[Resolvido!] Análise de LOG

[CrBonet 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:51, on 20/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HJT\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 9658 bytes

 

 

 

 

 

Grato pela atenção!!!

[PedroN 1]

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

[CrBonet 0]

Olá, fiz tudo como você falou ai vão os logs

Um grande abraço e obrigado por enquanto

 

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1076

Windows 5.1.2600 Service Pack 3

 

13:16:03 21/8/2008

mbam-log-08-21-2008 (13-16-03).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 42239

Tempo decorrido: 2 minute(s), 40 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:16:44, on 21/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rsvp.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HJT\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 9718 bytes

[PedroN 1]

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[CrBonet 0]

Amigo, eh o seguinte, eu fiz o q você falou, começa a passar o combo numa boa, mas ai do nada ele aparece uma tela azul e reinicia o pc.

Tentei varias vezes e todas deu a mesma coisa...

Mesmo assim, postei o relatório...

Um grande abraço

 

 

ComboFix 08-08-21.01 - Ricardo 2008-08-21 22:29:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1474 [GMT -3:00]

Executando de: D:\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

[PedroN 1]

Execute o combofix em modo segurança ;)

[CrBonet 0]

Olá, fiz como você mandou, executei o Combo em Modo de Segurança

Abaixo vai o relatório

Me desculpe naum ter feito antes, o negócio e que tive q viajar...

 

Um grande abraço

 

LOG

 

 

ComboFix 08-08-21.01 - Ricardo 2008-08-27 23:18:58.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1723 [GMT -3:00]

Executando de: D:\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\WINDOWS\LastGood

2008-08-23 23:54 . 2008-08-26 22:17 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-23 23:54 . 2008-08-23 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2008-08-23 23:54 . 2008-08-23 23:56 <DIR> d-------- C:\Arquivos de programas\DAP

2008-08-23 23:54 . 2008-08-23 23:54 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-08-23 23:54 . 2008-08-23 23:54 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-08-23 23:54 . 2008-08-23 23:54 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Malwarebytes

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-08-21 13:09 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-21 13:09 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-20 12:39 . 2008-08-21 13:16 <DIR> d-------- C:\HJT

2008-08-19 22:32 . 2008-08-02 19:19 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-08-19 22:32 . 2008-08-27 23:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-08-19 22:32 . 2008-08-19 22:34 <DIR> d-------- C:\Documents and Settings\Administrador

2008-08-19 22:26 . 2008-08-19 22:34 <DIR> d-------- C:\LinhaDefensiva

2008-08-18 21:47 . 2008-08-18 22:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Paltalk

2008-08-18 21:46 . 2008-08-18 22:13 <DIR> d-------- C:\WINDOWS\Paltalk Messenger

2008-08-18 21:46 . 2008-08-18 22:20 <DIR> d-------- C:\Arquivos de programas\Paltalk Messenger

2008-08-18 01:54 . 2008-08-18 01:54 <DIR> d-------- C:\WINDOWS\Sun

2008-08-18 01:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-18 01:53 . 2008-08-18 01:54 <DIR> d-------- C:\Arquivos de programas\Java

2008-08-18 01:40 . 2008-08-18 01:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-08-18 00:02 . 2008-08-18 02:00 <DIR> d--h----- C:\Arquivos de programas\Scpad

2008-08-15 01:08 . 2008-08-15 02:05 <DIR> d-------- C:\Arquivos de programas\epson

2008-08-13 00:52 . 2008-05-01 11:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-13 00:46 . 2008-04-11 16:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-12 17:12 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-12 17:12 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-12 00:12 . 2008-08-12 00:12 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-08-09 18:13 . 2008-08-09 18:13 <DIR> d-------- C:\Documents and Settings\Ricardo\Phone Browser

2008-08-09 18:13 . 2008-08-09 18:13 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\DataLayer

2008-08-07 19:33 . 2008-08-12 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-08-07 19:33 . 2008-08-19 18:25 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-08-06 17:10 . 2008-08-06 17:10 <DIR> dr-h----- C:\Documents and Settings\Ricardo\Dados de aplicativos\SecuROM

2008-08-06 17:10 . 2008-08-06 17:10 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-08-06 17:10 . 2008-08-06 17:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-06 16:57 . 2008-08-06 16:57 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-08-04 12:31 . 2008-08-26 18:48 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\BrOffice.org2

2008-08-04 12:19 . 2008-08-04 12:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-04 12:14 . 2008-08-04 12:15 <DIR> d-------- C:\Arquivos de programas\BrOffice.org 2.0

2008-08-03 23:20 . 2008-08-03 23:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\CyberLink

2008-08-03 21:49 . 2008-08-04 12:17 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\AdobeUM

2008-08-03 17:05 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-03 17:05 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-03 16:06 . 2008-08-03 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-08-03 15:49 . 2008-06-23 13:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-08-03 15:49 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-03 15:49 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-03 15:49 . 2008-06-23 13:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-08-03 15:49 . 2008-06-23 13:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-08-03 15:49 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-03 15:49 . 2008-06-23 13:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-08-03 15:49 . 2008-06-23 13:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-08-03 15:49 . 2008-06-23 13:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-08-03 15:49 . 2008-06-23 06:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-03 15:22 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-03 14:58 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-08-03 14:58 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-08-03 14:58 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-08-03 14:58 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-08-03 14:58 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-08-03 14:02 . 2008-08-03 15:15 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-08-03 13:54 . 2008-08-07 16:02 <DIR> d-------- C:\Documents and Settings\Ricardo\Contacts

2008-08-03 13:48 . 2008-08-26 01:13 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-03 13:31 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-03 13:29 . 2008-08-03 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-03 13:29 . 2008-08-03 13:53 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-03 13:29 . 2008-08-03 13:52 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-03 13:25 . 2008-08-03 13:25 <DIR> d--hs---- C:\Documents and Settings\Ricardo\UserData

2008-08-03 00:02 . 2001-09-06 00:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-03 00:02 . 2001-09-06 00:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-03 00:02 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-03 00:02 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-02 23:51 . 2008-08-02 23:52 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Media Player Classic

2008-08-02 23:20 . 2008-08-02 23:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Nokia Multimedia Player

2008-08-02 23:07 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-08-02 23:03 . 2008-08-02 23:03 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Nokia

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\PC Suite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Nokia

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-08-02 22:52 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-08-02 22:52 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-08-02 22:52 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-08-02 22:52 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-08-02 22:52 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-08-02 22:52 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-08-02 22:52 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-08-02 22:51 . 2008-08-02 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-08-02 21:34 . 2008-08-02 21:34 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-08-02 21:34 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-02 21:34 . 2008-08-02 21:34 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-02 21:33 . 2008-08-02 21:33 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-02 21:29 . 2008-08-17 01:07 1,572,867 --a------ C:\WINDOWS\BsSnap.pre

2008-08-02 21:27 . 2004-12-31 15:39 212 -r------- C:\WINDOWS\OEM.ini

2008-08-02 21:26 . 2008-08-02 21:26 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\InstallShield

2008-08-02 21:22 . 2008-08-02 21:23 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-02 21:22 . 2004-10-14 08:33 2,024,448 --a------ C:\WINDOWS\system32\divx.dll

2008-08-02 21:19 . 2008-08-02 21:19 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-08-02 21:18 . 2008-08-15 11:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-02 21:11 . 2008-08-02 21:11 4,444 --a------ C:\WINDOWS\system32\pid.PNF

2008-08-02 21:06 . 2008-08-02 21:06 <DIR> d-------- C:\Arquivos de programas\BraZip

2008-08-02 20:39 . 2008-08-02 20:39 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-02 20:32 . 2008-08-02 20:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-02 20:31 . 2008-04-13 19:20 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-08-02 20:29 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002670_.tmp

2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Arquivos de programas\HighMAT CD Writing Wizard

2008-08-02 20:06 . 2008-08-26 18:57 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-02 20:04 . 2008-08-02 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-02 20:00 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 16:31 --------- d-----w C:\Documents and Settings\Ricardo\Dados de aplicativos\Ahead

2008-08-06 15:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-03 00:26 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-02 23:00 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-02 22:59 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-02 22:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-08-02 22:52 --------- d-----w C:\Arquivos de programas\Nero

2008-08-02 22:40 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-02 22:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-02 22:24 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-02 22:22 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-02 22:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.EXE" [2008-08-23 23:54 3053056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 23:48 7561216]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-04-05 06:36 565248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BisonHK"="C:\WINDOWS\BisonCam\BisonHK.exe" [2007-10-03 06:46 77824]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"nwiz"="nwiz.exe" [2006-04-26 23:48 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 09:05 16239616 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

C:\Documents and Settings\Ricardo\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.0.lnk - C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe [2006-07-04 14:37:18 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= "C:\Arquivos de programas\Scpad\scpLIB.dll" [2007-12-12 11:32 201984]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" [2008-05-15 08:33 374600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 11:32 201984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-05-15 08:33 374600 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-23 06:54]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{181e6fe4-63ec-11dd-90cd-0015af656ed4}]

\Shell\AutoRun\command - F:\nby.bat

\Shell\explore\Command - F:\nby.bat

\Shell\open\Command - F:\nby.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1a1a14-68e7-11dd-90ea-0015af656ed4}]

\Shell\AutoRun\command - nby.bat

\Shell\explore\Command - nby.bat

\Shell\open\Command - nby.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c924684-65ad-11dd-90da-0015af656ed4}]

\Shell\AutoRun\command - F:\gb.bat

\Shell\explore\Command - F:\gb.bat

\Shell\open\Command - F:\gb.bat

 

*Newly Created Service* - CATCHME

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/

O8 -: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 -: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 -: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll

O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll

 

O16 -: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - hxxp://www.sgnet-rs.com.br/activex/xplug.ocx

C:\WINDOWS\Downloaded Program Files\xplug.ocx

 

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

C:\WINDOWS\Downloaded Program Files\gbpdist.inf

C:\WINDOWS\Downloaded Program Files\gbpdist.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-27 23:22:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\DOCUME~1\Ricardo\CONFIG~1\Temp\RGI1.tmp

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

Tempo para conclusão: 2008-08-27 23:22:58

ComboFix-quarantined-files.txt 2008-08-28 02:22:49

 

Pre-Run: 7 pasta(s) 26,987,122,688 bytes disponíveis

Post-Run: 9 pasta(s) 27,449,794,560 bytes disponíveis

 

270 --- E O F --- 2008-08-26 21:58:01

[PedroN 1]

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

F:\nby.bat

F:\gb.bat

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{181e6fe4-63ec-11dd-90cd-0015af656ed4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1a1a14-68e7-11dd-90ea-0015af656ed4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c924684-65ad-11dd-90da-0015af656ed4}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[CrBonet 0]

Aki o log do Combo

 

ComboFix 08-08-28.04 - Ricardo 2008-08-29 1:14:27.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1732 [GMT -3:00]

Executando de: C:\Documents and Settings\Ricardo\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ricardo\Desktop\CFScript.txt

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

F:\gb.bat

F:\nby.bat

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

F:\autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))

.

 

2008-08-23 23:54 . 2008-08-29 01:08 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-23 23:54 . 2008-08-23 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2008-08-23 23:54 . 2008-08-23 23:56 <DIR> d-------- C:\Arquivos de programas\DAP

2008-08-23 23:54 . 2008-08-23 23:54 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-08-23 23:54 . 2008-08-23 23:54 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-08-23 23:54 . 2008-08-23 23:54 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Malwarebytes

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-08-21 13:09 . 2008-08-21 13:09 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-08-21 13:09 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-21 13:09 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-20 12:39 . 2008-08-21 13:16 <DIR> d-------- C:\HJT

2008-08-19 22:32 . 2008-08-02 19:19 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-08-19 22:32 . 2008-08-29 01:16 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-08-19 22:32 . 2008-08-02 16:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-08-19 22:32 . 2008-08-19 22:34 <DIR> d-------- C:\Documents and Settings\Administrador

2008-08-19 22:26 . 2008-08-19 22:34 <DIR> d-------- C:\LinhaDefensiva

2008-08-18 21:47 . 2008-08-18 22:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Paltalk

2008-08-18 21:46 . 2008-08-18 22:13 <DIR> d-------- C:\WINDOWS\Paltalk Messenger

2008-08-18 21:46 . 2008-08-18 22:20 <DIR> d-------- C:\Arquivos de programas\Paltalk Messenger

2008-08-18 01:54 . 2008-08-18 01:54 <DIR> d-------- C:\WINDOWS\Sun

2008-08-18 01:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-18 01:53 . 2008-08-18 01:54 <DIR> d-------- C:\Arquivos de programas\Java

2008-08-18 01:40 . 2008-08-18 01:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-08-18 00:02 . 2008-08-18 02:00 <DIR> d--h----- C:\Arquivos de programas\Scpad

2008-08-15 01:08 . 2008-08-15 02:05 <DIR> d-------- C:\Arquivos de programas\epson

2008-08-13 00:52 . 2008-05-01 11:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-13 00:46 . 2008-04-11 16:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-12 17:12 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-12 17:12 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-12 00:12 . 2008-08-12 00:12 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-08-09 18:13 . 2008-08-09 18:13 <DIR> d-------- C:\Documents and Settings\Ricardo\Phone Browser

2008-08-09 18:13 . 2008-08-09 18:13 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\DataLayer

2008-08-07 19:33 . 2008-08-12 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-08-07 19:33 . 2008-08-19 18:25 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-08-06 17:10 . 2008-08-06 17:10 <DIR> dr-h----- C:\Documents and Settings\Ricardo\Dados de aplicativos\SecuROM

2008-08-06 17:10 . 2008-08-06 17:10 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-08-06 17:10 . 2008-08-06 17:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-06 16:57 . 2008-08-06 16:57 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-08-04 12:31 . 2008-08-29 01:08 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\BrOffice.org2

2008-08-04 12:19 . 2008-08-04 12:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-04 12:14 . 2008-08-04 12:15 <DIR> d-------- C:\Arquivos de programas\BrOffice.org 2.0

2008-08-03 23:20 . 2008-08-03 23:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\CyberLink

2008-08-03 21:49 . 2008-08-04 12:17 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\AdobeUM

2008-08-03 17:05 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-03 17:05 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-03 16:06 . 2008-08-03 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-08-03 15:49 . 2008-06-23 13:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-08-03 15:49 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-03 15:49 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-03 15:49 . 2008-06-23 13:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-08-03 15:49 . 2008-06-23 13:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-08-03 15:49 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-03 15:49 . 2008-06-23 13:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-08-03 15:49 . 2008-06-23 13:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-08-03 15:49 . 2008-06-23 13:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-08-03 15:49 . 2008-06-23 06:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-03 15:22 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-03 14:58 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-08-03 14:58 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-08-03 14:58 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-08-03 14:58 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-08-03 14:58 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-08-03 14:02 . 2008-08-03 15:15 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-08-03 13:54 . 2008-08-07 16:02 <DIR> d-------- C:\Documents and Settings\Ricardo\Contacts

2008-08-03 13:48 . 2008-08-26 01:13 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-03 13:31 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-03 13:29 . 2008-08-03 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-03 13:29 . 2008-08-03 13:53 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-03 13:29 . 2008-08-03 13:52 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-03 13:25 . 2008-08-03 13:25 <DIR> d--hs---- C:\Documents and Settings\Ricardo\UserData

2008-08-03 00:02 . 2001-09-06 00:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-03 00:02 . 2001-09-06 00:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-03 00:02 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-03 00:02 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-02 23:51 . 2008-08-02 23:52 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Media Player Classic

2008-08-02 23:20 . 2008-08-02 23:20 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Nokia Multimedia Player

2008-08-02 23:07 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-08-02 23:03 . 2008-08-02 23:03 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Nokia

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\PC Suite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Nokia

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-08-02 22:52 . 2008-08-02 22:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-08-02 22:52 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-08-02 22:52 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-08-02 22:52 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-08-02 22:52 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-08-02 22:52 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-08-02 22:52 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-08-02 22:52 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-08-02 22:51 . 2008-08-02 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-08-02 21:34 . 2008-08-02 21:34 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-08-02 21:34 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-02 21:34 . 2008-08-02 21:34 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-02 21:33 . 2008-08-02 21:33 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-02 21:29 . 2008-08-17 01:07 1,572,867 --a------ C:\WINDOWS\BsSnap.pre

2008-08-02 21:27 . 2004-12-31 15:39 212 -r------- C:\WINDOWS\OEM.ini

2008-08-02 21:26 . 2008-08-02 21:26 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\InstallShield

2008-08-02 21:22 . 2008-08-02 21:23 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-02 21:22 . 2004-10-14 08:33 2,024,448 --a------ C:\WINDOWS\system32\divx.dll

2008-08-02 21:19 . 2008-08-02 21:19 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-08-02 21:18 . 2008-08-15 11:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-02 21:11 . 2008-08-02 21:11 4,444 --a------ C:\WINDOWS\system32\pid.PNF

2008-08-02 21:06 . 2008-08-02 21:06 <DIR> d-------- C:\Arquivos de programas\BraZip

2008-08-02 20:39 . 2008-08-02 20:39 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-02 20:32 . 2008-08-02 20:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-02 20:31 . 2008-04-13 19:20 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-08-02 20:29 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002670_.tmp

2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Arquivos de programas\HighMAT CD Writing Wizard

2008-08-02 20:06 . 2008-08-26 18:57 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-02 20:04 . 2008-08-02 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-02 20:00 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 16:31 --------- d-----w C:\Documents and Settings\Ricardo\Dados de aplicativos\Ahead

2008-08-06 15:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-03 00:26 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-02 23:00 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-02 22:59 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-02 22:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-08-02 22:52 --------- d-----w C:\Arquivos de programas\Nero

2008-08-02 22:40 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-02 22:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-02 22:24 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-02 22:22 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-02 22:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.EXE" [2008-08-23 23:54 3053056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 23:48 7561216]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-04-05 06:36 565248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BisonHK"="C:\WINDOWS\BisonCam\BisonHK.exe" [2007-10-03 06:46 77824]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"nwiz"="nwiz.exe" [2006-04-26 23:48 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 09:05 16239616 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

C:\Documents and Settings\Ricardo\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.0.lnk - C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe [2006-07-04 14:37:18 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= "C:\Arquivos de programas\Scpad\scpLIB.dll" [2007-12-12 11:32 201984]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" [2008-05-15 08:33 374600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 11:32 201984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-05-15 08:33 374600 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-23 06:54]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-29 01:17:18

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-29 1:18:21

ComboFix-quarantined-files.txt 2008-08-29 04:18:18

 

Pre-Run: 7 pasta(s) 27,353,825,280 bytes disponíveis

Post-Run: 8 pasta(s) 27,402,817,536 bytes disponíveis

 

245 --- E O F --- 2008-08-26 21:58:01

 

 

 

LOG DO HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:20:43, on 29/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HJT\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 9229 bytes

[PedroN 1]

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

Rode a ferramenta hijackthis, Clique em Do a System Scan Only e marque as caixinhas relacionadas abaixo na caixa cinza ao final da seleção clique em Fix Checked.

 

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

 

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

 

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

 

Reinicie em modo normal, e poste um novo log do hijackthis

[CrBonet 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:46:28, on 29/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HJT\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 9269 bytes

[PedroN 1]

Faça o download do HostsXpert

http://linhadefensiva.uol.com.br/dl/hoster

 

Abra o programa. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa.

[CrBonet 0]

Deu já fiz o q você falou baixei o programa e tudo.

você não pediu nenhum log mais, mas eu vou postar aki o do HJT só pra garantir

Um abração, fica com Deus e muito obrigado até aqui

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:00:39, on 30/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HJT\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 9388 bytes

[PedroN 1]

Ok, o log estar limpo :)

 

- Algum problema?

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.