[Arquivado] Solicitação de Analise de Log

[aLexssandro 0]

Oi Td bem sou novo aqui mas andei dando uma olhada e gostei muito do forum !!

Bom, estou com um problema semelhante a este : http://forum.imasters.com.br/index.php?showtopic=229283

porém só a problema quanto ao IEXPLORE.EXE que fica abrindo varios no gerenciador de tarefas

deixando o PC e a internet lenta.

 

Fiz os procedimentos citados no topico acima mas sem sucesso.

por isso venho por meio deste postar meu log para análise.

 

OBS: ja usei: Malwarebytes Anti-Malware , AVG anti-Spyware CCleaner

Desde ja agradeço

 

abaixo Log Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:47:26, on 26/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.brasiltelecom.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe"

O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\Time aim.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bib amok] C:\DOCUME~1\ADMINI~1\DADOSD~1\STARTN~1\Meow poke.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: VistaStart.lnk = C:\Documents and Settings\Administrador\Desktop\Programas\Win Vista\Windows_Vista\Windows Vista\VistaStart1.3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E736248-DAD4-4485-8498-2FB1740077E8}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C93354-AA12-4D37-B20F-316DD2132FCB}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E736248-DAD4-4485-8498-2FB1740077E8}: NameServer = 201.10.120.3 201.10.1.2

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5688 bytes

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[aLexssandro 0]

Brigado silas ai vai os Relatorios:

 

ComboFix:

 

ComboFix 08-09-25.07 - Administrador 2008-09-26 12:29:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.492 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))))

.

 

2008-09-26 03:39 . 2008-09-26 03:39 <DIR> d-------- C:\WINDOWS\Sun

2008-09-26 03:20 . 2008-09-26 03:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-09-26 02:29 . 2008-09-26 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-09-26 02:29 . 2008-09-26 02:29 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2008-09-26 02:29 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-09-26 01:40 . 2008-09-26 01:40 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-09-26 01:40 . 2008-09-26 01:40 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2008-09-26 01:40 . 2008-09-26 01:40 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-09-26 01:36 . 2008-09-26 12:10 <DIR> d-------- C:\Arquivos de programas\Steam

2008-09-26 01:09 . 2008-09-26 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-09-26 01:09 . 2008-09-26 01:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2008-09-26 01:09 . 2008-09-26 01:17 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-09-26 01:09 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-26 01:09 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-26 00:56 . 2008-09-26 03:47 <DIR> d-------- C:\Programas

2008-09-25 02:32 . 2008-09-25 02:54 <DIR> d-------- C:\DOCUMENTOS

2008-09-25 01:37 . 2008-09-25 01:37 <DIR> d-------- C:\BACKUP

2008-09-25 01:29 . 2008-09-26 12:10 <DIR> d-------- C:\Documents and Settings\Administrador\Tracing

2008-09-25 01:27 . 2008-09-25 01:27 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-25 00:00 . 2008-09-25 20:23 <DIR> d-------- C:\Arquivos de programas\Brasfoot 2008

2008-09-24 23:59 . 2008-09-24 23:59 3,207,264 --a------ C:\Documents and Settings\Administrador\bf2008.exe

2008-09-24 23:55 . 2008-09-24 23:55 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-09-24 23:55 . 2008-09-24 23:55 2,403,344 --a------ C:\Documents and Settings\Administrador\WLinstaller2.exe

2008-09-24 22:44 . 2008-09-24 22:44 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData

2008-09-24 21:40 . 2008-09-24 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great

2008-09-24 21:40 . 2008-09-24 21:40 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\START NOUN 4

2008-09-24 21:40 . 2008-09-24 21:40 <DIR> d-------- C:\Arquivos de programas\START NOUN 4

2008-09-24 21:39 . 2008-09-24 21:39 <DIR> d-------- C:\Arquivos de programas\MessengerPlus! 3

2008-09-24 15:02 . 2008-09-24 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-09-24 15:02 . 2008-09-26 01:34 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-09-24 14:34 . 2008-09-24 14:34 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-09-24 14:28 . 2003-09-12 10:26 646,784 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys

2008-09-24 14:28 . 2003-10-29 15:07 163,840 --a------ C:\WINDOWS\system32\CnxHwIo.dll

2008-09-24 14:28 . 2002-08-06 14:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll

2008-09-24 14:28 . 2001-10-03 14:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll

2008-09-24 14:28 . 2003-10-29 15:01 103,494 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys

2008-09-24 14:28 . 2003-09-12 10:26 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys

2008-09-24 14:27 . 2008-09-24 14:29 <DIR> d-------- C:\Arquivos de programas\D-Link

2008-09-24 14:26 . 2008-09-24 14:31 <DIR> d-------- C:\Arquivos de programas\Turbo

2008-09-24 14:21 . 2008-09-24 14:23 <DIR> d-------- C:\WINDOWS\NV12161764.TMP

2008-09-24 14:16 . 2008-09-26 12:07 81,191 --a------ C:\WINDOWS\system32\nvapps.xml

2008-09-24 14:15 . 2008-09-24 14:23 <DIR> d-------- C:\WINDOWS\nview

2008-09-24 14:15 . 2006-08-12 01:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-09-24 14:15 . 2006-08-12 01:42 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-09-24 14:14 . 2006-08-11 19:58 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-09-24 14:09 . 2008-09-24 14:09 <DIR> d-------- C:\Arquivos de programas\Silicon Integrated Systems

2008-09-24 14:08 . 2008-09-24 14:08 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager

2008-09-24 14:08 . 2008-09-24 14:08 <DIR> d-------- C:\Arquivos de programas\AvRack

2008-09-24 14:07 . 2008-09-24 14:09 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-09-24 14:07 . 2004-09-20 04:20 16,121,856 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL

2008-09-24 14:06 . 2008-09-24 14:06 <DIR> d-------- C:\WINDOWS\system32\Tools

2008-09-24 14:06 . 2008-09-24 14:06 <DIR> d-------- C:\Documents and Settings\Administrador\WINDOWS

2008-09-24 14:06 . 1998-01-23 12:21 305,664 --a------ C:\WINDOWS\IsUn0416.exe

2008-09-24 14:06 . 2002-07-12 07:15 106,496 --a------ C:\WINDOWS\SiSUSBrg.exe

2008-09-24 14:06 . 2003-07-17 22:58 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS

2008-09-24 14:06 . 2002-01-02 04:40 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL

2008-09-24 14:06 . 2001-12-06 23:11 3,583 --a------ C:\WINDOWS\SiSport.sys

2008-09-24 14:05 . 2008-09-24 14:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-24 14:04 . 2004-08-03 18:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-24 14:03 . 2008-09-24 14:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2008-09-24 14:03 . 2008-09-24 14:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos

2008-09-24 14:03 . 2008-09-26 12:30 <DIR> d--h----- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-24 14:03 . 2008-09-24 14:03 <DIR> d--hs---- C:\Documents and Settings\NetworkService

2008-09-24 14:03 . 2008-09-24 14:03 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos

2008-09-24 14:03 . 2008-09-26 12:30 <DIR> d--h----- C:\Documents and Settings\LocalService\Configurações locais

2008-09-24 14:03 . 2008-09-24 14:03 <DIR> d--hs---- C:\Documents and Settings\LocalService

2008-09-24 14:03 . 2008-09-24 14:00 <DIR> d-------- C:\Documents and Settings\Administrador\nodtmpb

2008-09-24 14:03 . 2008-09-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-24 14:03 . 2008-09-26 12:10 <DIR> dr------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-24 14:03 . 2008-09-24 10:43 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-24 14:03 . 2008-09-26 02:29 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos

2008-09-24 14:03 . 2008-09-26 03:39 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-24 14:03 . 2008-09-26 12:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-09-24 14:03 . 2008-09-24 10:43 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-24 14:03 . 2008-09-24 10:43 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-09-24 14:03 . 2008-09-26 03:23 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-24 14:02 . 2008-09-24 14:00 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\nodtmpb

2008-09-24 14:02 . 2008-09-24 13:53 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Modelos

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Meus documentos

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Iniciar

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoritos

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos

2008-09-24 14:02 . 2008-09-26 12:30 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de rede

2008-09-24 14:02 . 2008-09-24 10:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de impressão

2008-09-24 14:02 . 2008-09-24 14:02 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-24 14:01 . 2008-09-24 14:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-24 14:01 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-09-24 14:00 . 2008-09-24 14:00 <DIR> d-------- C:\Documents and Settings\Default User\nodtmpb

2008-09-24 14:00 . 2008-09-24 14:01 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-24 14:00 . 2008-09-26 12:29 <DIR> d-------- C:\Arquivos de programas\ESET

2008-09-24 14:00 . 2008-09-24 14:00 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-24 14:00 . 2008-09-24 14:00 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-09-24 14:00 . 2008-09-24 14:00 270,336 --a------ C:\WINDOWS\system32\imon.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 16:58 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-09-24 16:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

------- Sigcheck -------

 

2005-08-30 23:12 577536 3ed0a4d74efd5aaf8408095f452e2613 C:\WINDOWS\system32\user32.dll

 

2005-08-30 23:13 661504 cb38f344faa2cc14a3c6d4e64073f07b C:\WINDOWS\system32\wininet.dll

 

2005-08-30 23:14 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys

 

2005-08-30 23:24 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\system32\ntkrnlpa.exe

 

2005-08-30 23:12 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\system32\ntoskrnl.exe

 

2005-08-30 23:12 1034240 07af0154923df6dec6de9ca0d4b04f8f C:\WINDOWS\explorer.exe

 

2005-08-30 23:13 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"bib amok"="C:\DOCUME~1\ADMINI~1\DADOSD~1\STARTN~1\Meow poke.exe" [2008-09-24 504320]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2008-09-24 190024]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-09-26 1271032]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 3739672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-09-24 917504]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 86016]

"CnxDslTaskBar"="C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe" [2004-07-23 509560]

"meet great active lies"="C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\Time aim.exe" [2008-09-26 1827840]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2006-08-12 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 60288]

R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 646784]

R3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 103494]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ac9d76-8bdf-11dd-9f18-001346b54489}]

\Shell\AutoRun\command - diskdrive.exe

\Shell\open\command - diskdrive.exe

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKU-Default-Run-MsnMsgr - C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

Notify- GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.orkut.com/

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.brasiltelecom.com.br/

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s

O17 -: HKLM\CCS\Interface\{3E736248-DAD4-4485-8498-2FB1740077E8}: NameServer = 201.10.120.3 201.10.1.2

O17 -: HKLM\CCS\Interface\{F5C93354-AA12-4D37-B20F-316DD2132FCB}: NameServer = 201.10.120.3,201.10.1.2

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-26 12:30:20

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GbpSv]

"ImagePath"="C:\ARQUIV~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-09-26 12:31:26

ComboFix-quarantined-files.txt 2008-09-26 15:31:20

 

Pre-Run: 8 pasta(s) 70.638.968.832 bytes disponíveis

Post-Run: 10 pasta(s) 70,740,840,448 bytes disponíveis

 

201

---------------------------------------------------------------------------------------------------------------

 

Log Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:32:32, on 26/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.brasiltelecom.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe"

O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\Time aim.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bib amok] C:\DOCUME~1\ADMINI~1\DADOSD~1\STARTN~1\Meow poke.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: VistaStart.lnk = C:\Documents and Settings\Administrador\Desktop\Programas\Win Vista\Windows_Vista\Windows Vista\VistaStart1.3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E736248-DAD4-4485-8498-2FB1740077E8}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C93354-AA12-4D37-B20F-316DD2132FCB}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E736248-DAD4-4485-8498-2FB1740077E8}: NameServer = 201.10.120.3 201.10.1.2

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5648 bytes

 

desde ja agradeço !

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, cole juntamentecom o relatorio.txt.

 

Aguardo o Retorno

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.