Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

diegomr

[Arquivado] gbiehbsb.dll

Recommended Posts

Meu computador ficou muito lento e todas as vezes que eu inicio aparece um erro: RUNDLL Erro ao carregar:\WINDOWS\gbiehbsb.dll Não foi possível encontrar modulo especificado.

Será que alguém pode me ajudar?

 

O log gerado pelo HijackThis é:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:40:42, on 28/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe

C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe

C:\Arquivos de programas\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GbiehObj Class - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 12202 bytes

 

 

Desde já agradeço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai vai os relatórios do malwarebytes:

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1813

Windows 5.1.2600 Service Pack 3

 

28/2/2009 20:44:46

mbam-log-2009-02-28 (20-44-46).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 211319

Tempo decorrido: 1 hour(s), 45 minute(s), 19 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 15

Valores do Registro infectados: 3

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ gbpluginabn (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\TypeLib\{c41a1c01-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\Interface\{7827ccc3-0deb-4cfb-911c-aa777c882007} (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\Interface\{c41a1c0d-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\abn.gpc (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\Downloaded Program Files\GbPluginABN.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

 

 

 

 

 

e os relatórios do HijackThis atualizado:

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:00:27, on 28/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe

C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe

C:\Arquivos de programas\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\System32\svchost.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [OE] "C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 12126 bytes

 

 

 

Grato!

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-13.02 - kbça 2009-03-14 2:33:39.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.240 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- -------

.

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-14 to 2009-03-14 ))))))))))))))))))))))))))))

.

 

2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft

2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE

2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE

2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE

2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit

2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo

2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll

2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo!

2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner

2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer

2009-02-28 01:05 . 2009-02-28 01:05 <DIR> d-------- c:\arquivos de programas\AskPBar

2009-02-25 14:04 . 2009-02-25 14:04 <DIR> d-------- c:\windows\kdefense

2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll

2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll

2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll

2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL

2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll

2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll

2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator

2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading

2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log

2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading

2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops

2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC

2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil

2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4

2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01

2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-14 04:06 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-02-28 23:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-28 23:48 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java

2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial

2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce

2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar

2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 12:30 --------- d-----w c:\arquivos de programas\eMule

2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys

2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-01-20 08:51 --------- d-----w c:\arquivos de programas\Google

2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888]

"AdMonitor"="ADMNTR.EXE" [2000-11-02 c:\windows\system32\admntr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"msacm.iac2"= c:\windows\system32\iac25_32. ax

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.MSUD"= msulvc05.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk

backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX]

--a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296]

R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360]

R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?]

R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696]

 

--- ---

 

*NewlyCreated* - GBPSV

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-14 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

HKLM-Explorer_Run-gbieh.1 - c:\windows\gbiehbsb.dll

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GBPLUGIN\gbiehcef.dll

MSConfigStartUp-AVG7_CC - c:\arquiv~1\Grisoft\AVG7\avgcc.exe

MSConfigStartUp-AVG8_TRAY - c:\arquiv~1\AVG\AVG8\avgtray.exe

MSConfigStartUp-nod32kui - c:\arquivos de programas\Eset\nod32kui.exe

MSConfigStartUp-OE - c:\arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

MSConfigStartUp-Sony Ericsson PC Suite - c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

MSConfigStartUp-UfSeAgnt - c:\arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe

MSConfigStartUp-updateMgr - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.caixa.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\internetbanking

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\

FF - prefs.js: browser.search.selectedEngine - MercadoLivre

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-14 02:38:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

@DACL=(02 0000)

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(476)

c:\windows\Downloaded Program Files\gbiehabn.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\vidacfp\Firebird_2_0\Bin\fbserver.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe

c:\arquiv~1\GbPlugin\gbpsv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-14 2:42:17 - Máquina reiniciou [kbça]

ComboFix-quarantined-files.txt 2009-03-14 05:42:14

 

Pré-execução: 6,113,681,408 bytes disponíveis

Pós execução: 6,102,401,024 bytes disponíveis

 

301 --- E O F --- 2009-03-12 23:35:57

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:54:17, on 14/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ADMNTR.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 8996 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Reinicie o computador em Modo de Segurança (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

 

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

 

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

 

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

 

O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

 

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

 

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

 

O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

 

- Feche todas as janelas, clique em Sim;

 

- Reinciie em modo normal, e execute os procedimentos abaixo.

 

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

c:\arquivos de programas\AskPBar

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

c:\windows\Downloaded Program Files\gbiehabn.dll

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-14.02 - kbça 2009-03-15 16:50:13.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.244 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\AskPBar

c:\arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.gdt

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.mnn

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\GbpMid3.gbp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\000002EC.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000049C.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000053C.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000055C.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\000007A0.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000918.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000A7C.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000A90.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000B0C.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000B64.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000C10.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000E10.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000FCC.tmp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.gdt

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\cef.gpc.updc

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.mnn

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.snt

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\GbpMid3.gbp

c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\gbpsv.exe.updc

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\windows\Downloaded Program Files\gbiehabn.dll\

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-15 to 2009-03-15 ))))))))))))))))))))))))))))

.

 

2009-03-15 16:54 . 2009-03-15 16:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-15 16:40 . 2009-03-15 16:40 <DIR> d-------- C:\backups

2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft

2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE

2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE

2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE

2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit

2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo

2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll

2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo!

2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner

2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer

2009-02-25 14:04 . 2009-02-25 14:04 <DIR> d-------- c:\windows\kdefense

2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll

2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll

2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll

2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL

2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll

2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll

2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator

2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading

2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log

2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading

2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops

2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC

2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil

2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4

2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01

2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-28 23:48 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java

2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial

2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce

2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar

2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 12:30 --------- d-----w c:\arquivos de programas\eMule

2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys

2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-01-20 08:51 --------- d-----w c:\arquivos de programas\Google

2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

- 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

+ 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2009-03-15 19:54:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"msacm.iac2"= c:\windows\system32\iac25_32. ax

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.MSUD"= msulvc05.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk

backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX]

--a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296]

R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360]

R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?]

R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-14 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.caixa.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\internetbanking

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\

FF - prefs.js: browser.search.selectedEngine - MercadoLivre

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-15 16:55:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

@DACL=(02 0000)

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\vidacfp\Firebird_2_0\Bin\fbserver.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-15 16:58:06 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-15 19:58:03

ComboFix2.txt 2009-03-14 05:42:18

 

Pré-execução: 8.937.644.032 bytes disponíveis

Pós execução: 8,920,461,312 bytes disponíveis

 

317 --- E O F --- 2009-03-14 21:47:44

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:04:12, on 15/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\explorer.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 8232 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

 

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)

 

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

 

- Feche todas as janelas, clique em Sim;

 

- Reinciie em modo normal, e execute os procedimentos abaixo.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

c:\windows\kdefense

C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-19.02 - kbça 2009-03-22 15:30:23.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.242 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\kdefense

c:\windows\kdefense\k52010.ico

c:\windows\kdefense\k52011.ico

c:\windows\kdefense\k52012.bmp

c:\windows\kdefense\KStartClean.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))

.

 

2009-03-15 16:54 . 2009-03-22 15:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-15 16:40 . 2009-03-22 15:18 <DIR> d-------- C:\backups

2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft

2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE

2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE

2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE

2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit

2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo

2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll

2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo!

2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner

2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer

2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe

2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll

2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll

2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll

2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL

2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll

2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll

2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator

2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading

2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log

2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading

2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops

2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC

2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil

2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4

2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01

2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 21:22 --------- d-----w c:\arquivos de programas\eMule

2009-03-20 23:11 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java

2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial

2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce

2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar

2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET

2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys

2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

- 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

+ 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2009-03-22 18:35:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-01-27 404032]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"msacm.iac2"= c:\windows\system32\iac25_32. ax

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.MSUD"= msulvc05.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk

backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX]

--a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296]

R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360]

R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-01-05 52808]

R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfa8589a-11ae-11de-af61-000b2311d894}]

\Shell\AutoRun\command - qphdin.com

\Shell\open\Command - qphdin.com

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-22 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.caixa.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\internetbanking

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\

FF - prefs.js: browser.search.selectedEngine - MercadoLivre

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-22 15:35:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

@DACL=(02 0000)

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(472)

c:\windows\Downloaded Program Files\gbiehabn.dll

c:\arquivos de programas\GBPLUGIN\gbiehcef.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\vidacfp\Firebird_2_0\Bin\fbserver.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-22 15:38:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-22 18:38:23

ComboFix2.txt 2009-03-15 19:58:06

ComboFix3.txt 2009-03-14 05:42:18

 

Pré-execução: 8.726.786.048 bytes disponíveis

Pós execução: 8,900,018,176 bytes disponíveis

 

305 --- E O F --- 2009-03-22 17:12:40

 

 

 

 

 

 

 

 

 

 

 

 

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 7935 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu já usei varios anti-virus mais nenhum me agradou.

 

você poderia me indicar um antivirus bom? E tb outros programas para segurança do meu pc?

 

Obrigado!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Eu já usei varios anti-virus mais nenhum me agradou.

 

você poderia me indicar um antivirus bom? E tb outros programas para segurança do meu pc?

 

Aconselho o Avira Antivir, um otimo antivirus gratuito.

 

---------------------------------------------------------------------------------------------------------------------------

 

- Abra o programa Malwarebytes, e vá na aba quarentena. remova todos os intens que você achar la, feito isso execute-o novamente.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfa8589a-11ae-11de-af61-000b2311d894}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-04-04.01 - kbça 2009-04-11 8:43:30.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.189 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))

.

 

2009-04-01 06:53 . 2009-04-01 06:53 <DIR> d-------- c:\windows\system32\KB905474

2009-04-01 06:53 . 2009-03-10 22:26 1,434,496 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-01 06:53 . 2009-03-10 22:18 454,536 --a------ c:\windows\system32\KB905474\wgasetup.exe

2009-04-01 06:53 . 2009-02-09 18:51 14,318 --a------ c:\windows\system32\KB905474\wga_eula.txt

2009-03-29 03:18 . 2009-03-29 03:18 <DIR> d-------- c:\arquivos de programas\Ganância

2009-03-29 03:18 . 2009-03-29 03:18 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Borland Shared

2009-03-29 03:18 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL

2009-03-29 03:18 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL

2009-03-29 03:06 . 2009-03-29 03:06 <DIR> d-------- c:\arquivos de programas\Financas Pessoais

2009-03-29 00:15 . 2009-03-29 02:21 <DIR> d-------- C:\Delta60

2009-03-28 10:32 . 2009-03-28 10:32 <DIR> d-------- c:\arquivos de programas\Microsoft Small Business

2009-03-28 10:22 . 2009-03-28 10:22 <DIR> d-------- c:\arquivos de programas\MSXML 6.0

2009-03-28 10:19 . 2009-03-29 05:53 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server

2009-03-28 01:19 . 2009-03-28 01:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-28 01:19 . 2009-03-28 01:19 <DIR> d-------- c:\arquivos de programas\Avira

2009-03-28 01:19 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-03-15 16:54 . 2009-04-11 08:37 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-15 16:40 . 2009-03-22 15:18 <DIR> d-------- C:\backups

2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft

2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE

2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE

2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE

2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-11 05:47 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-10 22:43 --------- d-----w c:\arquivos de programas\eMule

2009-04-06 18:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-04 03:55 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-03-28 13:25 --------- d-----w c:\arquivos de programas\Microsoft.NET

2009-03-20 23:11 --------- d-----w c:\arquivos de programas\GbPlugin

2009-03-14 05:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2009-02-28 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 21:54 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-02-28 04:32 401,720 ----a-w C:\HiJackThis.exe

2009-02-28 04:31 --------- d-----w c:\arquivos de programas\SpeedOptimizer

2009-02-28 04:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-02-28 04:30 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit

2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java

2009-02-28 04:16 --------- d-----w c:\arquivos de programas\Mailinfo

2009-02-28 04:08 --------- d-----w c:\arquivos de programas\CCleaner

2009-02-28 04:07 --------- d-----w c:\arquivos de programas\Yahoo!

2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-27 22:10 --------- d-----w c:\arquivos de programas\Mail Them Pro V5.01

2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial

2009-02-27 22:05 --------- d-----w c:\arquivos de programas\Arquivos comuns\TweakMarketing

2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce

2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar

2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 12:56 --------- d-----w c:\arquivos de programas\Ultra DVD Creator

2009-02-23 06:13 --------- d-----w c:\arquivos de programas\ODL MetaTrader 4

2009-02-23 04:52 --------- d-----w c:\arquivos de programas\toquefacil

2009-02-22 21:42 --------- d-----w c:\arquivos de programas\JC-Email Direct Express 4.2

2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-28 13:32:23 14,184 ----a-w c:\windows\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll

+ 2009-03-28 13:32:23 47,976 ----a-w c:\windows\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll

+ 2009-03-29 08:48:41 360,800 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll

+ 2009-03-29 08:48:42 75,616 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll

+ 2009-03-29 08:49:02 1,625,952 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll

+ 2009-03-29 08:48:44 543,584 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll

+ 2009-03-29 08:48:42 138,080 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll

+ 2009-03-29 08:48:42 1,215,328 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL

+ 2009-03-29 08:48:42 35,680 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL

+ 2009-03-28 13:31:07 133,848 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.ExceptionMessageBox.dll

+ 2009-03-29 08:46:55 133,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll

+ 2009-03-29 08:48:41 154,464 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll

+ 2009-03-29 08:46:55 43,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll

+ 2009-03-29 08:46:55 199,520 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll

+ 2009-03-28 13:25:26 16,600 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll

+ 2009-03-29 08:48:42 68,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll

+ 2009-03-28 13:26:32 47,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Replication.BusinessLogicSupport\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll

+ 2009-03-29 08:48:42 555,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll

+ 2009-03-29 08:48:41 39,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll

+ 2009-03-28 13:20:25 289,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll

+ 2009-03-29 08:48:41 1,604,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll

+ 2009-03-29 08:48:41 220,000 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll

+ 2009-03-29 08:48:41 895,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll

+ 2009-03-28 13:25:21 43,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll

+ 2009-03-28 13:25:16 20,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll

+ 2009-03-29 08:46:55 592,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll

+ 2009-03-29 08:48:41 43,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll

+ 2009-03-28 13:25:21 84,696 ----a-w c:\windows\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll

+ 2009-03-29 16:32:14 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\73feacc2195d4c458bd3dfbc52c0f876\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll

+ 2009-03-29 16:32:20 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7be784a07e265944bc49ad831c7e8181\Microsoft.SqlServer.GridControl.ni.dll

+ 2009-03-29 16:32:23 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b8235080bb14e5408b4dc26c58fe4ed1\Microsoft.SqlServer.WizardFrameworkLite.ni.dll

+ 2009-03-29 16:32:17 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c4c265eeb9a93b489c8c57cde1ff6426\Microsoft.SqlServer.CustomControls.ni.dll

+ 2009-03-28 13:32:24 25,214 ----a-r c:\windows\Installer\{A939D341-5A04-4E0A-BB55-3E65B386432D}\ARPPRODUCTICON.exe

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe

+ 2009-02-13 14:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2009-02-13 14:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2009-02-13 17:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2009-02-13 14:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

+ 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe

- 2007-12-15 04:10:18 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-04-04 13:59:42 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2009-02-23 04:14:53 60,956 ----a-w c:\windows\system32\perfc009.dat

+ 2009-03-29 08:49:30 78,478 ----a-w c:\windows\system32\perfc009.dat

- 2009-02-23 04:14:53 69,536 ----a-w c:\windows\system32\perfc016.dat

+ 2009-03-29 08:49:30 87,058 ----a-w c:\windows\system32\perfc016.dat

- 2009-02-23 04:14:53 397,682 ----a-w c:\windows\system32\perfh009.dat

+ 2009-03-29 08:49:30 444,390 ----a-w c:\windows\system32\perfh009.dat

- 2009-02-23 04:14:54 430,614 ----a-w c:\windows\system32\perfh016.dat

+ 2009-03-29 08:49:30 477,322 ----a-w c:\windows\system32\perfh016.dat

+ 2008-11-25 01:31:08 65,888 ----a-w c:\windows\system32\sqlctr90.dll

+ 2008-11-25 01:31:10 2,248,544 ----a-w c:\windows\system32\sqlncli.dll

- 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

+ 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll

- 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe

+ 2009-04-11 11:51:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_590.dat

+ 2005-09-23 02:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll

+ 2005-09-23 04:16:02 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

+ 2005-09-23 04:16:06 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

+ 2005-09-23 04:16:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

+ 2005-09-23 04:16:10 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

+ 2005-09-23 03:58:06 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll

+ 2005-09-23 03:58:06 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll

+ 2005-09-23 03:58:06 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll

+ 2005-09-23 03:58:06 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll

+ 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll

+ 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll

+ 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll

+ 2005-09-23 03:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll

+ 2005-09-23 03:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll

+ 2008-07-29 11:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2008-07-29 06:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 11:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 11:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 11:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2008-07-29 11:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 11:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 11:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 11:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 11:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 11:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 11:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 11:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 11:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 11:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 11:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 11:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2007-11-07 05:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-01-27 404032]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"msacm.iac2"= c:\windows\system32\iac25_32. ax

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.MSUD"= msulvc05.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk

backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX]

--a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296]

R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-03-28 108289]

R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-01-05 52808]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-11 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

 

2009-04-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.caixa.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\internetbanking

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\

FF - prefs.js: browser.search.selectedEngine - MercadoLivre

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-11 10:05:56

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

@DACL=(02 0000)

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(480)

c:\windows\Downloaded Program Files\gbiehabn.dll

c:\arquivos de programas\GBPLUGIN\gbiehcef.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\vidacfp\Firebird_2_0\Bin\fbserver.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-11 10:10:02 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-11 13:09:59

ComboFix2.txt 2009-03-22 18:38:27

ComboFix3.txt 2009-03-15 19:58:06

ComboFix4.txt 2009-03-14 05:42:18

 

Pré-execução: 8.514.617.344 bytes disponíveis

Pós execução: 8,870,043,648 bytes disponíveis

 

393 --- E O F --- 2009-04-01 09:53:05

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:45, on 11/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 8887 bytes

 

 

 

 

 

Quanto rodo o hijackthis ainda aparece q o antivirus AVG ainda esta ativo, porem já deletei do meu PC a bastante tempo. Como faço para excluir de vez???

Compartilhar este post


Link para o post
Compartilhar em outros sites
Quanto rodo o hijackthis ainda aparece q o antivirus AVG ainda esta ativo, porem já deletei do meu PC a bastante tempo. Como faço para excluir de vez???

 

O AVG ainda estar em sua máquina é isso?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá em Iniciar > Executar > Digite "regedit" sem aspas.

 

Aperte o botão CTRL + F digite o nome AVG, exclua todos os arquivos que você achar. Feito isso aperto o botão F3 e exclua novamente o que você achar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.