[Resolvido!] Analise de Log

[GildazioJr 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:16:07, on 03/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\av_md.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 209.160.71.107 santander.com.br

O1 - Hosts: 209.160.71.107 www.santander.com.br

O1 - Hosts: 209.160.71.107 itau.com.br

O1 - Hosts: 209.160.71.107 www.itau.com.br

O1 - Hosts: 209.160.71.107 www.itau.com

O1 - Hosts: 209.160.71.107 itau.com

O1 - Hosts: 209.160.71.107 itaupersonnalite.com.br

O1 - Hosts: 209.160.71.107 www.itaupersonnalite.com.br

O1 - Hosts: 209.160.71.107 www.bradesco.com.br

O1 - Hosts: 209.160.71.107 bradesco.com.br

O1 - Hosts: 209.160.71.107 www.bradesco.com

O1 - Hosts: 209.160.71.107 bradesco.com

O1 - Hosts: 209.160.71.107 www.bradescoempresa.com.br

O1 - Hosts: 209.160.71.107 bradescoempresa.com.br

O1 - Hosts: 209.160.71.107 www.bradescoprime.com.br

O1 - Hosts: 209.160.71.107 bradescoprime.com.br

O1 - Hosts: 209.160.71.107 bradescocartoes.com.br

O1 - Hosts: 209.160.71.107 www.bradescocartoes.com.br

O1 - Hosts: 209.160.71.107 bb.com.br

O1 - Hosts: 209.160.71.107 www.bb.com.br

O1 - Hosts: 209.160.71.107 bancodobrasil.com.br

O1 - Hosts: 209.160.71.107 www.bancodobrasil.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMD.tmp

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [av_md] C:\Documents and Settings\Administrador\av_md.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: siszyd32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 11498 bytes

[wings 22]

Bom dia....

 

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[GildazioJr 0]

Bom dia....

 

 

 

*Baixe o MalwareBytes'>http://www.filehippo.com/download_malwarebytes_anti_malware/"]MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

 

 

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

03/03/2010 10:03:21 GildazioJr

mbam-log-2010-03-03 (10-03-21).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 263337

Tempo decorrido: 41 minute(s), 25 second(s)

 

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 4

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 12

 

Processos da Memória infectados:

C:\WINDOWS\system32\av_md.exe (Backdoor.Bot) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av_md (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av_md (Trojan.Dropper) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\Trial-Reset.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Meus documentos\Downloads\mxone.exe (Rogue.MxOneAntivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\pweien.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\Temp\~TM6F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\siszyd32.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Administrador\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Gardenia\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

[wings 22]

1.

*Reinicie o PC

 

2.

*Novo log do hijack

[GildazioJr 0]

1.

*Reinicie o PC

 

2.

*Novo log do hijack

 

 

Bom dia, muito obrigado por estar me auxiliando, sabe me dizer o que seria essas referencias de 'Banco do brasil' 'Bradesco' 'Santander', sendo que nao faço nada a respeito desses bancos via pc.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:21:52, on 03/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 209.160.71.107 santander.com.br

O1 - Hosts: 209.160.71.107 www.santander.com.br

O1 - Hosts: 209.160.71.107 itau.com.br

O1 - Hosts: 209.160.71.107 www.itau.com.br

O1 - Hosts: 209.160.71.107 www.itau.com

O1 - Hosts: 209.160.71.107 itau.com

O1 - Hosts: 209.160.71.107 itaupersonnalite.com.br

O1 - Hosts: 209.160.71.107 www.itaupersonnalite.com.br

O1 - Hosts: 209.160.71.107 www.bradesco.com.br

O1 - Hosts: 209.160.71.107 bradesco.com.br

O1 - Hosts: 209.160.71.107 www.bradesco.com

O1 - Hosts: 209.160.71.107 bradesco.com

O1 - Hosts: 209.160.71.107 www.bradescoempresa.com.br

O1 - Hosts: 209.160.71.107 bradescoempresa.com.br

O1 - Hosts: 209.160.71.107 www.bradescoprime.com.br

O1 - Hosts: 209.160.71.107 bradescoprime.com.br

O1 - Hosts: 209.160.71.107 bradescocartoes.com.br

O1 - Hosts: 209.160.71.107 www.bradescocartoes.com.br

O1 - Hosts: 209.160.71.107 bb.com.br

O1 - Hosts: 209.160.71.107 www.bb.com.br

O1 - Hosts: 209.160.71.107 bancodobrasil.com.br

O1 - Hosts: 209.160.71.107 www.bancodobrasil.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 11141 bytes

[wings 22]

....sabe me dizer o que seria essas referencias de 'Banco do brasil' 'Bradesco' 'Santander', sendo que nao faço nada a respeito desses bancos via pc.

 

Foram introduzidas pela contaminação.

 

Vamos continuar...

 

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

2.

*Baixe o HostsXpert e salve-o no desktop

*Extraia o seu conteúdo para o desktop e execute-o. Clique em [Restore Microsoft's Hosts File]

 

3.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [Yes] para continuar. Seja paciente e aguarde até que todas as etapas sejam concluídas.

 

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado.

 

*Cole-o na sua próxima resposta

[GildazioJr 0]

....sabe me dizer o que seria essas referencias de 'Banco do brasil' 'Bradesco' 'Santander', sendo que nao faço nada a respeito desses bancos via pc.

 

Foram introduzidas pela contaminação.

 

Vamos continuar...

 

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

2.

*Baixe o HostsXpert'>http://www.funkytoad.com/download/HostsXpert.zip"]HostsXpert e salve-o no desktop

*Extraia o seu conteúdo para o desktop e execute-o. Clique em [Restore Microsoft's Hosts File]

 

3.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [Yes] para continuar. Seja paciente e aguarde até que todas as etapas sejam concluídas.

 

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado.

 

*Cole-o na sua próxima resposta

 

 

 

ComboFix 10-03-03.02 - GildazioJr 03/03/2010 14:57:31.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.355 [GMT -5:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 091030-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 220 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\docume~1\ADMINI~1\CONFIG~1\Temp\tmp2.tmp

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\config.ini

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\Temp\scsF.tmp

 

c:\windows\system32\drivers\cdrom.sys . . . está faltando!!

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))

.

 

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-03-03 14:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-03 14:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-02 20:54 . 2010-03-02 20:54 -------- d-----w- c:\arquivos de programas\VeryPDF PDF2Word v3.0

2010-03-02 20:16 . 2010-03-02 20:23 -------- d-----w- C:\Gtot2000

2010-03-02 20:05 . 2001-05-10 18:00 589312 ----a-w- c:\windows\system\IDAPI32.DLL

2010-03-02 20:04 . 2010-03-02 20:04 -------- d-----w- C:\Procel

2010-02-24 22:00 . 1998-02-07 02:37 299520 ----a-w- c:\windows\uninst.exe

2010-02-24 22:00 . 2010-02-24 22:00 -------- d-----w- c:\documents and settings\Administrador\WINDOWS

2010-02-23 21:37 . 2010-02-23 21:37 -------- d-----w- C:\EngeComp

2010-02-23 21:24 . 2010-02-26 13:51 -------- d-----w- C:\AguiaEmpresarial

2010-02-23 21:21 . 2010-02-23 21:24 286720 ------w- c:\windows\Setup1.exe

2010-02-23 21:21 . 2010-02-23 21:24 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-02-23 21:21 . 2010-02-26 13:51 -------- d-----w- C:\IndustriaManager

2010-02-23 21:08 . 2010-02-23 21:10 -------- d-----w- C:\AUTOFABR

2010-02-22 21:56 . 2010-02-22 21:56 10 ----a-w- C:\trash.bat

2010-02-19 16:55 . 2010-02-19 16:55 -------- d-----w- c:\arquivos de programas\DVD Audio Extractor

2010-02-11 20:01 . 2010-02-22 14:20 9637460 ---hatw- c:\windows\system32\wrs.zip

2010-02-04 16:40 . 2010-02-04 17:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Virtual City

2010-02-04 16:40 . 2010-02-04 16:40 -------- d-----w- C:\Èãðû îò NevoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-03 20:06 . 2008-04-23 15:06 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-03-03 15:32 . 2008-03-09 05:37 -------- d-----w- c:\arquivos de programas\LogMeIn

2010-02-26 13:51 . 2009-11-26 15:42 -------- d-----w- c:\arquivos de programas\Mastercx

2010-02-25 13:24 . 2008-04-23 15:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-02-23 21:18 . 2010-01-22 22:38 737280 ----a-w- c:\windows\iun6002.exe

2010-02-23 15:28 . 2008-01-15 13:47 -------- d-----w- c:\arquivos de programas\Google

2010-02-06 20:28 . 2009-07-10 13:27 -------- d-----w- c:\arquivos de programas\3GP Player 2009

2010-01-25 14:44 . 2009-10-15 22:30 -------- d-----w- c:\arquivos de programas\Celebrity Toolbar

2010-01-25 14:43 . 2010-01-22 22:39 -------- d-----w- c:\arquivos de programas\SERIUS-G1

2010-01-25 14:43 . 2010-01-22 22:37 -------- d-----w- c:\arquivos de programas\SERIUS-CF

2010-01-22 22:34 . 2010-01-22 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{E7F5BC76-4CAE-4EF1-86A1-7641ACCCBC9E}

2010-01-15 21:55 . 2001-10-28 18:07 94522 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 21:55 . 2001-10-28 18:07 517688 ----a-w- c:\windows\system32\perfh016.dat

2010-01-11 20:15 . 2010-01-11 20:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:09 . 2008-04-14 12:00 669184 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:09 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-17 18:48 . 2008-01-06 01:38 22980 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-17 07:41 . 2008-01-06 01:37 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 15:57 . 2009-12-02 16:42 24 ----a-w- c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2008-04-14 12:00 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2008-04-13 19:00 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 22:29 . 2009-10-19 13:43 30504 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-04-13 21:04 . 2008-06-25 16:30 18186 ----a-w- c:\arquivos de programas\megacubo_log.log

2008-03-19 19:58 . 2008-03-19 19:58 257611 ----a-w- c:\arquivos de programas\messpatch-g5-81178.zip

2008-01-18 16:11 . 2008-01-18 16:11 3252981 ----a-w- c:\arquivos de programas\vdownloader.zip

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-16 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SkyTel"="SkyTel.EXE" [2006-05-15 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"WinVNC"="c:\arquivos de programas\UltraVNC\WinVNC.exe" [2006-06-18 712704]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-08-27 149280]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]

"nwiz"="nwiz.exe" [2007-05-21 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-21 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 16062464]

"NevoDRM"="c:\èãðû îò nevosoft\NevoDRM\NevoDRM.exe" [2008-12-11 41984]

 

c:\documents and settings\Gardenia\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 19:47 384840 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-01 15:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5800:TCP"= 5800:TCP:VNC

"5800:UDP"= 5800:UDP:VNC

"5900:TCP"= 5900:TCP:VNC

"5900:UDP"= 5900:UDP:VNC

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/10/2009 08:43 GildazioJr 30504]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/05/2009 13:43 GildazioJr 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2009 13:43 GildazioJr 20560]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [03/08/2007 15:09 GildazioJr 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [09/03/2008 00:37 GildazioJr 47640]

S0 pweien;pweien; [x]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/02/2010 10:28 GildazioJr 135664]

S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [09/03/2008 00:39 GildazioJr 6016]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

UnknownUnknown GbpSv;GbpSv; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-23 15:28]

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-23 15:28]

.

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: {07C6FAA2-ACB6-451B-A842-7D395B23A074} = 201.10.128.2,201.10.1.2

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

HKCU-Run-CoolSMS - (no file)

HKCU-Run-DriverUpdaterPro - c:\arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe

HKCU-Run-TrayHabil - c:\arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehcef.dll

AddRemove-FPVIW - c:\windows\hpun402.exe

AddRemove-HijackThis - c:\docume~1\ADMINI~1\CONFIG~1\Temp\HijackThis.exe

 

 

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(748)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

 

- - - - - - - > 'explorer.exe'(3152)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

c:\arquivos de programas\Microsoft Office\Office12\1046\GrooveIntlResource.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll

c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\savedump.exe

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\LogMeIn\x86\RaMaint.exe

c:\arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-03-03 15:08:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-03 20:08

 

Pré-execução: 22 pasta(s) 257.975.791.616 bytes disponíveis

Pós execução: 26 pasta(s) 264.045.764.608 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 0DD05A77F23C963E8CCBC554EDDF9B6F

[wings 22]

Por favor...

 

 

Envie o arquivo abaixo para análise em http://virscan.org

 

c:\windows\system32\wrs.zip

 

Cole o link contendo o resultado.

[GildazioJr 0]

Por favor...

 

 

Envie o arquivo abaixo para análise em http://virscan.org

 

c:\windows\system32\wrs.zip

 

Cole o link contendo o resultado.

 

Ok, este não precisa ser enviado, é de minha autoria, esta na pasta 'system32' por privacidade, visto que a maquina nao é usada apenas por mim.

Mais algo?

[wings 22]

OK...

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

[GildazioJr 0]

OK...

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

 

Ok, mais uma pergunta, acaba de acontecer novamente, sempre que ligo a maquina, passam-se alguns minutos ela para e fica uma tela azul com uns dizeres, la em baixo fica uma contagem descrita pela frase, o que seria?

 

'DESPEJANDO ARQUIVOS EM DISCO' vai de 0 a 100% e reinicia a maquina. Ai vao os logs...

 

 

ComboFix 10-03-03.02 - GildazioJr 03/03/2010 15:49:58.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.438 [GMT -5:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 091030-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 8 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-- Execuções precedente --

 

c:\windows\system32\drivers\cdrom.sys . . . está faltando!!

 

--------

 

c:\windows\system32\drivers\cdrom.sys . . . está faltando!!

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))

.

 

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-03-03 14:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-03 14:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-03 14:20 . 2010-03-03 14:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-02 20:54 . 2010-03-02 20:54 -------- d-----w- c:\arquivos de programas\VeryPDF PDF2Word v3.0

2010-03-02 20:16 . 2010-03-02 20:23 -------- d-----w- C:\Gtot2000

2010-03-02 20:05 . 2001-05-10 18:00 589312 ----a-w- c:\windows\system\IDAPI32.DLL

2010-03-02 20:04 . 2010-03-02 20:04 -------- d-----w- C:\Procel

2010-02-24 22:00 . 1998-02-07 02:37 299520 ----a-w- c:\windows\uninst.exe

2010-02-24 22:00 . 2010-02-24 22:00 -------- d-----w- c:\documents and settings\Administrador\WINDOWS

2010-02-23 21:37 . 2010-02-23 21:37 -------- d-----w- C:\EngeComp

2010-02-23 21:24 . 2010-02-26 13:51 -------- d-----w- C:\AguiaEmpresarial

2010-02-23 21:21 . 2010-02-23 21:24 286720 ------w- c:\windows\Setup1.exe

2010-02-23 21:21 . 2010-02-23 21:24 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-02-23 21:21 . 2010-02-26 13:51 -------- d-----w- C:\IndustriaManager

2010-02-23 21:08 . 2010-02-23 21:10 -------- d-----w- C:\AUTOFABR

2010-02-22 21:56 . 2010-02-22 21:56 10 ----a-w- C:\trash.bat

2010-02-19 16:55 . 2010-02-19 16:55 -------- d-----w- c:\arquivos de programas\DVD Audio Extractor

2010-02-11 20:01 . 2010-02-22 14:20 9637460 ---hatw- c:\windows\system32\cawfp.zip

2010-02-04 16:40 . 2010-02-04 17:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Virtual City

2010-02-04 16:40 . 2010-02-04 16:40 -------- d-----w- C:\Èãðû îò NevoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-03 20:06 . 2008-04-23 15:06 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-03-03 15:32 . 2008-03-09 05:37 -------- d-----w- c:\arquivos de programas\LogMeIn

2010-02-26 13:51 . 2009-11-26 15:42 -------- d-----w- c:\arquivos de programas\Mastercx

2010-02-25 13:24 . 2008-04-23 15:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-02-23 21:18 . 2010-01-22 22:38 737280 ----a-w- c:\windows\iun6002.exe

2010-02-23 15:28 . 2008-01-15 13:47 -------- d-----w- c:\arquivos de programas\Google

2010-02-06 20:28 . 2009-07-10 13:27 -------- d-----w- c:\arquivos de programas\3GP Player 2009

2010-01-25 14:44 . 2009-10-15 22:30 -------- d-----w- c:\arquivos de programas\Celebrity Toolbar

2010-01-25 14:43 . 2010-01-22 22:39 -------- d-----w- c:\arquivos de programas\SERIUS-G1

2010-01-25 14:43 . 2010-01-22 22:37 -------- d-----w- c:\arquivos de programas\SERIUS-CF

2010-01-22 22:34 . 2010-01-22 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{E7F5BC76-4CAE-4EF1-86A1-7641ACCCBC9E}

2010-01-15 21:55 . 2001-10-28 18:07 94522 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 21:55 . 2001-10-28 18:07 517688 ----a-w- c:\windows\system32\perfh016.dat

2010-01-11 20:15 . 2010-01-11 20:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:09 . 2008-04-14 12:00 669184 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:09 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-17 18:48 . 2008-01-06 01:38 22980 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-17 07:41 . 2008-01-06 01:37 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 15:57 . 2009-12-02 16:42 24 ----a-w- c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2008-04-14 12:00 2149376 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2008-04-13 19:00 2028032 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 22:29 . 2009-10-19 13:43 30504 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-04-13 21:04 . 2008-06-25 16:30 18186 ----a-w- c:\arquivos de programas\megacubo_log.log

2008-03-19 19:58 . 2008-03-19 19:58 257611 ----a-w- c:\arquivos de programas\messpatch-g5-81178.zip

2008-01-18 16:11 . 2008-01-18 16:11 3252981 ----a-w- c:\arquivos de programas\vdownloader.zip

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-03_20.06.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-03 20:45 . 2010-03-03 20:45 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat

+ 2010-03-03 20:46 . 2010-03-03 20:46 16384 c:\windows\Temp\Perflib_Perfdata_158.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-16 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SkyTel"="SkyTel.EXE" [2006-05-15 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"WinVNC"="c:\arquivos de programas\UltraVNC\WinVNC.exe" [2006-06-18 712704]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-08-27 149280]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]

"nwiz"="nwiz.exe" [2007-05-21 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-21 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 16062464]

"NevoDRM"="c:\èãðû îò nevosoft\NevoDRM\NevoDRM.exe" [2008-12-11 41984]

 

c:\documents and settings\Gardenia\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 19:47 384840 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

c:\arquivos de programas\GbPlugin\gbiehcef.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-01 15:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5800:TCP"= 5800:TCP:VNC

"5800:UDP"= 5800:UDP:VNC

"5900:TCP"= 5900:TCP:VNC

"5900:UDP"= 5900:UDP:VNC

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/10/2009 08:43 GildazioJr 30504]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/05/2009 13:43 GildazioJr 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2009 13:43 GildazioJr 20560]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [03/08/2007 15:09 GildazioJr 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [09/03/2008 00:37 GildazioJr 47640]

S0 pweien;pweien; [x]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/02/2010 10:28 GildazioJr 135664]

S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [09/03/2008 00:39 GildazioJr 6016]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

UnknownUnknown GbpSv;GbpSv; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-23 15:28]

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-23 15:28]

.

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: {07C6FAA2-ACB6-451B-A842-7D395B23A074} = 201.10.128.2,201.10.1.2

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(748)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

 

- - - - - - - > 'explorer.exe'(3840)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-03-03 15:55:13

ComboFix-quarantined-files.txt 2010-03-03 20:55

ComboFix2.txt 2010-03-03 20:08

 

Pré-execução: 25 pasta(s) 264.074.661.888 bytes disponíveis

Pós execução: 26 pasta(s) 264.064.344.064 bytes disponíveis

 

- - End Of File - - 5D68F578C8E0A39321A400F1885E80B2

 

 

*******************************************************************************************************************************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:56:50, on 03/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ComboFix\CF19942.cfxxe

C:\ComboFix\mbr.cfxxe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 9560 bytes

[wings 22]

OK...log limpo.

 

 

1.

*Delete o programa HostsXpert

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

3.

*Em relação ao seu problema:

 

O

k, mais uma pergunta, acaba de acontecer novamente, sempre que ligo a maquina, passam-se alguns minutos ela para e fica uma tela azul com uns dizeres, la em baixo fica uma contagem descrita pela frase, o que seria?

 

'DESPEJANDO ARQUIVOS EM DISCO' vai de 0 a 100% e reinicia a maquina.

 

Possivelmente a mensagem seja: despejo de memória fisica.

 

*Isso é problema de Hardware.

 

 

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término

*Retire o CD e reinicie o PC

 

Veja se corrigiu.

[GildazioJr 0]

OK...log limpo.

 

 

1.

*Delete o programa HostsXpert

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

3.

*Em relação ao seu problema:

 

O

k, mais uma pergunta, acaba de acontecer novamente, sempre que ligo a maquina, passam-se alguns minutos ela para e fica uma tela azul com uns dizeres, la em baixo fica uma contagem descrita pela frase, o que seria?

 

'DESPEJANDO ARQUIVOS EM DISCO' vai de 0 a 100% e reinicia a maquina.

 

Possivelmente a mensagem seja: despejo de memória fisica.

 

*Isso é problema de Hardware.

 

 

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término

*Retire o CD e reinicie o PC

 

Veja se corrigiu.

 

 

OK, ja exclui, porem nao possuo o cd do windows para fazer a verificaçao, alem de que meu cd-rom nao esta reconhecendo cd algum..

[wings 22]

OK, ja exclui, porem nao possuo o cd do windows para fazer a verificaçao..

Realmente nesta condição não posso te ajudar.

 

....alem de que meu cd-rom nao esta reconhecendo cd algum..

Isso é devido a falta do arquivo cdrom.sys.

 

Baixe o arquivo deste link e salve-o no desktop

Extraia o seu conteúdo para c:\windows\system32\drivers

Reinicie o PC e veja se o cdrom já funciona.

[GildazioJr 0]

OK, ja exclui, porem nao possuo o cd do windows para fazer a verificaçao..

Realmente nesta condição não posso te ajudar.

 

....alem de que meu cd-rom nao esta reconhecendo cd algum..

Isso é devido a falta do arquivo cdrom.sys.

 

Baixe o arquivo deste'>http://wings.site90.net/Viroses/cdrom.zip"]deste link e salve-o no desktop

Extraia o seu conteúdo para c:\windows\system32\drivers

Reinicie o PC e veja se o cdrom já funciona.

 

Bom dia, fiz o procedimento porem o cd-rom continua inativo..

[wings 22]

Esta parecendo ser problema de Hardware mesmo.

 

Não há mais nada que posso te ajudar agora.

[GildazioJr 0]

Esta parecendo ser problema de Hardware mesmo.

 

Não há mais nada que posso te ajudar agora.

 

Ok, muito obrigado pela atençao e ajuda.

Só pra confirmarmos, pode me confirmar se esta tudo ok? Ai vai mais um log!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:24:43, on 04/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 9869 bytes

[wings 22]

O log está limpo.... :)

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.