[Resolvido!] Máquina muito lenta e travando - Malware ?

[The Blacksmith 0]

Olá, equipe do fórum.

Há muito tempo sem nenhum problema, infelizmente estou de volta.

 

Sem nenhuma razão aparente, ou seja, "de um dia para o outro", minha máquina começou a apresentar lentidão em praticamente todos os processos e também travamentos temporários (com saltos de 01 a 03seg) durante a execução de qualquer formato de vídeo e também em jogos que estavam rodando normalmente. A lentidão então é generalizada: abertura de programas, abertura de pastas no Windows Explorer, resposta aos comandos do mouse, atraso na digitação em caixas de texto, etc.

 

Embora eu possua instalado o Kaspersky Anti-Vírus 7.0 (original), use o CCleaner regularmente e recentemente tenha realizado a desfragmentação do HD, temo que isso possa ser algum tipo de malware que está afetando a performance da máquina de forma geral.

 

Vocês poderiam dar uma olhada no meu caso ? Segue a configuração da máquina e log do HiJackThis.

Agradeço muito a ajuda.

 

PC Wizard 2008 Version 1.80

Owner: AMD Athlon 64

User: Master

Operating System: Microsoft Windows XP Professional 5.01.2600 Service Pack 3

Report Date: quinta-feira 15 maio 2008 at 08:16

Mainboard : ASUSTeK Computer Inc. K8V-MX

Chipset : VIA K8M800 (VT8380)

Processor : AMD Athlon 64 3000+ @ 2000 MHz

Physical Memory : 1024 MB (2 x 512 DDR-SDRAM )

Video Card : Nvidia Corp GeForce FX 5200 [NV34.3]

Hard Disk : SAMSUNG (160 GB)

CD-Rom Drive : SONY CD-RW CRX225E

DVD-Rom Drive : HL-DT-ST DVDRAM GSA-4167B

DVD-Rom Drive : YM5245W CMZ693C SCSI CdRom Device

Monitor Type : Samsung SyncMaster - 16 inches

Network Card : VT82C570 MV IDE Controller VT6102 Rhine II Fast Ethernet Adapter

Operating System : Microsoft Windows XP Professional 5.01.2600 Service Pack 3

DirectX : Version 9.0c (março 2008)

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 08:29:53, on 15/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\HiJack This\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [siemens SmartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll (file missing)

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 14841 bytes

[DigRam 144]

Bom Dia! The Blacksmith

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

-----------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[The Blacksmith 0]

Boa tarde, DigRam e obrigado pelo atendimento.

 

Embora eu tenha seguido detalhadamente suas instruções, ao longo de três tentativas o AutoScan do ComboFix está resetando a máquina (e o pior: resetando, não reiniciando). Segue abaixo o ComboFix.txt e um arquivo chamado Bug.txt que acredito ter sido gerado também pelo ComboFix. Vai também novo logo do HiJackThis.

 

Até breve !

 

ComboFix 08-05-12.1 - Master 2008-05-15 15:17:12.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.542 [GMT -3:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

 

Bug.txt:

 

pushd "C:\327882R2FWJFW\"

 

=============================================

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Master\Dados de aplicativos

cfldr=327882R2FWJFW

CLASSPATH=.;C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns

COMPUTERNAME=ATHLON64

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Master

kmd=CF25729.exe

LANG=pt_BR

LOGONSERVER=\\ATHLON64

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Arquivos de programas\Arquivos comuns\GTK\2.0\bin;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\DLLShared;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\DLLShared;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\DLLShared;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\DLLShared;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\DLLShared;C:\Arquivos de programas\QuickTime\QTSystem;C:\Arquivos de programas\IsoBuster;C:\Arquivos de programas\Pinnacle\Shared Files;C:\Arquivos de programas\Pinnacle\Shared Files\Filter

PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=2c02

ProgramFiles=C:\Arquivos de programas

PROMPT=$

QTJAVA=C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

RoxioCentral=C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\Roxio Central36\

SESSIONNAME=Console

sfxname=C:\ComboFix.exe

system=C:\WINDOWS\system32

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Master\CONFIG~1\Temp

TMP=C:\DOCUME~1\Master\CONFIG~1\Temp

USERDOMAIN=ATHLON64

USERNAME=Master

USERPROFILE=C:\Documents and Settings\Master

windir=C:\WINDOWS

 

=============================================

 

 

if not defined sfxname goto END

 

Nircmd win close ititle "ComboFix"

 

If [] == [] Set "SfxCmd="

 

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

 

if exist "C:\DOCUME~1\Master\CONFIG~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\Master\CONFIG~1\Temp\327882R2FWJFW327882R2FWJFW.log"

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

 

Volume: C:\ does not support Access Control Lists

 

 

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF25729.exe"

1 arquivo(s) copiado(s).

 

if not exist "C:\WINDOWS\system32\CF25729.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF25729.exe"

 

For /F "tokens=*" %g in ("C:\ComboFix.exe") do @(

set "FileName=%~ng"

set "FilePath=%~dpg"

)

 

Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || (

nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""

goto END

)

 

DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00

 

FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

 

If exist dirname0? del /Q dirname0?

 

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (

rd /s/q "\ComboFix"

If exist "\ComboFix" (

PV -kf findstr.exe *.cfexe

rd /s/q "\ComboFix"

)

If exist "\ComboFix" (

handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00

for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h

del /q temp00

rd /s/q "\ComboFix"

)

)

 

If exist "\ComboFix" rd /s/q "\ComboFix"

 

If exist "\ComboFix" goto :eof

 

VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||

 

CD ..

 

Set "comspec=C:\WINDOWS\system32\CF25729.exe"

 

(

echo.md "\ComboFix"

echo.Move /y "\327882R2FWJFW\*" "\ComboFix"

echo.RD /S/Q "\327882R2FWJFW"

echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF25729.exe" /k c.bat

echo.pv -kf cmd.exe

) 1>Start_.cmd

 

NirCmd exec hide "C:\WINDOWS\system32\CF25729.exe" /f:off /d /c call Start_.cmd

 

NirCmd execmd del "\327882R2FWJFW\prep.cmd"

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:25, on 2008-05-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\HiJack This\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [siemens SmartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 14679 bytes

[DigRam 144]

Bom Dia! The Blacksmith

 

Embora eu tenha seguido detalhadamente suas instruções, ao longo de três tentativas o AutoScan do ComboFix está resetando a máquina (e o pior: resetando, não reiniciando). Segue abaixo o ComboFix.txt e um arquivo chamado Bug.txt que acredito ter sido gerado também pelo ComboFix.

>@< Tentou executá-lo,em Modo de Segurança?

------------------------------

>@< DESINSTALE:

 

< G-Buster Browser Defense >

 

< G-Buster Browser Defense ABN AMRO >

 

< G-Buster Browser Defense Unibanco >

 

>@< Após desinstalar,reinicie o computador e poste um novo log do HijackThis.

 

Abraços!

[The Blacksmith 0]

Bom dia, DigRam !

 

Vamos lá:

 

01. Com o computador em Modo Seguro deu tudo certo com o ComboFix. Segue o relatório e também novo log do HJT.

 

02. Caso ainda seja necessário, como devo proceder para desinstalar os G-Buster Browser Defense ? Não consigo visualizá-los no Painel de Controle para desinstalação tradicional. É só apagar a pasta C:\Arquivos de Programas\GbPlugin ?

 

03. Uma dúvida: a pasta C:\QooBox é criada pelo ComboFix ?

 

Obrigado pelo acompanhamento e até breve !

 

 

ComboFix 08-05-12.1 - Administrador 2008-05-17 8:39:05.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.786 [GMT -3:00]

Executando de: C:\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\Arquivos comuns\{162B1~1

C:\Documents and Settings\Master\Dados de aplicativos\inst.exe

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\ssprs.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SSVCUPDATE

-------\Service_NPF

-------\Service_SsvcUpdate

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))

.

 

2008-05-15 18:06 . 2008-05-15 18:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-15 14:43 . 2008-05-15 14:44 1,914,914 --a------ C:\ComboFix.exe

2008-05-15 09:17 . 2008-05-15 09:17 <DIR> d-------- C:\Documents and Settings\Master\Dados de aplicativos\Comodo

2008-05-15 09:17 . 2008-05-15 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2008-05-13 18:03 . 2008-05-13 18:03 <DIR> d-------- C:\Arquivos de programas\IObit SmartDefrag

2008-05-13 14:03 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-05-13 14:03 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-05-13 14:03 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-05-13 14:03 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-05-13 14:03 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-05-13 14:03 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-05-12 17:36 . 2008-05-12 17:36 612 --a------ C:\WINDOWS\eReg.dat

2008-05-10 12:59 . 2008-05-10 12:59 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-05-07 15:44 . 2008-04-13 09:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys

2008-05-07 15:44 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-05-07 15:42 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003472_.tmp

2008-05-05 16:37 . 2008-05-08 15:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-05 16:37 . 2008-05-06 18:28 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-05 10:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-05 10:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-05 10:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-04 15:11 . 2008-05-04 15:11 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-05-04 14:30 . 2008-05-04 14:30 <DIR> d--hs---- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-04 14:27 . 2008-05-04 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-04 14:27 . 2008-05-04 14:27 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-04-29 19:07 . 2008-04-29 19:07 <DIR> d-------- C:\Arquivos de programas\SubSync

2008-04-29 19:07 . 2008-04-29 19:07 249,856 --------- C:\WINDOWS\Setup1.exe

2008-04-29 19:07 . 2008-04-29 19:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-24 12:19 . 2008-04-24 12:19 <DIR> d-------- C:\Arquivos de programas\OpenAL

2008-04-24 12:19 . 2008-04-24 12:19 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-04-24 12:19 . 2008-04-24 12:19 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-04-24 11:31 . 2008-04-24 11:31 <DIR> d-------- C:\Documents and Settings\Master\Dados de aplicativos\TileRacer

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 11:35 606,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-17 11:35 29,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-17 11:35 2,157,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-17 11:35 15,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-18 16:59 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-04-18 16:59 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2008-04-13 22:37 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-13 22:24 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-13 22:20 995,328 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-13 22:19 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll

2008-04-13 22:18 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll

2008-04-13 22:02 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-13 22:02 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-13 22:02 68,992 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-13 22:02 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-13 22:02 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-13 22:01 2,193,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 22:00 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-13 22:00 2,070,144 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 21:59 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-13 21:59 153,984 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-13 21:58 86,016 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-13 21:58 86,016 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-04-13 21:58 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-13 21:58 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-13 21:57 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-13 21:57 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-13 21:57 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-13 21:56 563,712 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-13 21:56 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-13 21:55 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-13 21:55 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-13 21:54 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-13 21:54 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-13 21:54 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 21:53 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 21:53 58,240 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-13 21:53 53,248 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-13 21:53 273,280 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-13 21:52 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-13 21:51 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-13 21:51 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-13 21:51 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-13 21:50 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-13 21:50 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-13 21:50 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 15:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 15:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 15:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 15:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 15:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 15:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 15:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 15:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 15:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 15:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 15:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 15:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 15:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 15:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 15:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 15:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 15:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 15:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 15:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 15:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 15:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 15:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 14:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 14:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 14:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 14:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 14:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 14:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 14:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 14:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 14:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 14:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 14:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 14:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 14:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 14:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 14:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 14:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 14:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 14:55 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2008-04-13 14:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 14:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 14:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 14:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 14:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 14:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 14:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 14:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 14:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 14:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 14:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

2008-04-13 14:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 14:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 14:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol 120\axcmd.exe" [2007-07-02 07:29 220544]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52 1368064]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]

"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]

"LifeCam"="C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"Siemens SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-03-16 10:15 45056]

"NvMediaCenter"="NvMCTray.dll" [2007-06-29 00:43 81920 C:\WINDOWS\system32\nvmctray.dll]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]

"DMXLauncher"="C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]

"RoxWatchTray"="C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 19:20 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 19:21 1695232]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-06-19 14:24:54 25214]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-04-23 17:25 373672]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2008-04-15 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2008-04-28 15:15 373152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-04-23 17:25 373672 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

C:\ARQUIV~1\GbPlugin\gbiehuni.dll 2008-04-28 15:15 373152 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-04-23 17:25 373672 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll 2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Games\\Medal of Honor Pacific Assault\\mohpa.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

 

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 10:21]

R2 MSCamSvc;MSCamSvc;"C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]

R2 NMSAccessU;NMSAccessU;C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 10:16]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]

R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-10 12:10]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 RoxMediaDB10;RoxMediaDB10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]

R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]

S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-09-12 16:40]

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-05-17 11:43:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-01-23 12:22:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-05-12 12:31:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-11-05 13:21:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-17 08:44:10

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

------------------------ Other Running Processes ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\WINDOWS DEFENDER\MSMPENG.EXE

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\GBPSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\ARQUIVOS DE PROGRAMAS\CYBERLINK\SHARED FILES\RICHVIDEO.EXE

C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

C:\ARQUIVOS DE PROGRAMAS\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-17 8:46:25 - machine was rebooted [Master]

ComboFix-quarantined-files.txt 2008-05-17 11:46:18

 

Pre-Run: 22,472,212,480 bytes disponíveis

Post-Run: 22,353,035,264 bytes dispon¡veis

 

293 --- E O F --- 2008-05-17 11:09:32

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 08:57:26, on 17/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\HiJack This\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [siemens SmartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 14346 bytes

[DigRam 144]

Bom Dia! The Blacksmith

 

<!> Desculpe-me a demora,pois fiquei alguns dias sem Internet.

--------------------------

02. Caso ainda seja necessário, como devo proceder para desinstalar os G-Buster Browser Defense ? Não consigo visualizá-los no Painel de Controle para desinstalação tradicional. É só apagar a pasta C:\Arquivos de Programas\GbPlugin ?

<@> A desinstalação,não é tradicional e dá um pouco de trabalho!

<@> Siga as recomendações,deste tutorial,e depois retorne com um novo log do HijackThis.

 

<@> < Tutorial de desinstalação >

 

03. Uma dúvida: a pasta C:\QooBox é criada pelo ComboFix ?

<@> Sim!

 

Abraços!

[The Blacksmith 0]

Olá, DigRam.

É bom ter você de volta !

 

Há dois dias atrás, sem a realização de qualquer procedimento, os problemas de lentidão generalizada e travamentos durante os vídeos e jogos aparentemente desapareceram. É bem verdade que - em modo seguro - conseguimos rodar o ComboFix, mas não sei se isso ajudou ou não.

 

Achei a desinstalação do G-Buster Browser Defense muito complicada (e arriscada) e como tudo parece estar funcionando bem novamente vou deixá-lo quieto por enquanto.

O que você acha ?

 

Aqui vai um novo log do HJT para que você possa verificar se está tudo bem e se mais alguma providência é necessária.

 

Obrigado e até breve !

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 14:12:56, on 25/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\HiJack This\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [siemens SmartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 14634 bytes

[DigRam 144]

Boa Tarde! The Blacksmith

 

>@< No Executar,digite: ComboFix.exe /u >> Clique: OK

>@< Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

---------------------------

Achei a desinstalação do G-Buster Browser Defense muito complicada (e arriscada) e como tudo parece estar funcionando bem novamente vou deixá-lo quieto por enquanto.

O que você acha ?

>@< Pode abortar o procedimento!

---------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O log está limpo!

 

Abraços!

[The Blacksmith 0]

Valeu, DigRam ! :thumbsup:

 

Agradeço muito o acompanhamento ao longo de todos esses dias.

 

Obrigado e até a próxima !

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.