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 14:08 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "gbieh.1"= rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [ ] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn] C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll 2008-04-18 14:35 734208 C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef] C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll 2008-04-05 23:50 739840 C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli S3 usb2vcom;USB Data Cable;C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [2005-12-21 00:32] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 19:06:33 Windows 5.1.2600 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll -> C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll -> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll -> C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll PROCESS: C:\WINDOWS\system32\csrss.exe -> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll PROCESS: C:\WINDOWS\system32\csrss.exe . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\ARQUIV~1\GBPLUG~1\gbppsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\drwtsn32.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Tempo para conclusÆo: 2008-04-19 19:16:39 - machine was rebooted [Adm] ComboFix-quarantined-files.txt 2008-04-19 22:16:26 Pre-Run: 58,415,493,120 bytes disponíveis Post-Run: 58,388,287,488 bytes dispon¡veis 178 --- E O F --- 2008-02-07 00:44:19 Segue log do Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 19:20:13, on 19/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\HPZipm12.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\ARQUIV~1\GBPLUG~1\gbppsv.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\drwtsn32.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\System32\WgaTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Adm\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 20, 2008 Bom Dia! Luci@n@ <!> Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. --------------------------------------- >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\WINDOWS\system32\smss24.ini C:\WINDOWS\svchost C:\smss24.ini Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "gbieh.1"=- Folder:: C:\Arquivos de programas\GbPluggin >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Luci@n@ 0 Denunciar post Postado Abril 21, 2008 Bom Dia! Luci@n@ <!> Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. --------------------------------------- >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\WINDOWS\system32\smss24.ini C:\WINDOWS\svchost C:\smss24.ini Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "gbieh.1"=- Folder:: C:\Arquivos de programas\GbPluggin >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Deletei a pasta QooBox, mas reapareceu após reinicialização. Segue log´s ComboFix ComboFix 08-04-18.3 - Adm 2008-04-21 16:49:20.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.224 [GMT -3:00] Executando de: C:\Documents and Settings\Adm\Desktop\combofix.exe Command switches used :: C:\Documents and Settings\Adm\Desktop\CFScript.txt * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\smss24.ini C:\WINDOWS\svchost C:\WINDOWS\system32\smss24.ini . ((((((((((((((((((((((( Ficheiros criados de 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))) . 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\Documents and Settings\luciana\Configurações locais 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais 2008-04-19 19:16 . 2008-04-19 19:16 <DIR> d-------- C:\Documents and Settings\Adm\Configurações locais 2008-04-19 18:58 . 2008-04-19 19:16 <DIR> d-------- C:\kombo 2008-04-18 14:34 . 2008-04-17 15:21 63,488 -ra------ C:\WINDOWS\system\imagens016.exe 2008-04-17 14:42 . 2002-09-09 14:09 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-04-17 14:42 . 2002-10-01 03:43 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS 2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-04-17 14:42 . 2002-09-20 08:44 14,336 -ra------ C:\WINDOWS\system32\dshow508.ax 2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-04-17 14:37 . 2008-04-17 14:37 <DIR> d-------- C:\WINDOWS\Setup2K 2008-04-17 14:37 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe 2008-04-17 14:37 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe 2008-04-17 14:37 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini 2008-04-17 14:37 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src 2008-04-17 14:37 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini 2008-04-08 07:15 . 2008-04-08 07:15 <DIR> d-------- C:\Nova pasta 2008-04-06 12:23 . 2008-04-06 12:24 22,528 --a------ C:\WINDOWS\system32\partizan12rCGfJAN.exe 2008-04-04 20:14 . 2008-04-04 20:14 <DIR> d-------- C:\WINDOWS\LastGood . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 17:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-04-08 14:54 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar 2008-04-07 00:24 --------- d-----w C:\Arquivos de programas\GbPlugin 2008-03-25 09:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-03-21 19:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\uTorrent 2008-03-21 15:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\Image Zone Express 2008-03-09 17:05 --------- d-----w C:\Arquivos de programas\Programas RFB 2008-03-09 16:51 --------- d-----w C:\Arquivos de programas\Java 2008-03-09 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java 2008-02-24 21:46 --------- d-----w C:\Arquivos de programas\Alwil Software 2008-02-21 22:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Panda Software 2007-12-07 00:10 20,360 ----a-w C:\Documents and Settings\luciana\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2007-06-08 15:41 19,968 ----a-w C:\Documents and Settings\Adm\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}] C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "@"="" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ] "ALUAlert"="C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE" [ ] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "hpqSRMon"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 14:08 13312] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [ ] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn] C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef] C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli S3 usb2vcom;USB Data Cable;C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [2005-12-21 00:32] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-21 16:52:52 Windows 5.1.2600 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe . ************************************************************************** . Tempo para conclusÆo: 2008-04-21 16:59:56 - machine was rebooted [Adm] ComboFix-quarantined-files.txt 2008-04-21 19:59:51 Pre-Run: 59,249,475,584 bytes disponíveis Post-Run: 59,283,038,208 bytes dispon¡veis 113 --- E O F --- 2008-02-07 00:44:19 HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:01:40, on 21/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\HPZipm12.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Adm\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing) O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 21, 2008 Boa Noite! Luci@n@ >@< Abra o HijackThis >> Clique: Do a system only O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing) >@< Marque as entradas,àcima,e clique em Fix checked. ----------------------------- >@< Terminando,poste: HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Luci@n@ 0 Denunciar post Postado Abril 22, 2008 Boa Noite! Luci@n@ >@< Abra o HijackThis >> Clique: Do a system only O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing) O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing) >@< Marque as entradas,àcima,e clique em Fix checked. ----------------------------- >@< Terminando,poste: HijackThis,atualizado. Abraços! Logfile of HijackThis v1.99.1 Scan saved at 20:50:17, on 22/4/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\HPZipm12.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Adm\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 23, 2008 Boa Noite! Luci@n@ >@< Faça o download do CCleaner. >@< Baixe-o para o Desktop! >@< Abra o programa e clique em Analisar >> Executar Limpeza. >@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados. Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > >@< O log está limpo! >@< Bom trabalho! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites