[Resolvido!] Iexplorer System error Code 1400

mari_88 · Fevereiro 24, 2009

Boa tarde, gostaria muito da ajuda de vcs. Desde já eu agradeço.

O meu PC está ficando cada vez mais lento e impossível de mexer. Imaginei que fosse um vírus, pois aparece a janela do iexplorer dizendo o tempo todo "System Error: Code 1400". Instalei o Hijack e deu o seguinte:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:19:14, on 24/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\Sun\Java\applet\jvm\services.exe

C:\Arquivos de programas\AVG\AVG8\avgscanx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe winsock32.scr

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.6.14.dll (file missing)

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: DirecX - {B6DC87C6-3ED0-42E3-A095-B59F4DC72739} - C:\WINDOWS\Sun\Java\jp2ssv.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [setup Windows Media Player] C:\Arquivos de programas\Windows Media Player\Wsetup_wm.exe

O4 - HKLM\..\RunOnce: [setup Windows Media Player] C:\Arquivos de programas\Windows Media Player\Wsetup_wm.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/Internet/pcpConnCheck.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {86D33886-21AC-11D7-B475-0080AD750764} (Midiocx Control) - http://www.karaokeonline.com.br/midiocx.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11940 bytes

Peço que me ajudem, encarecidamente, assim que possível. Eu trabalho nesse PC e estou atolada de trabalho por conta desse vírus.

Obrigada,

Mari.

DigRam · Fevereiro 24, 2009

Boa Tarde! mari_88

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

Abraços!

mari_88 · Fevereiro 25, 2009

Boa tarde, DigRam

Obrigada pela ajuda!

Segue abaixo o log do combofix:

ComboFix 09-02-24.02 - Mybedroom 2009-02-25 15:35:28.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.479.153 [GMT -3:00]

Executando de: c:\documents and settings\Mybedroom\Desktop\Kombo.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))

.

2009-02-25 15:18 . 2009-02-25 15:34 <DIR> d----c--- C:\ComboFix

2009-02-24 12:17 . 2009-02-24 12:19 <DIR> d----c--- C:\Hijack

2009-02-22 12:21 . 2009-02-22 12:21 1,025,536 --a------ c:\windows\system32\Google_Tool_Notification.exe

2009-02-22 12:21 . 2009-02-22 12:21 89,602 --a------ c:\windows\system32\Deposito_Bradesco_HTML.scr

2009-02-22 12:21 . 2009-02-22 12:21 89,600 --a------ c:\windows\system32\winsis32.dll

2009-02-22 12:20 . 2009-02-22 12:20 13,480 --a------ c:\windows\system32\Comprovante_Bradesco.html

2009-02-21 15:15 . 2009-02-21 15:15 1 ---hsc--- C:\MSDOS.INF

2009-02-15 13:56 . 2009-02-24 00:24 <DIR> d-------- c:\documents and settings\Mybedroom\Dados de aplicativos\BitTorrent

2009-02-15 13:56 . 2009-02-15 13:56 <DIR> d-------- c:\arquivos de programas\BitTorrent

2009-02-15 13:56 . 2009-02-15 13:56 <DIR> d-------- c:\arquivos de programas\AskSearch

2009-02-06 19:14 . 2009-02-06 19:14 308,088 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 18:43 --------- d-----w c:\documents and settings\Mybedroom\Dados de aplicativos\DNA

2009-02-25 18:43 --------- d-----w c:\arquivos de programas\DNA

2009-02-25 17:37 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-02-25 17:36 --------- d-----w c:\arquivos de programas\VS Revo Group

2009-02-22 15:36 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-21 02:38 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-07 04:17 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-07 04:17 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-28 01:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-25 03:43 --------- d-----w c:\arquivos de programas\MessengerDiscovery

2009-01-23 21:09 --------- d-----w c:\arquivos de programas\eMule

2009-01-19 02:09 --------- d-----w c:\arquivos de programas\BurnAware Free

2009-01-05 05:54 --------- d-----w c:\arquivos de programas\GbPlugin

2008-12-26 20:30 --------- d-----w c:\arquivos de programas\Microsoft

2008-12-26 20:29 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2008-12-26 20:25 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2008-12-26 19:23 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-11-26 20:06 719,174,560 -c--a-w C:\ADBEPPROCS3_ALP.exe

2008-11-11 02:26 47,360 ----a-w c:\documents and settings\Mybedroom\Dados de aplicativos\pcouffin.sys

2008-11-04 00:55 59,464 ----a-w c:\documents and settings\Mybedroom\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-10-24 23:56 168 --sh--r c:\windows\system32\73A1E2613E.sys

2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll

2008-10-24 23:56 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}]

2009-02-21 15:17 825344 --a------ c:\windows\Sun\Java\jp2ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-05-17 282624]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Setup Windows Media Player"="c:\arquivos de programas\Windows Media Player\Wsetup_wm.exe" [2009-02-22 325120]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Setup Windows Media Player"="c:\arquivos de programas\Windows Media Player\Wsetup_wm.exe" [2009-02-22 325120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Mybedroom\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2008-06-03 369064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2008-06-03 22:51 369064 c:\arquiv~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 13:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-07 01:17 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.iac2"= c:\progra~2\REPLAY~1\iac25_32.ax

"msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-03 23:45 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-05-17 09:48 282624 c:\arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 11:41 860160 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 08:11 1388544 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-04-13 02:48 36975 c:\arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2001-09-12 21:09 1134592 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\explorer.exe"=

"c:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MSN\\MSNCoreFiles\\msn6.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26911:TCP"= 26911:TCP:BitComet 26911 TCP

"26911:UDP"= 26911:UDP:BitComet 26911 UDP

"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-10 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-10 107272]

R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-06-09 31232]

S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2000-05-31 9472]

S3 SiSV6306;SiSV6306;c:\windows\system32\drivers\SiS6306p.sys [2000-05-31 68608]

S4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-06-10 298264]

UnknownUnknown GbpSv;GbpSv; [x]

--- ---

*NewlyCreated* - GBPSV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a57f70-d740-11dc-ae1e-0016ec1e35a5}]

\Shell\AutoRun\command - wscript.exe .\.vbs

\Shell\open\command - wscript.exe .\.vbs

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ask.com/?o=101764&l=dis

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: com.br\www.bancobrasil

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {86D33886-21AC-11D7-B475-0080AD750764} - hxxp://www.karaokeonline.com.br/midiocx.ocx

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - hxxp://www.ksolo.com/playerBase/kSoloIEHDSD.cab

FF - ProfilePath - c:\documents and settings\Mybedroom\Dados de aplicativos\Mozilla\Firefox\Profiles\spm5kda9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.br/

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-25 15:43:32

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Setup Windows Media Player = c:\arquivos de programas\Windows Media Player\Wsetup_wm.exe?????????????

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

Setup Windows Media Player = c:\arquivos de programas\Windows Media Player\Wsetup_wm.exe?????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(812)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\arquiv~1\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

c:\arquivos de programas\Internet Explorer\iexplore.exe

c:\arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-25 15:47:37 - Máquina reiniciou [Mybedroom]

ComboFix-quarantined-files.txt 2009-02-25 18:47:08

ComboFix2.txt 2009-02-24 04:14:05

Pré-execução: 254,443,520 bytes disponíveis

Pós execução: 259,612,672 bytes disponíveis

208

Do Hijack (atualizado):

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:49:47, on 25/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe