diegomr 0 Denunciar post Postado Fevereiro 28, 2009 Meu computador ficou muito lento e todas as vezes que eu inicio aparece um erro: RUNDLL Erro ao carregar:\WINDOWS\gbiehbsb.dll Não foi possível encontrar modulo especificado. Será que alguém pode me ajudar? O log gerado pelo HijackThis é: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:40:42, on 28/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe C:\Arquivos de programas\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: GbiehObj Class - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\IXP000.TMP\" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 12202 bytes Desde já agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Fevereiro 28, 2009 • Vá a este Link,e baixe: < Malwarebytes > • Atualize o programa! • Escolha o escaneamento Rápido! • Desabilite programas de proteção,ao executar o malwarebytes. • Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. • Para maiores detalhes: < Link > ----------------------- • Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado. Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 1, 2009 Ai vai os relatórios do malwarebytes: Malwarebytes' Anti-Malware 1.34 Versão do banco de dados: 1813 Windows 5.1.2600 Service Pack 3 28/2/2009 20:44:46 mbam-log-2009-02-28 (20-44-46).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 211319 Tempo decorrido: 1 hour(s), 45 minute(s), 19 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 15 Valores do Registro infectados: 3 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 3 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ gbpluginabn (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\TypeLib\{c41a1c01-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\Interface\{7827ccc3-0deb-4cfb-911c-aa777c882007} (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\Interface\{c41a1c0d-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully. Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e37cb5f0-51f5-4395-a808-5fa49e399007} (Trojan.Agent) -> Quarantined and deleted successfully. Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\Downloaded Program Files\abn.gpc (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\GbPluginABN.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot. e os relatórios do HijackThis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:27, on 28/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe C:\Arquivos de programas\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\System32\svchost.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\IXP000.TMP\" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [OE] "C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file missing) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 12126 bytes Grato! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 3, 2009 • Baixe: < ComboFix.exe > • Salve-o no Desktop! • Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) • Feche todas as janelas e execute a ferramenta! • Na solicitação: "Negação de garantia de software" --> Clique em Sim! • Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.-- Salve-a no desktop,renomeada como: Kombo.exe -- Ps: Nomeie durante o salvamento,e não após salvá-la! -- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. -- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! -- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. • Abrir-se-á a janela Auto Scan. --> Aguarde! • Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. • Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter. • Aguarde a conclusão! • Durante o scan,evite manusear o mouse ou teclado! <-- Importante! • Para parar ou sair do ComboFix,tecle "N" --> Enter. ---------------------- • Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 14, 2009 ComboFix 09-03-13.02 - kbça 2009-03-14 2:33:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.240 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- ------- . c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv -------\Legacy_GBPSV -------\Service_GbpSv (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))) . 2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft 2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE 2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE 2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE 2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit 2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo 2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll 2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo! 2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner 2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer 2009-02-28 01:05 . 2009-02-28 01:05 <DIR> d-------- c:\arquivos de programas\AskPBar 2009-02-25 14:04 . 2009-02-25 14:04 <DIR> d-------- c:\windows\kdefense 2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll 2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll 2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll 2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL 2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro 2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll 2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll 2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator 2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading 2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log 2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading 2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops 2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC 2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil 2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4 2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing 2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01 2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-14 04:06 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-02-28 23:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-02-28 23:48 --------- d-----w c:\arquivos de programas\GbPlugin 2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java 2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared 2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial 2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce 2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar 2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET 2009-02-25 12:30 --------- d-----w c:\arquivos de programas\eMule 2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys 2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2 2009-01-20 08:51 --------- d-----w c:\arquivos de programas\Google 2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888] "AdMonitor"="ADMNTR.EXE" [2000-11-02 c:\windows\system32\admntr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.iac2"= c:\windows\system32\iac25_32. ax "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll "vidc.X264"= x264vfw.dll "VIDC.MSUD"= msulvc05.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX] --a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296] R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360] R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?] R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?] S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?] S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696] --- --- *NewlyCreated* - GBPSV . Conteúdo da pasta 'Tarefas Agendadas' 2009-03-14 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORFÃOS REMOVIDOS - - - - URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) HKLM-Explorer_Run-gbieh.1 - c:\windows\gbiehbsb.dll ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GBPLUGIN\gbiehcef.dll MSConfigStartUp-AVG7_CC - c:\arquiv~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-AVG8_TRAY - c:\arquiv~1\AVG\AVG8\avgtray.exe MSConfigStartUp-nod32kui - c:\arquivos de programas\Eset\nod32kui.exe MSConfigStartUp-OE - c:\arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe MSConfigStartUp-Sony Ericsson PC Suite - c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MSConfigStartUp-UfSeAgnt - c:\arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe MSConfigStartUp-updateMgr - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Scan Suplementar ------- . uStart Page = hxxp://www.caixa.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: caixa.gov.br\internetbanking Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\ FF - prefs.js: browser.search.selectedEngine - MercadoLivre FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/ FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 02:38:59 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(476) c:\windows\Downloaded Program Files\gbiehabn.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\ati2evxx.exe c:\vidacfp\Firebird_2_0\Bin\fbserver.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe c:\arquiv~1\GbPlugin\gbpsv.exe . ************************************************************************** . Tempo para conclusão: 2009-03-14 2:42:17 - Máquina reiniciou [kbça] ComboFix-quarantined-files.txt 2009-03-14 05:42:14 Pré-execução: 6,113,681,408 bytes disponíveis Pós execução: 6,102,401,024 bytes disponíveis 301 --- E O F --- 2009-03-12 23:35:57 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:54:17, on 14/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ADMNTR.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\explorer.exe C:\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing) O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing) O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 8996 bytes Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 14, 2009 Nao estou conseguindo desinstalar o anti-virus AVG 2008! Sera q poderia me ajudar tb?? desde de já agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 15, 2009 - Reinicie o computador em Modo de Segurança (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização); - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo: O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Arquivos de programas\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing) O4 - HKLM\..\Run: [AdMonitor] ADMNTR.EXE O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing) - Feche todas as janelas, clique em Sim; - Reinciie em modo normal, e execute os procedimentos abaixo. Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Folder::c:\arquivos de programas\AskPBar c:\documents and settings\All Users\Dados de aplicativos\TEMP c:\documents and settings\All Users\Dados de aplicativos\GbPlugin c:\windows\Downloaded Program Files\gbiehabn.dll Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"=- Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 15, 2009 ComboFix 09-03-14.02 - kbça 2009-03-15 16:50:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.244 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\AskPBar c:\arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL c:\documents and settings\All Users\Dados de aplicativos\GbPlugin c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.gdt c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\Abn.mnn c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Abn\GbpMid3.gbp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\000002EC.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000049C.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000053C.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\0000055C.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\000007A0.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000918.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000A7C.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000A90.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000B0C.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000B64.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000C10.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000E10.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\00000FCC.tmp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.gdt c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\cef.gpc.updc c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.mnn c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\Cef.snt c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\GbpMid3.gbp c:\documents and settings\All Users\Dados de aplicativos\GbPlugin\Cef\gbpsv.exe.updc c:\documents and settings\All Users\Dados de aplicativos\TEMP c:\windows\Downloaded Program Files\gbiehabn.dll\ . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))) . 2009-03-15 16:54 . 2009-03-15 16:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-15 16:40 . 2009-03-15 16:40 <DIR> d-------- C:\backups 2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft 2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE 2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE 2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE 2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit 2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo 2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll 2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo! 2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner 2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer 2009-02-25 14:04 . 2009-02-25 14:04 <DIR> d-------- c:\windows\kdefense 2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll 2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll 2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll 2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL 2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro 2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll 2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll 2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator 2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading 2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log 2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading 2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops 2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC 2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil 2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4 2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing 2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01 2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 23:48 --------- d-----w c:\arquivos de programas\GbPlugin 2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java 2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared 2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial 2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce 2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar 2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET 2009-02-25 12:30 --------- d-----w c:\arquivos de programas\eMule 2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys 2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2 2009-01-20 08:51 --------- d-----w c:\arquivos de programas\Google 2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe - 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll + 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2009-03-15 19:54:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.iac2"= c:\windows\system32\iac25_32. ax "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll "vidc.X264"= x264vfw.dll "VIDC.MSUD"= msulvc05.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX] --a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296] R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360] R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?] R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?] S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?] S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696] . Conteúdo da pasta 'Tarefas Agendadas' 2009-03-14 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORFÃOS REMOVIDOS - - - - URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) . ------- Scan Suplementar ------- . uStart Page = hxxp://www.caixa.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: caixa.gov.br\internetbanking Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\ FF - prefs.js: browser.search.selectedEngine - MercadoLivre FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/ FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-15 16:55:08 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\ati2evxx.exe c:\vidacfp\Firebird_2_0\Bin\fbserver.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe . ************************************************************************** . Tempo para conclusão: 2009-03-15 16:58:06 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-03-15 19:58:03 ComboFix2.txt 2009-03-14 05:42:18 Pré-execução: 8.937.644.032 bytes disponíveis Pós execução: 8,920,461,312 bytes disponíveis 317 --- E O F --- 2009-03-14 21:47:44 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:12, on 15/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\explorer.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 8232 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 15, 2009 - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo: O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll - Feche todas as janelas, clique em Sim; - Reinciie em modo normal, e execute os procedimentos abaixo. Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Folder::c:\windows\kdefense C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 22, 2009 ComboFix 09-03-19.02 - kbça 2009-03-22 15:30:23.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.242 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\kdefense c:\windows\kdefense\k52010.ico c:\windows\kdefense\k52011.ico c:\windows\kdefense\k52012.bmp c:\windows\kdefense\KStartClean.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))) . 2009-03-15 16:54 . 2009-03-22 15:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-15 16:40 . 2009-03-22 15:18 <DIR> d-------- C:\backups 2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft 2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE 2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE 2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE 2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-02-28 18:54 . 2009-02-28 20:43 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-02-28 18:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 18:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 01:32 . 2009-02-28 01:32 401,720 --a------ C:\HiJackThis.exe 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-02-28 01:30 . 2009-02-28 01:30 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit 2009-02-28 01:28 . 2009-02-28 01:27 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-28 01:16 . 2009-02-28 01:16 <DIR> d-------- c:\arquivos de programas\Mailinfo 2009-02-28 01:16 . 2005-02-28 08:32 24,576 --a------ c:\windows\system32\IdleTrac.dll 2009-02-28 01:07 . 2009-02-28 01:07 <DIR> d-------- c:\arquivos de programas\Yahoo! 2009-02-28 01:06 . 2009-02-28 01:08 <DIR> d-------- c:\arquivos de programas\CCleaner 2009-02-28 01:05 . 2009-02-28 01:31 <DIR> d-------- c:\arquivos de programas\SpeedOptimizer 2009-02-25 14:04 . 2009-03-14 01:59 722,472 --a------ c:\windows\system32\kdfmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 192,512 --a------ c:\windows\system32\kdfvmgr.exe 2009-02-25 14:04 . 2009-03-14 01:59 77,824 --a------ c:\windows\system32\kdfapi.dll 2009-02-25 14:04 . 2009-03-14 01:59 53,248 --a------ c:\windows\system32\Kdfhok.dll 2009-02-25 14:03 . 2009-02-25 14:03 846,336 --a------ c:\windows\system32\kdfinj.dll 2009-02-25 10:13 . 2009-02-25 10:13 <DIR> d-------- c:\windows\LocalSSL 2009-02-25 10:11 . 2009-03-14 02:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro 2009-02-25 09:48 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll 2009-02-25 09:48 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll 2009-02-25 09:47 . 2009-02-25 09:56 <DIR> d-------- c:\arquivos de programas\Ultra DVD Creator 2009-02-24 03:25 . 2009-02-24 03:25 <DIR> d-------- c:\documents and settings\Administrador\FxTrading 2009-02-23 19:40 . 2009-02-25 12:25 <DIR> d-------- c:\documents and settings\FxTrading\log 2009-02-23 19:40 . 2009-02-23 19:40 <DIR> d-------- c:\documents and settings\FxTrading 2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\documents and settings\Administrador\fxprops 2009-02-23 01:58 . 2009-02-23 01:58 4 --a------ c:\windows\system32\LAST.PAC 2009-02-23 01:52 . 2009-02-23 01:52 <DIR> d-------- c:\arquivos de programas\toquefacil 2009-02-22 15:55 . 2009-02-23 03:13 <DIR> d-------- c:\arquivos de programas\ODL MetaTrader 4 2009-02-22 14:21 . 2009-02-27 19:05 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\TweakMarketing 2009-02-22 14:13 . 2009-02-27 19:10 <DIR> d-------- c:\arquivos de programas\Mail Them Pro V5.01 2009-02-22 14:09 . 2009-02-22 18:42 <DIR> d-------- c:\arquivos de programas\JC-Email Direct Express 4.2 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 21:22 --------- d-----w c:\arquivos de programas\eMule 2009-03-20 23:11 --------- d-----w c:\arquivos de programas\GbPlugin 2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java 2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared 2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial 2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce 2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar 2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET 2009-01-27 17:51 31,296 ----a-w c:\windows\system32\drivers\GbpKm.sys 2009-01-26 03:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2009-01-23 21:04 --------- d-----w c:\arquivos de programas\Windows Media Connect 2 2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe - 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll + 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2009-03-22 18:35:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-01-27 404032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.iac2"= c:\windows\system32\iac25_32. ax "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll "vidc.X264"= x264vfw.dll "VIDC.MSUD"= msulvc05.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX] --a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296] R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360] R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-01-05 52808] R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?] S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?] S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfa8589a-11ae-11de-af61-000b2311d894}] \Shell\AutoRun\command - qphdin.com \Shell\open\Command - qphdin.com . Conteúdo da pasta 'Tarefas Agendadas' 2009-03-22 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.caixa.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: caixa.gov.br\internetbanking Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\ FF - prefs.js: browser.search.selectedEngine - MercadoLivre FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/ FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 15:35:26 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(472) c:\windows\Downloaded Program Files\gbiehabn.dll c:\arquivos de programas\GBPLUGIN\gbiehcef.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\ati2evxx.exe c:\vidacfp\Firebird_2_0\Bin\fbserver.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe . ************************************************************************** . Tempo para conclusão: 2009-03-22 15:38:25 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-03-22 18:38:23 ComboFix2.txt 2009-03-15 19:58:06 ComboFix3.txt 2009-03-14 05:42:18 Pré-execução: 8.726.786.048 bytes disponíveis Pós execução: 8,900,018,176 bytes disponíveis 305 --- E O F --- 2009-03-22 17:12:40 C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\explorer.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 7935 bytes Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Março 22, 2009 Eu já usei varios anti-virus mais nenhum me agradou. você poderia me indicar um antivirus bom? E tb outros programas para segurança do meu pc? Obrigado!!! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 23, 2009 Eu já usei varios anti-virus mais nenhum me agradou. você poderia me indicar um antivirus bom? E tb outros programas para segurança do meu pc? Aconselho o Avira Antivir, um otimo antivirus gratuito. --------------------------------------------------------------------------------------------------------------------------- - Abra o programa Malwarebytes, e vá na aba quarentena. remova todos os intens que você achar la, feito isso execute-o novamente. Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfa8589a-11ae-11de-af61-000b2311d894}] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Abril 11, 2009 ComboFix 09-04-04.01 - kbça 2009-04-11 8:43:30.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.189 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))) . 2009-04-01 06:53 . 2009-04-01 06:53 <DIR> d-------- c:\windows\system32\KB905474 2009-04-01 06:53 . 2009-03-10 22:26 1,434,496 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-01 06:53 . 2009-03-10 22:18 454,536 --a------ c:\windows\system32\KB905474\wgasetup.exe 2009-04-01 06:53 . 2009-02-09 18:51 14,318 --a------ c:\windows\system32\KB905474\wga_eula.txt 2009-03-29 03:18 . 2009-03-29 03:18 <DIR> d-------- c:\arquivos de programas\Ganância 2009-03-29 03:18 . 2009-03-29 03:18 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Borland Shared 2009-03-29 03:18 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL 2009-03-29 03:18 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL 2009-03-29 03:06 . 2009-03-29 03:06 <DIR> d-------- c:\arquivos de programas\Financas Pessoais 2009-03-29 00:15 . 2009-03-29 02:21 <DIR> d-------- C:\Delta60 2009-03-28 10:32 . 2009-03-28 10:32 <DIR> d-------- c:\arquivos de programas\Microsoft Small Business 2009-03-28 10:22 . 2009-03-28 10:22 <DIR> d-------- c:\arquivos de programas\MSXML 6.0 2009-03-28 10:19 . 2009-03-29 05:53 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server 2009-03-28 01:19 . 2009-03-28 01:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-03-28 01:19 . 2009-03-28 01:19 <DIR> d-------- c:\arquivos de programas\Avira 2009-03-28 01:19 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-03-15 16:54 . 2009-04-11 08:37 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-03-15 16:40 . 2009-03-22 15:18 <DIR> d-------- C:\backups 2009-03-14 02:08 . 2009-03-14 02:08 <DIR> d-------- c:\arquivos de programas\ZSoft 2009-03-14 02:08 . 2009-03-14 02:09 262,144 --a------ c:\documents and settings\ADA55B~1.DIE 2009-03-14 01:25 . 2009-03-14 01:25 262,144 --a------ c:\documents and settings\ADMINI~4.DIE 2009-03-14 01:13 . 2009-03-14 01:13 262,144 --a------ c:\documents and settings\ADMINI~3.DIE 2009-03-11 23:34 . 2009-03-11 23:35 584 --a------ c:\windows\imsins.BAK . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-11 05:47 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-04-10 22:43 --------- d-----w c:\arquivos de programas\eMule 2009-04-06 18:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 18:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 03:55 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2009-03-28 13:25 --------- d-----w c:\arquivos de programas\Microsoft.NET 2009-03-20 23:11 --------- d-----w c:\arquivos de programas\GbPlugin 2009-03-14 05:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Trend Micro 2009-02-28 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-02-28 21:54 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2009-02-28 04:32 401,720 ----a-w C:\HiJackThis.exe 2009-02-28 04:31 --------- d-----w c:\arquivos de programas\SpeedOptimizer 2009-02-28 04:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-02-28 04:30 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\SpeedBit 2009-02-28 04:27 --------- d-----w c:\arquivos de programas\Java 2009-02-28 04:16 --------- d-----w c:\arquivos de programas\Mailinfo 2009-02-28 04:08 --------- d-----w c:\arquivos de programas\CCleaner 2009-02-28 04:07 --------- d-----w c:\arquivos de programas\Yahoo! 2009-02-27 22:29 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-02-27 22:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared 2009-02-27 22:10 --------- d-----w c:\arquivos de programas\Mail Them Pro V5.01 2009-02-27 22:07 --------- d-----w c:\arquivos de programas\Automação Comercial 2009-02-27 22:05 --------- d-----w c:\arquivos de programas\Arquivos comuns\TweakMarketing 2009-02-27 22:04 --------- d-----w c:\arquivos de programas\Activa Commerce 2009-02-25 17:09 --------- d-----w c:\arquivos de programas\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar 2009-02-25 13:01 --------- d-----w c:\arquivos de programas\ESET 2009-02-25 12:56 --------- d-----w c:\arquivos de programas\Ultra DVD Creator 2009-02-23 06:13 --------- d-----w c:\arquivos de programas\ODL MetaTrader 4 2009-02-23 04:52 --------- d-----w c:\arquivos de programas\toquefacil 2009-02-22 21:42 --------- d-----w c:\arquivos de programas\JC-Email Direct Express 4.2 2008-12-07 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120720081208\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-14_ 2.41.28.60 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-28 13:32:23 14,184 ----a-w c:\windows\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll + 2009-03-28 13:32:23 47,976 ----a-w c:\windows\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll + 2009-03-29 08:48:41 360,800 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll + 2009-03-29 08:48:42 75,616 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll + 2009-03-29 08:49:02 1,625,952 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll + 2009-03-29 08:48:44 543,584 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll + 2009-03-29 08:48:42 138,080 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll + 2009-03-29 08:48:42 1,215,328 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL + 2009-03-29 08:48:42 35,680 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL + 2009-03-28 13:31:07 133,848 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.ExceptionMessageBox.dll + 2009-03-29 08:46:55 133,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll + 2009-03-29 08:48:41 154,464 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll + 2009-03-29 08:46:55 43,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll + 2009-03-29 08:46:55 199,520 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll + 2009-03-28 13:25:26 16,600 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll + 2009-03-29 08:48:42 68,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll + 2009-03-28 13:26:32 47,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Replication.BusinessLogicSupport\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll + 2009-03-29 08:48:42 555,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll + 2009-03-29 08:48:41 39,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll + 2009-03-28 13:20:25 289,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll + 2009-03-29 08:48:41 1,604,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll + 2009-03-29 08:48:41 220,000 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll + 2009-03-29 08:48:41 895,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll + 2009-03-28 13:25:21 43,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll + 2009-03-28 13:25:16 20,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll + 2009-03-29 08:46:55 592,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll + 2009-03-29 08:48:41 43,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll + 2009-03-28 13:25:21 84,696 ----a-w c:\windows\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll + 2009-03-29 16:32:14 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\73feacc2195d4c458bd3dfbc52c0f876\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll + 2009-03-29 16:32:20 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7be784a07e265944bc49ad831c7e8181\Microsoft.SqlServer.GridControl.ni.dll + 2009-03-29 16:32:23 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b8235080bb14e5408b4dc26c58fe4ed1\Microsoft.SqlServer.WizardFrameworkLite.ni.dll + 2009-03-29 16:32:17 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c4c265eeb9a93b489c8c57cde1ff6426\Microsoft.SqlServer.CustomControls.ni.dll + 2009-03-28 13:32:24 25,214 ----a-r c:\windows\Installer\{A939D341-5A04-4E0A-BB55-3E65B386432D}\ARPPRODUCTICON.exe - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\DllCache\WgaTray.exe + 2009-02-13 14:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2009-02-13 14:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2009-02-13 17:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys + 2009-02-13 14:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys - 2008-09-06 01:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll + 2008-09-06 02:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe - 2007-12-15 04:10:18 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-04-04 13:59:42 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2009-02-23 04:14:53 60,956 ----a-w c:\windows\system32\perfc009.dat + 2009-03-29 08:49:30 78,478 ----a-w c:\windows\system32\perfc009.dat - 2009-02-23 04:14:53 69,536 ----a-w c:\windows\system32\perfc016.dat + 2009-03-29 08:49:30 87,058 ----a-w c:\windows\system32\perfc016.dat - 2009-02-23 04:14:53 397,682 ----a-w c:\windows\system32\perfh009.dat + 2009-03-29 08:49:30 444,390 ----a-w c:\windows\system32\perfh009.dat - 2009-02-23 04:14:54 430,614 ----a-w c:\windows\system32\perfh016.dat + 2009-03-29 08:49:30 477,322 ----a-w c:\windows\system32\perfh016.dat + 2008-11-25 01:31:08 65,888 ----a-w c:\windows\system32\sqlctr90.dll + 2008-11-25 01:31:10 2,248,544 ----a-w c:\windows\system32\sqlncli.dll - 2008-09-06 01:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll + 2008-09-06 02:31:14 267,304 ------w c:\windows\system32\WgaLogon.dll - 2008-09-06 01:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2008-09-06 02:30:04 951,336 ------w c:\windows\system32\WgaTray.exe + 2009-04-11 11:51:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_590.dat + 2005-09-23 02:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2005-09-23 04:16:02 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2005-09-23 04:16:06 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2005-09-23 04:16:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2005-09-23 04:16:10 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2005-09-23 03:58:06 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll + 2005-09-23 03:58:06 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll + 2005-09-23 03:58:06 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll + 2005-09-23 03:58:06 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll + 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll + 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll + 2005-09-23 03:58:06 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll + 2005-09-23 03:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll + 2005-09-23 03:58:06 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll + 2008-07-29 11:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 06:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 11:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 11:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 11:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 11:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 11:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 11:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 11:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 11:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 11:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 11:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 11:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 11:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 11:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2007-11-07 05:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll . -- Snapshot resetado para data atual -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-28 148888] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Bandeja do sistema do ATI CATALYST.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-01-27 404032] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\windows\Downloaded Program Files\gbiehabn.dll" [2008-09-26 378792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.iac2"= c:\windows\system32\iac25_32. ax "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.VP40"= vp4vfw.dll "vidc.X264"= x264vfw.dll "VIDC.MSUD"= msulvc05.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk backup=c:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 00:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-11-09 20:59 4568576 c:\arquivos de programas\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 15:24 54840 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 12:12 675935 c:\arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 17:25 1961984 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2007-11-09 21:08 2184816 c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --------- 2008-09-16 11:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-20 12:26 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX] --a------ 2005-08-16 08:18 9576448 c:\arquivos de programas\TRIXX\TRIXX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 07:43 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-07-12 23:37 14679552 c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-23 31296] R1 TRIXX;TRIXX;c:\arquivos de programas\TRIXX\TRIXXDriver.sys [2005-08-16 15360] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-03-28 108289] R2 Firebird Server - DefaultInstance;Firebird Server - DefaultInstance;c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g --> c:\vidacfp\Firebird_2_0\Bin\FBServer.exe -s -g [?] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-01-05 52808] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R2 sbbotdi;sbbotdi;c:\arquiv~1\SPEEDB~1\sbbotdi.sys [2007-11-09 35712] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?] S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?] S2 Firebird Guardian - DefaultInstance;Firebird Guardian - DefaultInstance;\??\c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s --> c:\vidacfp\Firebird_2_0\Bin\FbGuard.EXE -s [?] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-25 87824] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-16 85696] . Conteúdo da pasta 'Tarefas Agendadas' 2009-04-11 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-04-01 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.caixa.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: caixa.gov.br\internetbanking Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\ FF - prefs.js: browser.search.selectedEngine - MercadoLivre FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/ FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\y6bh0zu7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 10:05:56 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(480) c:\windows\Downloaded Program Files\gbiehabn.dll c:\arquivos de programas\GBPLUGIN\gbiehcef.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\ati2evxx.exe c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\vidacfp\Firebird_2_0\Bin\fbserver.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe . ************************************************************************** . Tempo para conclusão: 2009-04-11 10:10:02 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-04-11 13:09:59 ComboFix2.txt 2009-03-22 18:38:27 ComboFix3.txt 2009-03-15 19:58:06 ComboFix4.txt 2009-03-14 05:42:18 Pré-execução: 8.514.617.344 bytes disponíveis Pós execução: 8,870,043,648 bytes disponíveis 393 --- E O F --- 2009-04-01 09:53:05 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:45, on 11/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\explorer.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caixa.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195007455171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228027382359 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Vidacfp\Firebird_2_0\Bin\FBServer.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 8887 bytes Quanto rodo o hijackthis ainda aparece q o antivirus AVG ainda esta ativo, porem já deletei do meu PC a bastante tempo. Como faço para excluir de vez??? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Abril 11, 2009 Quanto rodo o hijackthis ainda aparece q o antivirus AVG ainda esta ativo, porem já deletei do meu PC a bastante tempo. Como faço para excluir de vez??? O AVG ainda estar em sua máquina é isso? Compartilhar este post Link para o post Compartilhar em outros sites
diegomr 0 Denunciar post Postado Abril 27, 2009 É isso mesmo o AVG ainda esta no meu PC. Tem excluir ele ??? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Maio 1, 2009 Vá em Iniciar > Executar > Digite "regedit" sem aspas. Aperte o botão CTRL + F digite o nome AVG, exclua todos os arquivos que você achar. Feito isso aperto o botão F3 e exclua novamente o que você achar. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 2, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites