Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Weick

[Arquivado] getwindowinfo Uma mãozinha? ^^

Recommended Posts

Oi pessoal. Tô aqui com um PC infectado por uma praga que faz com que o IExplorer abra, constantemente, uma janela e tente acessar o endereço "http://www_getwindowinfo/" e toda vez que tento fechar a janela, abre uma nova, e outra, e mais outra e... Segue abaixo log do HiJack para análise.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:10:11, on 28/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\VMSnap3.exe

C:\Arquivos de programas\Java.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\ARQUIV~1\MICROS~4\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\IExplore.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iMJPMIG8.2] msime82.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe

O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat

O4 - Global Startup: Java.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab

O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

 

--

End of file - 9246 bytes

 

 

Grande abraço,

Weick.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Weick

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, DigRam!

Saca só:

 

ComboFix

ComboFix 09-06-29.02 - Administrador 29/06/2009 20:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.580 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 308 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\svc.exe

c:\windows\system32\msconfig.exe

c:\windows\Tasks\startt.job

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))

.

 

2009-06-29 20:57 . 2009-06-29 20:58 -------- d-----w- c:\arquivos de programas\LG Electronics

2009-06-29 20:56 . 2009-06-29 20:56 -------- d-----w- C:\GSMULTI

2009-06-29 20:54 . 2009-06-29 20:55 -------- d-----w- C:\DOWNLOAD

2009-06-29 20:54 . 2009-06-29 20:54 -------- d-----w- C:\LG Electronics

2009-06-29 20:48 . 2009-06-29 20:48 -------- d-----w- C:\a

2009-06-29 20:09 . 2009-06-29 20:09 -------- d-----w- C:\install

2009-06-29 01:07 . 2009-06-29 01:08 401720 ----a-w- C:\HiJackThis.exe

2009-06-27 10:23 . 2008-11-03 12:45 3232373 ----a-w- c:\arquivos de programas\Java.exe

2009-06-26 19:24 . 2009-06-26 20:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-06-26 19:24 . 2009-06-26 19:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-26 19:19 . 2009-06-26 19:19 -------- d-----w- C:\Manual LG

2009-06-26 17:44 . 2009-06-26 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2009-06-26 17:39 . 2009-06-26 19:17 -------- d-----w- C:\VErsao d eSW - LG

2009-06-26 17:35 . 2009-06-16 09:25 104384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe

2009-06-26 16:53 . 2009-06-29 20:56 65536 ----a-w- c:\windows\IFinst27.exe

2009-06-26 16:52 . 2009-06-26 16:52 -------- d-----w- C:\Sistema LG

2009-06-26 16:35 . 2009-06-15 10:21 47048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2BLGMLauncher.exe

2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\windows\system32\CommonDL.dll

2009-06-26 16:35 . 2005-10-04 04:39 44544 ----a-w- c:\windows\system32\msxml4a.dll

2009-06-26 16:35 . 2009-06-17 09:12 124880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LiveUpdateAgent\B2BFileUpdateAgent.exe

2009-06-26 16:35 . 2009-06-24 10:28 210888 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BAppUninstall.exe

2009-06-26 16:35 . 2009-06-24 10:28 911296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\B2BCheckApp.exe

2009-06-26 16:35 . 2009-06-24 10:26 458752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMUpgradeDL.dll

2009-06-26 16:35 . 2009-06-15 09:30 24576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDLRapi.dll

2009-06-26 16:35 . 2009-06-15 09:30 86016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LGMobileDL.dll

2009-06-26 16:35 . 2006-05-04 11:33 53248 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\CommonDL.dll

2009-06-26 16:34 . 2009-06-26 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX

2009-06-26 16:34 . 2009-06-29 20:44 -------- d-----w- C:\Download LG

2009-06-20 03:09 . 2009-06-20 03:15 -------- d-----w- c:\arquivos de programas\MP4 Converter

2009-06-20 03:04 . 2009-06-20 03:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo

2009-06-20 02:53 . 2009-06-20 02:53 -------- d-----w- C:\MyDownloads

2009-06-20 01:46 . 2009-06-20 01:46 -------- d-----w- c:\arquivos de programas\Xilisoft

2009-06-12 04:04 . 2009-06-12 04:16 -------- d-----w- c:\arquivos de programas\ReadManiac

2009-06-07 22:24 . 2009-06-07 22:29 -------- d-----w- c:\arquivos de programas\All To AVI VCD SVCD DVD MPEG Converter Pro

2009-06-05 02:35 . 2009-06-05 02:35 -------- d-----w- c:\arquivos de programas\Intelore

2009-06-04 15:06 . 2009-06-04 15:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\dvdcss

2009-06-04 01:12 . 2009-06-22 06:34 -------- d-----w- c:\arquivos de programas\VideoLAN

2009-06-01 00:26 . 2009-06-01 01:36 -------- d-----w- c:\arquivos de programas\MegaJogos

2009-05-31 21:24 . 2009-05-31 21:24 0 ----a-w- c:\windows\nsreg.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-29 20:58 . 2008-05-20 16:26 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-29 13:13 . 2008-05-29 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-29 00:47 . 2009-05-11 05:52 -------- d-----w- c:\arquivos de programas\jw

2009-06-27 14:03 . 2008-08-13 16:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-06-26 18:03 . 2008-05-29 21:59 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-06-26 17:48 . 2008-08-13 16:18 65536 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

2009-06-26 17:48 . 2008-08-13 16:18 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe

2009-06-26 12:52 . 2008-05-26 14:46 -------- d-----w- c:\arquivos de programas\Motorola Service Tools

2009-06-25 19:57 . 2001-10-28 12:07 66614 ----a-w- c:\windows\system32\perfc016.dat

2009-06-25 19:57 . 2001-10-28 12:07 3260 ----a-w- c:\windows\system32\perfh016.dat

2009-06-22 14:08 . 2009-03-03 17:47 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-19 13:36 . 2008-05-21 14:20 -------- d-----w- c:\arquivos de programas\Motofone Reflash

2009-05-29 00:10 . 2009-05-29 00:06 103509 ------w- c:\windows\hpoins04.dat

2009-05-29 00:10 . 2009-05-29 00:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-05-25 23:33 . 2008-05-21 14:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-05-20 23:51 . 2008-05-21 14:01 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools

2009-05-20 23:45 . 2008-05-21 14:02 -------- d-----w- c:\arquivos de programas\Avanquest update

2009-05-16 17:53 . 2009-04-18 13:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-05-09 03:27 . 2009-05-09 03:05 -------- d-----w- c:\arquivos de programas\MIKSOFT

2009-05-07 23:48 . 2009-05-07 23:46 -------- d-----w- c:\arquivos de programas\Jasc Software Inc

2009-05-07 15:33 . 2008-09-25 13:56 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-04 01:05 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Go!Zilla

2009-05-03 20:47 . 2009-05-03 20:47 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Openworld Learning

2009-05-03 20:35 . 2009-05-03 20:35 -------- d-----w- c:\arquivos de programas\VIAudioi

2009-04-29 04:45 . 2004-08-04 05:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2008-09-25 13:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 19:50 . 2008-09-25 13:56 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2008-09-25 13:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-07 13:01 . 2009-04-07 13:01 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys

2009-04-07 13:00 . 2009-04-07 13:00 202827 -c--a-w- c:\windows\system32\atasnt40.dll

2009-04-01 14:50 . 2009-04-01 14:50 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"H/PC Connection Agent"="c:\arquiv~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"B2B_AGENT"="c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" [2009-06-16 104384]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2008-09-26 949376]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"BigDog303"="c:\windows\VM303_STI.EXE" [2005-11-05 61440]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"Java"="c:\arquivos de programas\Java.exe" [2008-11-03 3232373]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

SIFT.lnk - c:\motorola\sift_startup.bat [2003-11-7 1923]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Java.exe [2008-11-3 3232373]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-01-27 404032]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Motorola\\MotoConnect\\SWDL.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Arquivos de programas\\Motorola\\PST\\pst.exe"=

"c:\\Arquivos de programas\\Motofone Reflash\\F3_REFLASH.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [3/3/2009 14:47 26984]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26/9/2008 17:09 15424]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [29/5/2008 18:59 53736]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [14/7/2008 14:56 6016]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/12/2008 11:18 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/12/2008 11:18 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/12/2008 11:18 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/8/2008 12:45 23296]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [14/7/2008 14:56 23680]

S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [14/7/2008 11:50 48896]

S3 UTS2pl;Foxlink Serial port driver;c:\windows\system32\drivers\UTS2pl.sys [25/5/2004 16:48 43264]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [28/5/2009 21:01 480128]

S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-29 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 01:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-IMJPMIG8.2 - msime82.exe

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.compartilhando.org/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

Trusted Zone: gigabyte.com.tw\download

TCP: {D636F3B8-7E95-42B0-A088-CBD4BDCCA67D} = 192.168.1.1

DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/goldrush/sis/gamehouseplayer.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\gcdowtun.default\

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-29 20:09

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.2 = msime82.exe???.

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???c:\documents and???|???|????????????dor\Desktop\Vi

BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(456)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

 

- - - - - - - > 'lsass.exe'(512)

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

 

- - - - - - - > 'explorer.exe'(3868)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\ESET\nod32krn.exe

c:\windows\system32\rundll32.exe

c:\arquiv~1\MICROS~4\rapimgr.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-29 20:13 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-29 23:13

 

Pré-execução: 47 pasta(s) 16.535.363.584 bytes disponíveis

Pós execução: 47 pasta(s) 16.532.922.368 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

251 --- E O F --- 2009-06-11 15:28

 

HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:15:34, on 29/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\VMSnap3.exe

C:\Arquivos de programas\Java.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\ARQUIV~1\MICROS~4\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe

O4 - HKLM\..\Run: [Java] C:\Arquivos de programas\Java.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SIFT.lnk = C:\MOTOROLA\sift_startup.bat

O4 - Global Startup: Java.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.10/uploader2.cab

O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.shockwave.com/content/goldrush/...houseplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://techknowmoto.webex.com/client/T25L/...ing/ieatgpc.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D636F3B8-7E95-42B0-A088-CBD4BDCCA67D}: NameServer = 192.168.1.1

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

 

--

End of file - 8589 bytes

 

Muito obrigado mais uma vez e vamo seguindo ;D

Weick.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Weick

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><><>

<@> Baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.