Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ana Carolina V.

[Resolvido!] Computador e quedas misteriosas de conexão

Recommended Posts

Boa tarde, pessoal!

 

Faz aproximadamente 1 mês que meu computador está anormalmente lento... Mesmo enchendo muito o saco, dava para acessar e-mails, visitar orkut e usar msn sem maiores problemas.

Só que faz 2 semanas que ele tem apresentado mais um problema - quedas misteriosas de conexão. O velox disca, valida o usuário do provedor, vejo os computadorzinhos indicando que está conectado, só que bastam 10 ou 20 segundos para que a conexão caia. Estranho, ne?

 

Entao, um técnico da Velox teve aqui e fez o teste do sinal, que está normal... Tudo indica que é algum problema na máquina!

 

Aí vai o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:08:32, on 25/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\DelSrv.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\DelSrv.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233501017655

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: DelSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DelSrv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5227 bytes

 

 

Obrigada pela ajuda!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Ana Carolina V.

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam, aí vão os logs!

Não consegui baixar o console de recuperação do windows, afinal, minha internet só cai!

desde já agradeço toda ajuda e atenção!

 

ComboFix 09-03-23.01 - Gus 2009-03-25 17:35:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.741 [GMT -3:00]

Executando de: c:\documents and settings\Gus\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\28463

c:\windows\system32\28463\akv.cfg

c:\windows\system32\28463\AKV.exe

c:\windows\system32\pthreadGC2.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))

.

 

2009-03-25 14:07 . 2009-03-25 14:08 <DIR> d-------- C:\HijackThis

2009-03-24 20:05 . 2009-03-24 20:05 26,156 --a------ c:\documents and settings\Gus\DELME.exe

2009-03-21 16:16 . 2009-03-21 16:16 <DIR> dr-hs---- C:\RECYCLE

2009-03-20 23:18 . 2009-03-20 23:18 26,157 --a------ C:\k8m1l3e9f4n7.exe

2009-03-19 21:16 . 2009-03-19 21:16 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-19 19:54 . 2009-03-19 19:54 865,792 --a------ c:\documents and settings\Gus\c4m2m9o4vp9.exe

2009-03-19 19:49 . 2009-03-19 19:49 865,792 --------- c:\windows\system32\drivers\DelSrv.exe

2009-03-19 19:13 . 2009-03-24 20:03 26,157 --a------ c:\documents and settings\Gus\xcm1l3e9f4n7.exe

2009-03-19 19:11 . 2009-03-21 12:02 26,157 --a------ c:\documents and settings\Gus\g6l5k37g5s7.exe

2009-03-19 17:39 . 2009-03-19 19:17 13,586 --a------ c:\documents and settings\Gus\dfghi.exe

2009-03-18 21:51 . 2009-03-18 21:51 26,156 --a------ c:\documents and settings\Gus\Update.exe

2009-03-17 17:50 . 2009-03-17 17:50 159,814 --a------ c:\documents and settings\Gus\sdsdsd.exe

2009-03-17 17:50 . 2009-03-21 09:03 26,156 --a------ c:\documents and settings\Gus\dfghj.exe

2009-03-16 09:40 . 2009-03-16 09:40 34,846 --a------ c:\documents and settings\Gus\explorery.exe

2009-03-15 22:27 . 2009-03-18 19:06 <DIR> d-------- C:\Músicas

2009-03-15 11:59 . 2009-03-17 17:50 <DIR> dr-hs---- C:\RESTORE

2009-03-15 11:29 . 2009-03-15 11:54 <DIR> d-------- c:\arquivos de programas\CLE

2009-03-15 10:31 . 2009-03-15 10:43 <DIR> d-------- c:\arquivos de programas\HTV

2009-03-10 17:39 . 2009-03-10 17:39 7,680 --ahs---- c:\windows\Thumbs.db

2009-03-10 17:39 . 2009-03-10 17:39 3,072 --ahs---- C:\Thumbs.db

2009-03-07 16:27 . 2009-03-07 16:27 <DIR> d-------- c:\arquivos de programas\Unity

2009-03-04 20:19 . 2009-03-04 20:19 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-01 11:44 . 2009-03-01 11:44 <DIR> d-------- c:\documents and settings\Gus\Dados de aplicativos\Media Player Classic

2009-03-01 11:44 . 2009-03-01 11:44 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-03-01 11:44 . 2008-11-06 13:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2009-03-01 11:44 . 2008-09-24 15:41 839,680 --a------ c:\windows\system32\lameACM.acm

2009-03-01 11:44 . 2008-12-07 15:08 795,648 --a------ c:\windows\system32\xvidcore.dll

2009-03-01 11:44 . 2008-11-06 13:33 684,032 --a------ c:\windows\system32\divx.dll

2009-03-01 11:44 . 2004-01-25 13:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2009-03-01 11:44 . 2008-09-16 16:23 168,448 --a------ c:\windows\system32\unrar.dll

2009-03-01 11:44 . 2008-12-07 15:08 130,048 --a------ c:\windows\system32\xvidvfw.dll

2009-03-01 11:44 . 2007-09-20 21:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2009-03-01 11:44 . 2008-12-10 21:33 86,016 --a------ c:\windows\system32\dpl100.dll

2009-03-01 11:44 . 2008-10-03 09:30 414 --a------ c:\windows\system32\lame_acm.xml

2009-03-01 10:53 . 2006-03-13 16:50 87,824 -ra------ c:\windows\system32\drivers\w300mgmt.sys

2009-03-01 10:53 . 2006-03-13 16:50 85,696 -ra------ c:\windows\system32\drivers\w300obex.sys

2009-03-01 10:40 . 2006-03-13 16:50 96,352 -ra------ c:\windows\system32\drivers\w300mdm.sys

2009-03-01 10:40 . 2006-03-13 16:50 9,264 -ra------ c:\windows\system32\drivers\w300mdfl.sys

2009-03-01 10:40 . 2006-03-13 16:49 6,208 -ra------ c:\windows\system32\drivers\w300cmnt.sys

2009-03-01 10:40 . 2006-03-13 16:49 6,208 -ra------ c:\windows\system32\drivers\w300cm.sys

2009-03-01 02:19 . 2009-03-01 02:19 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-02-28 15:59 . 2009-02-28 16:00 <DIR> d-------- c:\documents and settings\Gus\Dados de aplicativos\Teleca

2009-02-28 15:57 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Documents

2009-02-28 15:57 . 2006-03-13 16:49 60,800 -ra------ c:\windows\system32\drivers\w300bus.sys

2009-02-28 15:57 . 2006-03-13 16:50 5,840 -ra------ c:\windows\system32\drivers\w300whnt.sys

2009-02-28 15:57 . 2006-03-13 16:50 5,840 -ra------ c:\windows\system32\drivers\w300wh.sys

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Teleca

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony Ericsson

2009-02-28 15:56 . 2009-02-28 15:56 <DIR> d-------- c:\arquivos de programas\Sony Ericsson

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-28 15:55 . 2009-02-28 15:56 <DIR> d-------- c:\windows\Downloaded Installations

2009-02-25 14:34 . 2009-01-09 16:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat

2009-02-25 11:50 . 2009-02-25 11:50 <DIR> d-------- c:\documents and settings\Gus\Dados de aplicativos\Canneverbe_Limited

2009-02-25 11:49 . 2009-02-25 11:49 <DIR> d-------- c:\arquivos de programas\CDBurnerXP

2009-02-25 11:47 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2009-02-25 11:43 . 2009-02-25 11:46 <DIR> d-------- c:\windows\system32\XPSViewer

2009-02-25 11:43 . 2009-02-25 11:43 <DIR> d-------- c:\arquivos de programas\Reference Assemblies

2009-02-25 11:41 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2009-02-25 11:41 . 2008-07-06 09:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll

2009-02-25 11:41 . 2008-07-06 07:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-02-25 11:41 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2009-02-25 11:41 . 2008-07-06 09:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll

2009-02-25 11:41 . 2008-07-06 09:06 117,760 --------- c:\windows\system32\prntvpt.dll

2009-02-25 11:41 . 2008-07-06 09:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 17:06 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-21 02:53 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-21 02:53 --------- d-----w c:\arquivos de programas\Garena

2009-03-17 20:48 --------- d-----w c:\arquivos de programas\Warcraft III

2009-03-15 21:59 --------- d-----w c:\documents and settings\Gus\Dados de aplicativos\uTorrent

2009-03-15 12:19 --------- d-----w c:\documents and settings\Gus\Dados de aplicativos\LimeWire

2009-03-11 20:56 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-10 20:39 --------- d-----w c:\arquivos de programas\LimeWire

2009-02-28 18:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-02-26 09:17 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-25 14:43 --------- d-----w c:\arquivos de programas\MSBuild

2009-02-23 15:59 --------- d-----w c:\arquivos de programas\Microsoft Works

2009-02-23 15:12 --------- d-----w c:\arquivos de programas\uTorrent

2009-02-20 17:59 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-14 17:39 --------- d-----w c:\arquivos de programas\Puxa Rápido(2)

2009-02-14 13:17 --------- d-----w c:\arquivos de programas\Intel

2009-02-14 03:01 --------- d-----w c:\arquivos de programas\DirectX

2009-02-14 02:59 224,090 ----a-w c:\windows\kernel32.zip

2009-02-14 02:39 2,829 ----a-w c:\windows\War3Unin.pif

2009-02-14 02:39 139,264 ----a-w c:\windows\War3Unin.exe

2009-02-11 19:12 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-11 18:00 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-11 17:18 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-02-11 17:18 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-11 17:11 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-11 13:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-02-08 23:05 --------- d-----w c:\arquivos de programas\PluginLetras

2009-02-08 19:51 --------- d-----w c:\arquivos de programas\Arquivos comuns\PAC7302

2009-02-08 19:51 --------- d-----w c:\arquivos de programas\ANC

2009-02-07 11:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-02 18:53 --------- d-----w c:\arquivos de programas\Java

2009-02-01 16:37 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-01 16:36 --------- d-----w c:\arquivos de programas\XP Codec Pack

2009-02-01 16:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-02-01 14:45 --------- d-----w c:\arquivos de programas\Siemens Subscriber Networks

2009-01-30 17:21 31,536 ----a-w c:\windows\system32\drivers\gbpkm.sys

2004-07-22 12:51 3,432,656 ----a-w c:\arquivos de programas\ManagedDX.CAB

2004-07-20 00:58 1,156,363 ----a-w c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 976,020 ----a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 16:17 13,265,040 ----a-w c:\arquivos de programas\dxnt.cab

2004-07-09 11:13 703,080 ----a-w c:\arquivos de programas\BDA.cab

2004-07-09 11:13 15,493,481 ----a-w c:\arquivos de programas\DirectX.cab

2004-07-09 06:08 472,576 ----a-w c:\arquivos de programas\dxsetup.exe

2004-07-09 06:08 2,242,560 ----a-w c:\arquivos de programas\dsetup32.dll

2004-07-09 05:03 62,976 ----a-w c:\arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 10:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 02:26 7700480 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 02:26 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]

--a------ 2006-11-03 10:01 319488 c:\windows\PixArt\PAC7302\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 17:17 159744 c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-02-02 15:53 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 02:26 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\War3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-02-20 31536]

R2 DelSrv Service Controler;DelSrv Service Controler;c:\windows\system32\drivers\DelSrv.exe [2009-03-19 865792]

R3 PAC7302;PC Camera;c:\windows\system32\drivers\PAC7302.SYS [2009-02-08 458752]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2009-03-01 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2009-03-01 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf65b501-059b-11de-bf76-0013d4bb8f77}]

\Shell\AutoRun\command - E:\xih9.cmd

\Shell\explore\Command - E:\xih9.cmd

\Shell\open\Command - E:\xih9.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d1172c-f00b-11dd-bf03-0013d4bb8f77}]

\Shell\AutoRun\command - e:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

\Shell\open\command - e:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}]

c:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}]

c:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187332}]

c:\restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]

c:\restore\k-1-3542-4232123213-7676767-8888886\Wins32.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uai.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 17:38:34

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

@DACL=(02 0000)

"Logon"="WLEventLogon"

"Logoff"="WLEventLogoff"

"Startup"="WLEventStartup"

"Shutdown"="WLEventShutdown"

"StartScreenSaver"="WLEventStartScreenSaver"

"StopScreenSaver"="WLEventStopScreenSaver"

"Lock"="WLEventLock"

"Unlock"="WLEventUnlock"

"StartShell"="WLEventStartShell"

"PostShell"="WLEventPostShell"

"Disconnect"="WLEventDisconnect"

"Reconnect"="WLEventReconnect"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000000

"SafeMode"=dword:00000001

"MaxWait"=dword:ffffffff

"DllName"=expand:"WgaLogon.dll"

"Event"=dword:00000000

"InstallEvent"="1.8.0031.9"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(660)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 17:42:05 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-25 20:42:02

 

Pré-execução: 19 pasta(s) 138.272.710.656 bytes disponíveis

Pós execução: 19 pasta(s) 138,492,248,064 bytes disponíveis

 

281 --- E O F --- 2009-03-11 20:57:33

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:01, on 25/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\DelSrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233501017655

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: DelSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DelSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4770 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Ana Carolina V.

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

e:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

c:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe

c:\restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Wins32.exe

C:\WINDOWS\system32\drivers\DelSrv.exe

C:\k8m1l3e9f4n7.exe

E:\xih9.cmd

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf65b501-059b-11de-bf76-0013d4bb8f77}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d1172c-f00b-11dd-bf03-0013d4bb8f77}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187332}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

Folder::

e:\recycle\D-0-060-0000000000-1111111-2222222

c:\recycle\D-0-060-0000000000-1111111-2222222

c:\restore\k-1-3542-4232123213-7676767-8888886

c:\restore\H-6-1-53-0976546321-090909032-8763-1337

c:\restore\k-1-3542-4232123213-7676767-8888886

C:\RECYCLE

C:\RESTORE

Driver::

"DelSrv Service Controler"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ei, DigRam! Aí vao os registros!

 

ComboFix 09-03-23.01 - Gus 2009-03-25 21:27:02.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.738 [GMT -3:00]

Executando de: c:\documents and settings\Gus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Gus\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\k8m1l3e9f4n7.exe

c:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

c:\restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Wins32.exe

c:\windows\system32\drivers\DelSrv.exe

e:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

E:\xih9.cmd

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\k8m1l3e9f4n7.exe

C:\RECYCLE

c:\recycle\D-0-060-0000000000-1111111-2222222\Desktop.ini

c:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

C:\RESTORE

c:\restore\H-6-1-53-0976546321-090909032-8763-1337\Desktop.ini

c:\restore\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini

c:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\Wins32.exe

c:\windows\system32\drivers\DelSrv.exe

E:\autorun.inf

e:\recycle\D-0-060-0000000000-1111111-2222222

e:\recycle\D-0-060-0000000000-1111111-2222222\Desktop.ini

e:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DELSRV_SERVICE_CONTROLER

-------\Service_DelSrv Service Controler

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

 

2009-03-25 14:07 . 2009-03-25 17:45 <DIR> d-------- C:\HijackThis

2009-03-24 20:05 . 2009-03-24 20:05 26,156 --a------ c:\documents and settings\Gus\DELME.exe

2009-03-19 21:16 . 2009-03-19 21:16 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-19 19:54 . 2009-03-19 19:54 865,792 --a------ c:\documents and settings\Gus\c4m2m9o4vp9.exe

2009-03-19 19:13 . 2009-03-25 18:18 26,157 --a------ c:\documents and settings\Gus\xcm1l3e9f4n7.exe

2009-03-19 19:11 . 2009-03-21 12:02 26,157 --a------ c:\documents and settings\Gus\g6l5k37g5s7.exe

2009-03-19 17:39 . 2009-03-19 19:17 13,586 --a------ c:\documents and settings\Gus\dfghi.exe

2009-03-18 21:51 . 2009-03-18 21:51 26,156 --a------ c:\documents and settings\Gus\Update.exe

2009-03-17 17:50 . 2009-03-17 17:50 159,814 --a------ c:\documents and settings\Gus\sdsdsd.exe

2009-03-17 17:50 . 2009-03-21 09:03 26,156 --a------ c:\documents and settings\Gus\dfghj.exe

2009-03-16 09:40 . 2009-03-16 09:40 34,846 --a------ c:\documents and settings\Gus\explorery.exe

2009-03-15 22:27 . 2009-03-18 19:06 <DIR> d-------- C:\Músicas

2009-03-15 11:29 . 2009-03-15 11:54 <DIR> d-------- c:\arquivos de programas\CLE

2009-03-15 10:31 . 2009-03-15 10:43 <DIR> d-------- c:\arquivos de programas\HTV

2009-03-10 17:39 . 2009-03-10 17:39 7,680 --ahs---- c:\windows\Thumbs.db

2009-03-10 17:39 . 2009-03-10 17:39 3,072 --ahs---- C:\Thumbs.db

2009-03-07 16:27 . 2009-03-07 16:27 <DIR> d-------- c:\arquivos de programas\Unity

2009-03-04 20:19 . 2009-03-04 20:19 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-01 11:44 . 2009-03-01 11:44 <DIR> d-------- c:\documents and settings\Gus\Dados de aplicativos\Media Player Classic

2009-03-01 11:44 . 2009-03-01 11:44 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-03-01 11:44 . 2008-11-06 13:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2009-03-01 11:44 . 2008-09-24 15:41 839,680 --a------ c:\windows\system32\lameACM.acm

2009-03-01 11:44 . 2008-12-07 15:08 795,648 --a------ c:\windows\system32\xvidcore.dll

2009-03-01 11:44 . 2008-11-06 13:33 684,032 --a------ c:\windows\system32\divx.dll

2009-03-01 11:44 . 2004-01-25 13:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2009-03-01 11:44 . 2008-09-16 16:23 168,448 --a------ c:\windows\system32\unrar.dll

2009-03-01 11:44 . 2008-12-07 15:08 130,048 --a------ c:\windows\system32\xvidvfw.dll

2009-03-01 11:44 . 2007-09-20 21:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2009-03-01 11:44 . 2008-12-10 21:33 86,016 --a------ c:\windows\system32\dpl100.dll

2009-03-01 11:44 . 2008-10-03 09:30 414 --a------ c:\windows\system32\lame_acm.xml

2009-03-01 10:53 . 2006-03-13 16:50 87,824 -ra------ c:\windows\system32\drivers\w300mgmt.sys

2009-03-01 10:53 . 2006-03-13 16:50 85,696 -ra------ c:\windows\system32\drivers\w300obex.sys

2009-03-01 10:40 . 2006-03-13 16:50 96,352 -ra------ c:\windows\system32\drivers\w300mdm.sys

2009-03-01 10:40 . 2006-03-13 16:50 9,264 -ra------ c:\windows\system32\drivers\w300mdfl.sys

2009-03-01 10:40 . 2006-03-13 16:49 6,208 -ra------ c:\windows\system32\drivers\w300cmnt.sys

2009-03-01 10:40 . 2006-03-13 16:49 6,208 -ra------ c:\windows\system32\drivers\w300cm.sys

2009-03-01 02:19 . 2009-03-01 02:19 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-02-28 15:59 . 2009-02-28 16:00 <DIR> d-------- c:\documents and settings\Gus\Dados de aplicativos\Teleca

2009-02-28 15:57 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Documents

2009-02-28 15:57 . 2006-03-13 16:49 60,800 -ra------ c:\windows\system32\drivers\w300bus.sys

2009-02-28 15:57 . 2006-03-13 16:50 5,840 -ra------ c:\windows\system32\drivers\w300whnt.sys

2009-02-28 15:57 . 2006-03-13 16:50 5,840 -ra------ c:\windows\system32\drivers\w300wh.sys

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Teleca

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony Ericsson

2009-02-28 15:56 . 2009-02-28 15:56 <DIR> d-------- c:\arquivos de programas\Sony Ericsson

2009-02-28 15:56 . 2009-02-28 15:57 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-02-28 15:55 . 2009-02-28 15:56 <DIR> d-------- c:\windows\Downloaded Installations

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 17:06 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-21 02:53 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-21 02:53 --------- d-----w c:\arquivos de programas\Garena

2009-03-17 20:48 --------- d-----w c:\arquivos de programas\Warcraft III

2009-03-15 21:59 --------- d-----w c:\documents and settings\Gus\Dados de aplicativos\uTorrent

2009-03-15 12:19 --------- d-----w c:\documents and settings\Gus\Dados de aplicativos\LimeWire

2009-03-11 20:56 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-10 20:39 --------- d-----w c:\arquivos de programas\LimeWire

2009-02-28 18:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-02-26 09:17 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-25 14:50 --------- d-----w c:\documents and settings\Gus\Dados de aplicativos\Canneverbe_Limited

2009-02-25 14:49 --------- d-----w c:\arquivos de programas\CDBurnerXP

2009-02-25 14:43 --------- d-----w c:\arquivos de programas\Reference Assemblies

2009-02-25 14:43 --------- d-----w c:\arquivos de programas\MSBuild

2009-02-23 15:59 --------- d-----w c:\arquivos de programas\Microsoft Works

2009-02-23 15:12 --------- d-----w c:\arquivos de programas\uTorrent

2009-02-20 17:59 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-14 17:39 --------- d-----w c:\arquivos de programas\Puxa Rápido(2)

2009-02-14 13:17 --------- d-----w c:\arquivos de programas\Intel

2009-02-14 03:01 --------- d-----w c:\arquivos de programas\DirectX

2009-02-14 02:59 224,090 ----a-w c:\windows\kernel32.zip

2009-02-14 02:39 2,829 ----a-w c:\windows\War3Unin.pif

2009-02-14 02:39 139,264 ----a-w c:\windows\War3Unin.exe

2009-02-11 19:12 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-11 18:00 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-11 17:18 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-02-11 17:18 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-11 17:11 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-11 13:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-02-08 23:05 --------- d-----w c:\arquivos de programas\PluginLetras

2009-02-08 19:51 --------- d-----w c:\arquivos de programas\Arquivos comuns\PAC7302

2009-02-08 19:51 --------- d-----w c:\arquivos de programas\ANC

2009-02-07 11:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-02 18:53 --------- d-----w c:\arquivos de programas\Java

2009-02-01 16:37 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-01 16:36 --------- d-----w c:\arquivos de programas\XP Codec Pack

2009-02-01 16:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-02-01 14:45 --------- d-----w c:\arquivos de programas\Siemens Subscriber Networks

2009-01-30 17:21 31,536 ----a-w c:\windows\system32\drivers\gbpkm.sys

2004-07-22 12:51 3,432,656 ----a-w c:\arquivos de programas\ManagedDX.CAB

2004-07-20 00:58 1,156,363 ----a-w c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 976,020 ----a-w c:\arquivos de programas\BDAXP.cab

2004-07-09 16:17 13,265,040 ----a-w c:\arquivos de programas\dxnt.cab

2004-07-09 11:13 703,080 ----a-w c:\arquivos de programas\BDA.cab

2004-07-09 11:13 15,493,481 ----a-w c:\arquivos de programas\DirectX.cab

2004-07-09 06:08 472,576 ----a-w c:\arquivos de programas\dxsetup.exe

2004-07-09 06:08 2,242,560 ----a-w c:\arquivos de programas\dsetup32.dll

2004-07-09 05:03 62,976 ----a-w c:\arquivos de programas\DSETUP.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-25_17.41.04.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-26 00:29:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_66c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 10:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 02:26 7700480 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 02:26 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]

--a------ 2006-11-03 10:01 319488 c:\windows\PixArt\PAC7302\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 17:17 159744 c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-02-02 15:53 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 02:26 1626112 c:\windows\system32\nwiz.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\War3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-02-20 31536]

R3 PAC7302;PC Camera;c:\windows\system32\drivers\PAC7302.SYS [2009-02-08 458752]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2009-03-01 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2009-03-01 85696]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uai.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 21:29:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

@DACL=(02 0000)

"Logon"="WLEventLogon"

"Logoff"="WLEventLogoff"

"Startup"="WLEventStartup"

"Shutdown"="WLEventShutdown"

"StartScreenSaver"="WLEventStartScreenSaver"

"StopScreenSaver"="WLEventStopScreenSaver"

"Lock"="WLEventLock"

"Unlock"="WLEventUnlock"

"StartShell"="WLEventStartShell"

"PostShell"="WLEventPostShell"

"Disconnect"="WLEventDisconnect"

"Reconnect"="WLEventReconnect"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000000

"SafeMode"=dword:00000001

"MaxWait"=dword:ffffffff

"DllName"=expand:"WgaLogon.dll"

"Event"=dword:00000000

"InstallEvent"="1.8.0031.9"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(660)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 21:33:23 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-26 00:33:20

ComboFix2.txt 2009-03-25 20:42:06

 

Pré-execução: 19 pasta(s) 138.476.994.560 bytes disponíveis

Pós execução: 17 pasta(s) 138,465,009,664 bytes disponíveis

 

271 --- E O F --- 2009-03-11 20:57:33

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:35:02, on 25/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233501017655

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4632 bytes

 

 

 

 

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Ana Carolina V.

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><><>

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
DigRam, nao consigo atualizar o programa! Minha conexão no pc com problemas nao dura mais que dez segundos!

<><><><><><><><><><>

Opa! Ana Carolina V.

 

<!> Tente a correção de sua conecção,com o WinsockFix e,após isso,execute o Malwarebytes.

<><><><><><><><><><>

<@> Baixe: < WinsockFix >

<@> Salve-o no Desktop!

<@> Reinicie o computador em Modo de Segurança!

<@> Execute o WinsockFix!

<@> Duplo clique em WinsockFix.exe

<@> Abrir-se-á a janela: VB_Winfix 1.2

<@> Clique em Fix.

<@> Surgirá uma mensagem! >> Clique em Sim!

<@> Terminando,reinicie normalmente o computador,e execute o Malwarebytes.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
DigRam, executei o WinSockFix, mas dessa vez não chega nem a conectar... Vou tentar de novo mais tarde e torno a responder!

<><><><><><><><><>

Opa! Ana Carolina V.

 

<!> Tem certeza que o problema não é aí,com o seu provedor de Internet? :mellow:

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ei, DigRam!

 

Que maravilha o WinSockFix, solucionou as quedas de conexão!

E não é um problema do provedor, era da máquina mesmo, tanto que a intenet funciona quando ligo no meu outro note!

 

Meu pc agora está ótimo, parece até que formatei! XD

 

Malwarebytes' Anti-Malware 1.35

Versão do banco de dados: 1910

Windows 5.1.2600 Service Pack 3

 

28/3/2009 10:07:37

mbam-log-2009-03-28 (10-07-37).txt

 

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 108537

Tempo decorrido: 32 minute(s), 6 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:08:29, on 28/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233501017655

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD4469B-59E8-4170-A96C-7EE9FFD3254A}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{3DD4469B-59E8-4170-A96C-7EE9FFD3254A}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5251 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Ana Carolina V.

 

Que maravilha o WinSockFix, solucionou as quedas de conexão!

E não é um problema do provedor, era da máquina mesmo, tanto que a intenet funciona quando ligo no meu outro note!

<!> Então...a pilha winsock estava mesmo corrompida.

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar.

 

<!> Digite ou cole: sysdm.cpl --> Aperte Enter.

 

<@> Clique na aba "Restauração do Sistema" e marque a opção: "Desativar restauração do sistema em todas as unidades".

<@> Clique em Aplicar --> Aguarde! --> OK.

<@> Á seguir,desmarque a opção!

<@> Clique em Aplicar -> Aguarde! --> OK.

<><><><><><><><><><><>

<!> Os logs estão limpos! :thumbsup:

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.