Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

andreakris

[Arquivado] Análise de log!

Recommended Posts

Por favor, recebi um e-mail que infectou meu PC, reenviou o mesmo e-mail para minha lista de contatos várias vezes, como se eu estivesse reenviado. Passei o spywaredoctor, spybot, bankerfix. Todos encontraram vírus/malwares instalados. Meu antivírus é o avast e o log do Hijack foi o que segue:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:29:11, on 1/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\ARQUIV~1\GBPLUG~1\gbppsv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Spyware Doctor\pctsGui.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\osmar\CONFIG~1\Temp\Rar$EX00.640\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MMReminderService] C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [pdfSaver3] "C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

 

O QUE EU FAÇO???? ESTÁ INFECTADO??? É GRAVE???

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! andreakris

 

>@< Faça um scan on line em: < Kaspersky >

 

<!> Acesse o site, clique em: < kasperdx9.jpg >

 

>@< Na próxima página,clique em: I Accept

>@< Isto,para que se instale o controle activeX e,em seguida,atualize o banco de dados.

>@< Na próxima página,clique em: My Computer e faça o scan.

>@< Tenha paciência! Aguarde a atualização da base de dados,e o próprio exame que é demorado.

>@< Terminando,salve e poste o relatório.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
DigRam,

Obrigada por responder, mas esse site que você indicou não rodou, acho que é porque meu Windows é XP.

Tem outro ??

Valeu

--------------------------

Opa! andreakris

Bom Dia!

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Abrirá a página: < BitDefender OnLine Scanner >

 

>@< Clique em: < agree2.gif >

 

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

 

<!> Leia o Tutorial: < Link >

 

>@< Poste,então: Relatório do BitDefender

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam,

Segue relatório do Bitdefender e do HIjack, atualizado! Valeu

 

[General]

App = "BitDefender Online Scanner v8"

Date = 04:05:2008

Time = 13:59:02

Scan Path = A:\;C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 31318

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 2

Archive plugins = 10

Unpack plugins = 2

E-mail plugins = 0

System plugins = 1

 

[scan Statistics]

Folders = 3390

Files = 74759

Archives = 727

Packed files = 28

Identified viruses = 1

Infected files = 2

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 1

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 29

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000005 = "C:\Arquivos de programas\GbPluggin\gbiehdst.dll Infected with: GenPack:Generic.Banker.Delf.48507C16"

Line00000004 = "C:\Arquivos de programas\GbPluggin\gbiehdst.dll Disinfection failed"

Line00000003 = "C:\Arquivos de programas\GbPluggin\gbiehdst.dll Delete failed"

Line00000002 = "C:\Documents and Settings\osmar\Configurações locais\Temporary Internet Files\Content.IE5\X4ZXGB01\gbiehdst[1].js Infected with: GenPack:Generic.Banker.Delf.48507C16"

Line00000001 = "C:\Documents and Settings\osmar\Configurações locais\Temporary Internet Files\Content.IE5\X4ZXGB01\gbiehdst[1].js Disinfection failed"

Line00000000 = "C:\Documents and Settings\osmar\Configurações locais\Temporary Internet Files\Content.IE5\X4ZXGB01\gbiehdst[1].js Deleted"

 

Logfile of HijackThis v1.99.1

Scan saved at 14:18:10, on 4/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\osmar\CONFIG~1\Temp\Rar$EX00.765\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MMReminderService] C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [pdfSaver3] "C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! andreakris

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

----------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam

Seguem os relatórios, qual é o diagnóstico?

 

ComboFix 08-05-01.3 - osmar 2008-05-04 19:00:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.117 [GMT -3:00]

Executando de: C:\Documents and Settings\osmar\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\Arquivos de programas\GbPluggin\gbplib.dll

C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))))

.

 

2008-05-04 19:00 . 2008-05-04 19:00 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-05-04 13:36 . 2008-05-04 13:36 <DIR> d-------- C:\WINDOWS\LastGood

2008-05-04 13:36 . 2008-05-04 13:59 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-05-01 15:36 . 2008-05-04 13:49 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-01 15:35 . 2008-05-01 15:35 <DIR> d-------- C:\Documents and Settings\osmar\Dados de aplicativos\PC Tools

2008-05-01 15:35 . 2008-05-02 11:49 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-05-01 15:35 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-01 15:35 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-01 15:35 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-01 15:35 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-01 15:16 . 2008-05-02 17:46 3,376 --a------ C:\WINDOWS\svchost

2008-05-01 14:54 . 2008-05-01 14:54 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Leading

2008-05-01 14:50 . 2007-08-03 00:26 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-05-01 14:50 . 2008-05-01 14:56 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-05-01 14:50 . 2008-05-04 19:03 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-05-01 14:50 . 2008-05-01 14:50 <DIR> d-------- C:\Documents and Settings\Administrador

2008-05-01 14:50 . 2008-05-04 19:00 1,024 --ah----- C:\Documents and Settings\Administrador\ntuser.dat.LOG

2008-05-01 14:30 . 2008-05-01 15:14 <DIR> d-------- C:\LinhaDefensiva

2008-04-29 20:09 . 2008-05-01 14:09 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-04-29 20:09 . 2008-05-01 14:09 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-04-29 20:09 . 2008-05-01 14:09 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-04-29 20:08 . 2008-05-01 14:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-04-27 16:28 . 2008-04-27 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-27 16:28 . 2008-04-29 19:04 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-27 15:59 . 2008-04-29 21:23 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-04-26 12:05 . 2008-05-02 18:33 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-24 19:39 . 2008-04-24 19:39 <DIR> d-------- C:\Documents and Settings\osmar\System

2008-04-24 19:39 . 2008-04-24 19:41 <DIR> d-------- C:\Documents and Settings\osmar\Dados de aplicativos\SmartDraw

2008-04-24 19:00 . 2008-04-24 19:00 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-04-24 18:59 . 2008-04-24 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Mindjet

2008-04-24 18:59 . 2008-04-24 18:59 <DIR> d-------- C:\Arquivos de programas\Mindjet

2008-04-24 18:59 . 2002-12-28 10:26 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll

2008-04-24 18:57 . 2008-04-24 18:57 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-04-24 16:17 . 2008-04-24 16:17 <DIR> d-------- C:\Arquivos de programas\MindMapper4.5

2008-04-24 16:17 . 2008-04-24 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wintertree

2008-04-24 16:17 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-04-24 15:39 . 2008-04-25 13:11 <DIR> d-------- C:\Arquivos de programas\SmartDraw 2008

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 00:27 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-04-30 00:27 --------- d-----w C:\Arquivos de programas\QuickTime

2008-04-25 16:11 --------- d-----w C:\Arquivos de programas\eMule

2008-04-24 19:17 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-24 14:43 --------- d-----w C:\Documents and Settings\osmar\Dados de aplicativos\HPAppData

2008-04-24 01:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]

2008-01-14 18:31 70944 --a------ C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"pdfSaver3"="C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20 380928]

"CoolSMS"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-04-10 16:06 53248 C:\WINDOWS\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2006-11-16 18:42 577536 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 09:42 176128]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 14:25 212992]

"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37 229437]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-11-30 20:57 77824]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"MMReminderService"="C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe" [2008-01-14 18:30 37144]

"pdfSaver3"="" []

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\osmar\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Reboot.exe [2006-12-28 15:35:16 409088]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-08-03 00:44:37 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\Arquivos de programas\GbPluggin\gbiehdst.dll" SpecialFunction

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn]

C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll 2008-04-26 12:06 763392 C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a1eacf-4154-11dc-9699-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.EXE

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-11-29 14:36:09 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH41J142VQ9B.job"

- C:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH41J142VQ9B

"2008-05-04 21:20:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 19:03:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

.

Tempo para conclusão: 2008-05-04 19:05:18

ComboFix-quarantined-files.txt 2008-05-04 22:05:12

 

Pre-Run: 29,648,957,440 bytes disponíveis

Post-Run: 30,255,308,800 bytes disponíveis

 

164 --- E O F --- 2008-04-26 14:58:14

 

Logfile of HijackThis v1.99.1

Scan saved at 19:14:48, on 4/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wisptis.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\osmar\CONFIG~1\Temp\Rar$EX00.922\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MMReminderService] C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [pdfSaver3] "C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! andreakris

 

<!> Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

----------------------------------

>@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\svchost

D:\Setup.EXE

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a1eacf-4154-11dc-9699-806d6172696f}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pdfSaver3"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"=-

Folder::

C:\Arquivos de programas\GbPluggin

C:\LinhaDefensiva

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

cpiadecfscriptxt7.gif

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue:

 

ComboFix 08-05-01.3 - osmar 2008-05-05 20:34:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.142 [GMT -3:00]

Executando de: C:\Documents and Settings\osmar\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\osmar\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\Arquivos de programas\GbPluggin\gbplib.dll

C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-05 to 2008-05-05 ))))))))))))))))))))))))))))))))

.

 

2008-05-04 19:00 . 2008-05-05 20:34 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-05-04 13:36 . 2008-05-04 13:59 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-05-01 15:36 . 2008-05-05 20:27 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-01 15:35 . 2008-05-01 15:35 <DIR> d-------- C:\Documents and Settings\osmar\Dados de aplicativos\PC Tools

2008-05-01 15:35 . 2008-05-05 20:27 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-05-01 15:35 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-01 15:35 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-01 15:35 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-01 15:35 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-01 15:16 . 2008-05-02 17:46 3,376 --a------ C:\WINDOWS\svchost

2008-05-01 14:54 . 2008-05-01 14:54 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Leading

2008-05-01 14:50 . 2007-08-03 00:26 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-05-01 14:50 . 2008-05-01 14:56 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-05-01 14:50 . 2008-05-05 20:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-05-01 14:50 . 2007-08-02 21:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-05-01 14:50 . 2008-05-01 14:50 <DIR> d-------- C:\Documents and Settings\Administrador

2008-05-01 14:50 . 2008-05-05 20:34 1,024 --ah----- C:\Documents and Settings\Administrador\ntuser.dat.LOG

2008-05-01 14:30 . 2008-05-01 15:14 <DIR> d-------- C:\LinhaDefensiva

2008-04-29 20:09 . 2008-05-01 14:09 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-04-29 20:09 . 2008-05-01 14:09 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-04-29 20:09 . 2008-05-01 14:09 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-04-29 20:08 . 2008-05-01 14:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-04-27 16:28 . 2008-04-27 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-27 16:28 . 2008-04-29 19:04 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-27 15:59 . 2008-04-29 21:23 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-04-26 12:05 . 2008-05-02 18:33 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-24 19:39 . 2008-04-24 19:39 <DIR> d-------- C:\Documents and Settings\osmar\System

2008-04-24 19:39 . 2008-04-24 19:41 <DIR> d-------- C:\Documents and Settings\osmar\Dados de aplicativos\SmartDraw

2008-04-24 19:00 . 2008-04-24 19:00 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-04-24 18:59 . 2008-04-24 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Mindjet

2008-04-24 18:59 . 2008-04-24 18:59 <DIR> d-------- C:\Arquivos de programas\Mindjet

2008-04-24 18:59 . 2002-12-28 10:26 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll

2008-04-24 18:57 . 2008-04-24 18:57 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-04-24 16:17 . 2008-04-24 16:17 <DIR> d-------- C:\Arquivos de programas\MindMapper4.5

2008-04-24 16:17 . 2008-04-24 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wintertree

2008-04-24 16:17 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-04-24 15:39 . 2008-04-25 13:11 <DIR> d-------- C:\Arquivos de programas\SmartDraw 2008

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 00:27 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-04-30 00:27 --------- d-----w C:\Arquivos de programas\QuickTime

2008-04-25 16:11 --------- d-----w C:\Arquivos de programas\eMule

2008-04-24 19:17 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-24 14:43 --------- d-----w C:\Documents and Settings\osmar\Dados de aplicativos\HPAppData

2008-04-24 01:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]

2008-01-14 18:31 70944 --a------ C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"pdfSaver3"="C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20 380928]

"CoolSMS"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-04-10 16:06 53248 C:\WINDOWS\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2006-11-16 18:42 577536 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 09:42 176128]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 14:25 212992]

"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37 229437]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-11-30 20:57 77824]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"MMReminderService"="C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe" [2008-01-14 18:30 37144]

"pdfSaver3"="" []

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\osmar\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Reboot.exe [2006-12-28 15:35:16 409088]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-08-03 00:44:37 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\Arquivos de programas\GbPluggin\gbiehdst.dll" SpecialFunction

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn]

C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll 2008-04-26 12:06 763392 C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a1eacf-4154-11dc-9699-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.EXE

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-11-29 14:36:09 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH41J142VQ9B.job"

- C:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH41J142VQ9B

"2008-05-05 23:20:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-05 20:37:06

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

.

Tempo para conclusão: 2008-05-05 20:38:21

ComboFix-quarantined-files.txt 2008-05-05 23:38:16

ComboFix2.txt 2008-05-05 23:25:46

 

Pre-Run: 30,594,990,080 bytes disponíveis

Post-Run: 30,589,186,048 bytes disponíveis

 

162 --- E O F --- 2008-04-26 14:58:14

 

Logfile of HijackThis v1.99.1

Scan saved at 20:44:04, on 5/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Turbo\Discador\pppoe.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\osmar\CONFIG~1\Temp\Rar$EX01.203\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MMReminderService] C:\Arquivos de programas\Mindjet\MindManager 7\MMReminderService.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [pdfSaver3] "C:\Arquivos de programas\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Arquivos de programas\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{7F18C90B-9F00-4197-9841-DE35E3E3D637}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa! andreakris

 

>@< O CFScript,não funcionou!

----------------------------

>@< Digite no Executar: ComboFix.exe /u >> Clique: OK

>@< Aguarde a desinstalação!

>@< Baixe uma nova ferramenta,e execute o CFScript.txt em Modo de Segurança.

>@< Terminando,reinicie em Modo Normal,e poste: ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi,

Não deu certo! Quando digito no Executar C:/ComboFix.exe/u aparece uma mensagem de que o Windows não consegue encontrar o arquivo.

O que faço?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Oi,

Não deu certo! Quando digito no Executar C:/ComboFix.exe/u aparece uma mensagem de que o Windows não consegue encontrar o arquivo.

O que faço?

------------------------

Opa! andreakris

Bom Dia!

 

>@< DELETE: C:\QooBox

------------------------

>@< Mova o ComboFix.exe,para o Disco Local-C e execute,em Modo de Segurança,o CFScript.

>@< Terminando,reinicie em Modo Normal e poste ComboFix.txt <!>

------------------------

>@< Se não obtiver êxito,teremos que partir para o procedimento manual.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.