[Resolvido!] Finalizar Programa - TeaTimer.exe

[Mário Monteiro 179]

De um tempo pra cá toda vez que desligo o PC recebo esta mensagem para finalizar um programa mesmo que esteja ja tudo fechado

 

Sei qeu tem a ver com o Spybot - Search & Destroy

 

Gostaria de saber se tem como corrigir isso?

 

 

Logfile of HijackThis v1.99.1

Scan saved at Mário Monteiro 09:07:05, on 24/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Arquivos de programas\GbPlugin\gbiehisg.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?a7e4625518334d9899174f0c3d261615

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?a7e4625518334d9899174f0c3d261615

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} - http://200.212.184.212/g_bin/eng/boards_2_0_0_34.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginIsg - C:\Arquivos de programas\GbPlugin\gbiehisg.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

Abraços

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Mário Monteiro 179]

O antivirus endoidou aqui com o combofix

 

Fui ver um topico do jgarcia sobre o uso e a primeira instrucao é desabilita-lo

 

http://forum.imasters.com.br/index.php...p;#entry1128340

 

Vou fazer os procedimentos agora e retorno os logs

[Mário Monteiro 179]

Tentei rodar duas vezes o ComboFix e nas duas o resultado foi esse

 

http://www.babooforum.com.br/idealbb/files...tela%20azul.JPG

 

Nao consegui finalizar este procedimento ainda

 

Tentarei mais algumas vezes mas ja posto aqui caso tenha um procedimento alternativo

 

--------------------------

 

Tentei inumeras vezes mas o resultado foi sempre o mesmo citado acima

[Silas Martins 0]

faça o procedimento em modo de segurança.

[Mário Monteiro 179]

Agora foi

 

Logfile of HijackThis v1.99.1

Scan saved at Mário Monteiro 20:47:53, on 24/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\WINDOWS\VM303_STI.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Arquivos de programas\GbPlugin\gbiehisg.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?a7e4625518334d9899174f0c3d261615

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?a7e4625518334d9899174f0c3d261615

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} - http://200.212.184.212/g_bin/eng/boards_2_0_0_34.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0C72B-469E-4620-A68D-AED135A4567E}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginIsg - C:\Arquivos de programas\GbPlugin\gbiehisg.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6261\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

ComboFix 08-09-24.05 - mario 2008-09-24 20:34:59.2 - NTFSx86 MINIMAL

 

Executando de: C:\Documents and Settings\mario\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\sys.msg

C:\WINDOWS\system32\drivers\update.msg

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))))

.

 

2008-09-19 07:16 . 2008-09-19 22:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-13 12:44 . 2008-09-13 12:44 61,440 --a------ C:\WINDOWS\diabunin.exe

2008-09-08 23:07 . 2008-09-23 06:57 <DIR> d-------- C:\Arquivos de programas\Shiretoko

2008-08-27 23:55 . 2008-09-22 21:27 <DIR> d-------- C:\Documents and Settings\mario\Dados de aplicativos\BrOffice.org2

2008-08-27 23:50 . 2008-08-27 23:50 <DIR> d-------- C:\Documents and Settings\mario\Dados de aplicativos\Thunderbird

2008-08-27 23:49 . 2008-09-16 12:50 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird

2008-08-27 23:45 . 2008-08-27 23:45 <DIR> d-------- C:\Arquivos de programas\BrOffice.org 2.4

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-23 22:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-09-20 00:26 --------- d-----w C:\Documents and Settings\mario\Dados de aplicativos\SiteAdvisor

2008-09-13 15:44 86,528 ----a-w C:\WINDOWS\bnetunin.exe

2008-09-01 13:32 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-15 00:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-12 13:39 --------- d-----w C:\Arquivos de programas\eMule

2008-08-12 01:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-08-12 01:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-08-12 01:37 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-08-04 15:05 --------- d-----w C:\Arquivos de programas\FTP Commander

2008-08-03 12:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-03 00:06 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-07-26 23:21 --------- d-----w C:\Arquivos de programas\Diablo II

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2007-08-06 14:39 24,192 ----a-w C:\Documents and Settings\mario\usbsermptxp.sys

2007-08-06 14:39 22,768 ----a-w C:\Documents and Settings\mario\usbsermpt.sys

2007-03-17 13:02 204 ----a-w C:\Arquivos de programas\vcdg.bat

1999-04-01 15:53 99,840 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w C:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w C:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\CPF.exe" [2007-11-27 1115728]

"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-25 61440]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6261\SiteAdv.exe" [2008-05-16 36640]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= "C:\Arquivos de programas\Scpad\scpLIB.dll" [2007-03-27 128512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" [2008-04-15 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "C:\Arquivos de programas\GbPlugin\gbiehisg.dll" [2007-11-06 331880]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 128512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginIsg]

2007-11-06 09:58 331880 C:\Arquivos de programas\GbPlugin\gbiehisg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]

"Debugger"=ntsd -d

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]

--a------ 2005-10-25 12:56 61440 C:\WINDOWS\VM303_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

--a------ 2008-08-01 14:41 5480448 C:\Arquivos de programas\eMule\emule.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2005-12-13 08:49 217088 C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

--------- 2004-04-21 10:26 86016 C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-12-11 20:41 25343016 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

--a------ 2002-10-11 18:26 98304 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 16:45 313472 C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2005-06-15 06:20 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

--a------ 2003-12-17 10:26 176128 C:\WINDOWS\system32\pctspk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]

--a------ 2003-12-17 10:26 128000 C:\WINDOWS\system32\PV92Tray.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\LeechFTP\\Leechftp.exe"=

"C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

"C:\\Documents and Settings\\mario\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b3fada-1649-11dd-9663-0013d40af5d8}]

\Shell\AutoRun\command - kxax.cmd

\Shell\explore\Command - kxax.cmd

\Shell\open\Command - kxax.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

 

Notify-WgaLogon - (no file)

MSConfigStartUp-LightStart - D:\STFLASH.EXE

MSConfigStartUp-MyWebSearch Email Plugin - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

MSConfigStartUp-WinLogT - C:\WINDOWS\WinLogT.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\mario\Dados de aplicativos\Mozilla\Firefox\Profiles\qxopm9c8.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\Arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - C:\Documents and Settings\mario\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.11\npGoogleOneClick5.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-24 20:39:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-09-24 20:42:37

ComboFix-quarantined-files.txt 2008-09-24 23:42:15

 

Pre-Run: 11 pasta(s) 35,757,600,768 bytes disponíveis

Post-Run: 14 pasta(s) 35,969,396,736 bytes disponíveis

 

172 --- E O F --- 2008-09-13 12:17:17

[Silas Martins 0]

Desative o modo residente do Spybot e verifique se continua a finalizar

[Mário Monteiro 179]

Onde desativa?

[Silas Martins 0]

Na coluna da esquerda clique no subitem “Residente” e, no item “Status da Proteção do Residente” desmarque as caixas: “Ativar SDHelper do Residente” e “Ativar Teatimer do Residente”;

[Mário Monteiro 179]

Fiz o que foi proposto e a mensagem parou de acontecer quando se desliga o pc :thumbsup:

 

Uma pergunta, isso nao prejudica a funcao do SBSD, ja que esta protecao do residente foi desativada? :unsure:

 

Se sim, como faremos? :cry:

 

Se nao, problema resolvido. :worship:

[Silas Martins 0]

Prejudicial não é pois você não faz uso único e exclusivo do spybot e sim ele é um auxiliar ao antivirus.

Caso Resolvido

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.