[Resolvido!] Rundll Gbplug

[ItaloCCSL 0]

Galera é o seguinte...

Sou um pouco novo nesse negocio de computação e tenho algumas dificuldades em certas coisas aqui no meu pc.

Uma delas é que está aparecendo a seguinte mensagem na tela do meu computador sempre que eu inicio ele, ai segue a frase:

"Erro ao carregar C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

 

Não foi possível encontrar o módulo especificado."

 

Exatamente assim e aparece numa janela de nome "RUNDLL".

Gostaria de saber como posso ajeitar isso e se esses "~" que aparecem nas palavras "ARQUIV~1" e "GBPLUG~1" também são erros.

 

Solicito o conhecimento e a experiência de vocês para que possam me ajudar.

 

Também tenho problemas com lentidão tanto na internet, que não é discada, quanto nos outros programas como os de música e vídeos - O Windows Media Player demora muito para abrir as músicas e os vídeos. E até para abrir pastas ele está lento. =/

 

Ai seguem algumas referências do meu computador:

 

Sistema:

 

Microsoft Windows XP

Professional

Versão 2002

Service Pack 2

 

Computador:

 

Intel®

Celeron® CPU 2.26GHz

2.27 GHz, 240 MB de RAM

 

Eu uso o Mozilla Firefox 3

Tenho o CCleaner

Meu anti-vírus é o Avira AntiVir Personal - Free Antivirus

Vou baixar hoje o programa BankerFix.

 

Se não for pedir muito dava para vocês darem uma avaliada no meu pc e dizer o que que eu devo fazer para ele ter um ótimo desempenho e as melhores atualizações.

 

Desculpe se pedi demais e ocupei o tempo de vocês. :unsure:

[PedroN 1]

• Faça o download do HijackThis

http://linhadefensiva.uol.com.br/dl/hijackthis

 

• Salve no Seu desktop

 

• Abra o HijackThis e clique em Do a system scan and save a logfile

 

• O seu editor de texto abrirá com o log (bloco de notas) copie todo o contéudo e poste aqui.

 

Abraços

[ItaloCCSL 0]

Caro Sr. Perfect fiz o que você pediu.

Aqui vai o que apareceu no meu bloco de notas:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:40:31, on 4/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm119YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

Espero que possa me ajudar.

Aguardo sua resposta. :closedeyes:

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[ItaloCCSL 0]

Cara é o seguinte.

 

Eu baixei combofix e salvei no meu desxtop, como tu pedistes, só que eu não sei muito bem mas tenho quase certeza que fiz uma burrada, porque eu fechei os programas só que deixei o antivirus ligado.(Avira)

 

Ai o Windows mandou uma caixinha com o escudo vermelho e perguntando se eu realmente queria executar o programa, ai eu confirmei e quase que imediato o Avira disse que era um vírus.

 

Ai eu fui ignorando as mensagens até onde a minha paciência aguentava, mas teve momentos em que só apertava "enter" e era na opção "denty acess" a qual já vinha marcado.

Ai chegava a aparecer acesso negado - não me surpreendi.

A minha área de trabalho chegou a sumir e a só aparecer o meu papel de parede.

Ele alterou as definições do meu relógio.(quando voltará ao normal?)

 

Depois de todos os processos e de ele ter reiniciado novamente apareceu a mensagem de erro no Gbplug e apareceu na minha área de trabalho o ícone da internet explore, a qual não utilizo.

 

Fui procurar o relatório e tai ele.

 

ComboFix 08-07-04.1 - Ítalo César 2008-07-04 16:47:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.60 [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo César.HOME\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\Ítalo César.HOME\err.log

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\kddiy.exe

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))

.

 

2008-07-03 18:57 . 2006-10-04 11:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SETA0.tmp

2008-07-02 22:51 . 2008-07-03 19:14 <DIR> d----c--- C:\Arquivos de programas\NitroPC

2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Yahoo! Companion

2008-06-26 19:04 . 2008-06-26 19:04 <DIR> d----c--- C:\WINDOWS\Sun

2008-06-20 19:07 . 2008-07-03 18:57 1,355 --a--c--- C:\WINDOWS\imsins.BAK

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-06 20:33 . 2008-06-06 21:07 <DIR> d----c--- C:\Arquivos de programas\SopCast

2008-06-06 20:32 . 2008-06-08 15:30 <DIR> d----c--- C:\Arquivos de programas\Megacubo

2008-06-04 13:19 . 2008-06-04 13:19 453 --a--c--- C:\WINDOWS\Brazil

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 19:31 --------- dc----w C:\Arquivos de programas\RocketDock

2008-06-26 19:30 --------- dc----w C:\Arquivos de programas\OnGame

2008-06-26 17:23 --------- dc----w C:\Arquivos de programas\MediaCoder

2008-06-26 04:45 --------- dc----w C:\Arquivos de programas\Microsoft Works

2008-06-18 08:57 --------- dc----w C:\Arquivos de programas\Yahoo!

2008-06-08 18:32 --------- dc----w C:\Arquivos de programas\VideoLAN

2008-05-22 17:39 --------- dc----w C:\Arquivos de programas\VisualTaskTips

2008-05-22 17:37 --------- dc----w C:\Arquivos de programas\FlashGet

2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 2,660,864 -c--a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 661,504 -c--a-w C:\WINDOWS\system32\wininet.dll

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-03 01:43 171,008 -c--a-w C:\Arquivos de programas\FLV PlayerRCSetup.exe

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\XPize Darkside\Backup\explorer.exe

 

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\XPize Darkside\Backup\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 19:29 62976]

"XPize Darkside Reloader"="C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 12:12 112737]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 30208]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 21:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 21:27 126976]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-02 21:24 282624]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-30 13:37 262401]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 593920 C:\WINDOWS\Soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb05430-d7f5-11dc-9398-000fead92af6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - F:\wbsinstalls.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-04 20:00:02 C:\WINDOWS\Tasks\A5C7D765918C52D1.job"

- c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

"2008-07-04 03:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 13:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 18:00:05 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 20:00:02 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 04:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 22:00:03 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 23:00:05 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 00:00:02 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 01:00:04 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 02:00:01 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-03 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\7C1CH28X.exe

"2008-07-04 19:43:03 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

 

 

 

Peço desculpas se cometi algum erro, pois não tenho uma boa experiência com computadores.

Espero que você me ajude, e se alguém mais entender do assunto, por favor deixem recado.

 

:mellow:

[ItaloCCSL 0]

Desculpa esqueci do relatório do hijackthis.

 

Ai vai:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:53, on 2008-07-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm119YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

Não creio que tenha acontecido alguma mudança. :mellow:

[Silas Martins 0]

Selecione e copie o texto abaixo, Abra o Bloco de notas e copie a entrada abaixo citada:

File::

c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

C:\WINDOWS\system32\7C1CH28X.exe

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At12.job"

C:\WINDOWS\Tasks\At13.job"

C:\WINDOWS\Tasks\At14.job"

C:\WINDOWS\Tasks\At15.job"

C:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At18.job"

C:\WINDOWS\Tasks\At19.job"

C:\WINDOWS\Tasks\At2.job"

C:\WINDOWS\Tasks\At20.job"

C:\WINDOWS\Tasks\At21.job"

C:\WINDOWS\Tasks\At22.job"

C:\WINDOWS\Tasks\At23.job"

C:\WINDOWS\Tasks\At24.job"

C:\WINDOWS\Tasks\At3.job"

C:\WINDOWS\Tasks\At4.job"

C:\WINDOWS\Tasks\At5.job"

C:\WINDOWS\Tasks\At6.job"

C:\WINDOWS\Tasks\At7.job"

C:\WINDOWS\Tasks\At8.job"

C:\WINDOWS\Tasks\At9.job"

 

Salve então, na área de trabalho, com o nome de CFScript.txt

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o juntamente com o novo log do hijackthis

[ItaloCCSL 0]

Caro Silas.

 

Fiz o que me pediste, mas o erro voltou a aparecer e uma nova mensagem apareceu na minha área de trabalho que foi essa:

"desp2k.exe - Não foi possível localizar componente. Este aplicativo não pôde ser iniciado porque não foi encontrado wpcap.dll. A reinstalação do aplicativo pode corrigir o problema."

 

O que devo fazer para este novo problema?

 

Aqui está meu log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55, on 2008-07-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm119YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8465 bytes

 

Aqui vai o do combofix:

 

ComboFix 08-07-04.6 - Ítalo César 2008-07-05 20:31:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.33 [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo César.HOME\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ítalo César.HOME\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

C:\WINDOWS\system32\7C1CH28X.exe

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At12.job"

C:\WINDOWS\Tasks\At13.job"

C:\WINDOWS\Tasks\At14.job"

C:\WINDOWS\Tasks\At15.job"

C:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At18.job"

C:\WINDOWS\Tasks\At19.job"

C:\WINDOWS\Tasks\At2.job"

C:\WINDOWS\Tasks\At20.job"

C:\WINDOWS\Tasks\At21.job"

C:\WINDOWS\Tasks\At22.job"

C:\WINDOWS\Tasks\At23.job"

C:\WINDOWS\Tasks\At24.job"

C:\WINDOWS\Tasks\At3.job"

C:\WINDOWS\Tasks\At4.job"

C:\WINDOWS\Tasks\At5.job"

C:\WINDOWS\Tasks\At6.job"

C:\WINDOWS\Tasks\At7.job"

C:\WINDOWS\Tasks\At8.job"

C:\WINDOWS\Tasks\At9.job"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

---- Previous Run -------

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\Ítalo César.HOME\err.log

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\kddiy.exe

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

-------\Legacy_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))))

.

 

2008-07-04 20:47 . 2008-07-04 20:47 <DIR> d----c--- C:\HijackThis

2008-07-03 18:57 . 2006-10-04 11:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SETA0.tmp

2008-07-02 22:51 . 2008-07-03 19:14 <DIR> d----c--- C:\Arquivos de programas\NitroPC

2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Yahoo! Companion

2008-06-26 19:04 . 2008-06-26 19:04 <DIR> d----c--- C:\WINDOWS\Sun

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-06 20:33 . 2008-06-06 21:07 <DIR> d----c--- C:\Arquivos de programas\SopCast

2008-06-06 20:32 . 2008-06-08 15:30 <DIR> d----c--- C:\Arquivos de programas\Megacubo

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 19:31 --------- dc----w C:\Arquivos de programas\RocketDock

2008-06-26 19:30 --------- dc----w C:\Arquivos de programas\OnGame

2008-06-26 17:23 --------- dc----w C:\Arquivos de programas\MediaCoder

2008-06-26 04:45 --------- dc----w C:\Arquivos de programas\Microsoft Works

2008-06-18 08:57 --------- dc----w C:\Arquivos de programas\Yahoo!

2008-06-08 18:32 --------- dc----w C:\Arquivos de programas\VideoLAN

2008-05-22 17:39 --------- dc----w C:\Arquivos de programas\VisualTaskTips

2008-05-22 17:37 --------- dc----w C:\Arquivos de programas\FlashGet

2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-03 01:43 171,008 -c--a-w C:\Arquivos de programas\FLV PlayerRCSetup.exe

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\XPize Darkside\Backup\explorer.exe

 

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\XPize Darkside\Backup\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-04_17.13.35.89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-04 20:02:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-05 23:37:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2000-08-31 11:00:00 28,672 -c--a-w C:\WINDOWS\Nircmd.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 19:29 62976]

"XPize Darkside Reloader"="C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 12:12 112737]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 30208]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 21:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 21:27 126976]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-02 21:24 282624]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-30 13:37 262401]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Cmaudio"="cmicnfg.cpl" [bU]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 593920 C:\WINDOWS\Soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"gbieh.1"="C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb05430-d7f5-11dc-9398-000fead92af6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - F:\wbsinstalls.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-05 23:00:00 C:\WINDOWS\Tasks\A5C7D765918C52D1.job"

- c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

"2008-07-05 23:43:10 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

 

Por favor me ajude. :mellow:

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm119YYBR

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[ItaloCCSL 0]

Silas.

 

O erro do Gbplug não apareceu dessa vez que eu fiz o que você me pediu e reiniciei o meu computador.

Muitíssimo obrigado. :thumbsup:

 

 

Porém ainda tem esse erro do desp2k.exe na wpcap.dll. que surgiu depois que eu fiz aquela besteira que eu comentei num dos tópicos ai em cima que foi na primeira vez que usei o combofix :mellow:

 

Você poderia me ajudar?

 

 

Aqui está o log do hijackthis que você me pediu:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:39, on 2008-07-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7689 bytes

 

 

 

Novamente muito obrigado por ter solucionado o erro do Gbplug.

[Silas Martins 0]

Seu casoo apartir daqui será acompanhado de um moderador.

Boa sorte

[ItaloCCSL 0]

Muito obrigado Silas pela ajuda que você me deu. :thumbsup:

 

Você solucionou o erro que eu pedi ajuda e esse outro que apareceu foi mais por má informação minha com o procedimento do combofix, pelo menos é o que parece ser. :unsure:

 

Estarei aguardando algum moderador o quanto antes. :mellow:

[Mário Monteiro 179]

Silas voce pode continuar com esta analise, ja que ja está interagindo com ela

 

Isto é se nao tiver problema para voce

[ItaloCCSL 0]

E agora?

Se ele não olhar esse tópico mais?

 

O Silas já me ajudou com o erro do tópico que era o principal.

Deve ter sido trabalhoso para ele ou algo assim, já que ainda não entendo como analisar os erros e achar a solução.

 

Por favor se poderem me ajudar ficarei muito grato. :)

[Silas Martins 0]

Irei reassumir

O que ocorre é um aviso de erro na iniciaçiazação.

Faça o seguinte vá em iniciar>>executar e clique, ao aparecer o executar digite msconfig, depois vá na aba inicialização, e lá verifique a presença do desp2k.exe se ele tiver marcado para iniciar junto ao windows desmarque.

 

Atenção, peço que crie um ponto de restauração de sistema antes de fazer essa alteração.

 

 

Off-topic: Só pra confirmar você usa Velox?

[ItaloCCSL 0]

Irei reassumir

O que ocorre é um aviso de erro na iniciaçiazação.

Faça o seguinte vá em iniciar>>executar e clique, ao aparecer o executar digite msconfig, depois vá na aba inicialização, e lá verifique a presença do desp2k.exe se ele tiver marcado para iniciar junto ao windows desmarque.

 

Atenção, peço que crie um ponto de restauração de sistema antes de fazer essa alteração.

 

 

Off-topic: Só pra confirmar você usa Velox?

 

-Acabei de fazer o que você me pediu e vou reiniciar o computador.

 

-Uso Velox, sim.

 

Valeu por reassumir. :thumbsup:

[Silas Martins 0]

O problema perssite?

[ItaloCCSL 0]

Pronto o erro sumiu.

[Silas Martins 0]

Caso Resolvido

[ItaloCCSL 0]

Resolvido