[Resolvido]System Error code 1400 O identificador de janela é invalido

lpsaullin · Abril 16, 2008

Se alguem puder me dar uma força!!

O meu pc começou a dar esse erro, em geral qdo eu minimizo uma janela.

Abraço

Logfile of HijackThis v1.99.1

Scan saved at 20:56:58, on 15/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [siemens SmartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ssAAD.exe] C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE

O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm451YYBR

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} - http://bhan.com.br/jti/jti-activex.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

DigRam · Abril 16, 2008

Boa Noite! lpsaullin

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

----------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

lpsaullin · Abril 18, 2008

Desculpe a demora, segue os logs

ComboFix 08-04-16.5 - Luciano Saullin 2008-04-17 21:03:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.163 [GMT -3:00]

Executando de: C:\Documents and Settings\Luciano Saullin.HOME\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

((((((((((((((((((((((( Ficheiros criados de 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))))

.

2008-04-17 21:03 . 2008-04-17 21:03 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-16 23:15 . 2008-04-16 23:16 <DIR> d-------- C:\LinhaDefensiva

2008-04-16 23:04 . 2008-04-16 23:04 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db

2008-04-16 21:55 . 2008-04-16 22:04 <DIR> d-------- C:\Arquivos de programas\Broadcom

2008-04-15 20:27 . 2008-04-15 20:27 <DIR> d-------- C:\Arquivos de programas\Softland

2008-04-15 20:27 . 2008-04-07 13:55 22,168 --a------ C:\WINDOWS\system32\dopdfmn6.dll

2008-04-15 20:27 . 2008-04-07 13:55 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll

2008-04-15 20:27 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm

2008-04-10 23:33 . 2008-04-10 23:33 <DIR> d-------- C:\36f484ba566a5aba295150397855c5

2008-04-09 19:36 . 2008-04-09 19:37 198 --a------ C:\WINDOWS\wininit.ini

2008-04-08 21:00 . 2008-04-08 21:00 748 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-08 20:50 . 2008-04-08 20:50 <DIR> d-------- C:\Arquivos de programas\GameTop.com

2008-04-08 20:34 . 2008-04-14 13:05 <DIR> d-------- C:\Arquivos de programas\CertCli

2008-04-06 10:29 . 2008-04-06 14:20 <DIR> d-------- C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\AVG7

2008-04-06 10:28 . 2008-04-06 10:28 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2008-04-06 10:27 . 2008-04-06 10:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Grisoft

2008-04-06 10:27 . 2008-04-06 11:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg7

2008-04-05 19:12 . 2008-04-17 20:00 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-03 18:44 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-03 18:44 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-02 21:00 . 2008-04-02 21:00 268 --ah----- C:\sqmdata19.sqm

2008-04-02 21:00 . 2008-04-02 21:00 244 --ah----- C:\sqmnoopt19.sqm

2008-04-01 23:05 . 2008-04-01 23:05 <DIR> d-------- C:\Arquivos de programas\Siemens Data Suite

2008-04-01 23:05 . 2008-04-01 23:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Siemens AG Shared

2008-03-26 21:48 . 2008-03-26 21:48 <DIR> d-------- C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\Thunderbird

2008-03-25 22:34 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-03-25 22:31 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-18 20:01 . 2008-03-18 20:01 268 --ah----- C:\sqmdata18.sqm

2008-03-18 20:01 . 2008-03-18 20:01 244 --ah----- C:\sqmnoopt18.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 23:58 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\Orbit

2008-04-17 23:52 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-12 14:49 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird

2008-04-11 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2008-04-06 22:46 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-04-06 12:43 --------- d-----w C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\Orbit

2008-04-05 22:12 --------- d--h--w C:\Arquivos de programas\Scpad

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-16 23:48 --------- d-----w C:\Arquivos de programas\NuvoMedia

2008-03-15 01:46 --------- d-----w C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\Sony Corporation

2008-03-15 00:34 --------- d-----w C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\XCPCSync.OEM

2008-03-14 23:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-14 23:13 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\XCPCSync.OEM

2008-03-14 23:09 --------- d-----w C:\Arquivos de programas\Mobile Phone Manager

2008-03-14 23:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\XCPCSync.OEM

2008-03-08 16:29 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE

2008-03-08 15:43 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\Sony Corporation

2008-03-08 15:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Sony Corporation

2008-03-06 01:06 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-05 22:37 --------- d-----w C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\Media Player Classic

2008-03-03 00:37 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\DivX

2008-03-02 23:53 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-03-02 23:47 17,941,978 ----a-w C:\Arquivos de programas\klmcodec380.exe

2008-03-01 21:06 --------- d-----w C:\Arquivos de programas\DVD Decrypter

2008-02-27 00:22 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\Media Player Classic

2008-02-25 17:29 --------- d-----w C:\Documents and Settings\Hugo Saullin.HOME\Dados de aplicativos\Thunderbird

2008-02-25 17:26 --------- d-----w C:\Arquivos de programas\Google

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-18 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd

2008-02-18 01:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2008-02-18 00:27 --------- d-----w C:\Documents and Settings\Luciano Saullin.HOME\Dados de aplicativos\Crystal Player

2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-01-11 00:45 2,293,848 ----a-w C:\Arquivos de programas\FLV PlayerFCSetup.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SsAAD.exe"="C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2007-01-05 17:36 872448]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]

"OrderReminder"="C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 21:59 98304]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]

"Siemens SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-03-16 10:15 45056]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:45 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [ ]

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

DVD Check.lnk - C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe [2007-11-14 23:10:16 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll 2008-04-05 19:12 739840 C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll 2008-03-11 08:18 354600 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 19:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\GenialGiFT\\gift\\giFT.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 BPowMon;Broadcom Power monitoring service;C:\Arquivos de programas\Broadcom\BACS\BPowMon.exe [2006-08-31 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d234593-f3b3-11dc-b5f6-001a4b6b95a4}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-17 21:05:35

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

.

Tempo para conclusão: 2008-04-17 21:07:06

ComboFix-quarantined-files.txt 2008-04-18 00:06:40

Pre-Run: 24,349,126,656 bytes disponíveis

Post-Run: 24,511,668,224 bytes disponíveis

.

2008-04-09 00:01:29 --- E O F ---

---------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 21:11:07, on 17/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Broadcom\BACS\BPowMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\Sony\SONICS~1\SsAAD.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896