Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
demitto

gbiehbsb.dll

Recommended Posts

também estou com mesmo problema!

Log do Hijack This

Logfile of HijackThis v1.99.1

Scan saved at 12:51:31, on 23/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\UAService7.exe

C:\DOCUME~1\LETEAM~1\CONFIG~1\Temp\Rar$EX00.171\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {F35CE83E-9EBF-40d5-AE87-53F982389740} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/app...jolauncher.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br...bPluginUni.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Borland Remote Debugging Service (BorlandRemoteDebuggingService) - Unknown owner - C:\Arquivos de programas\Borland\Remote Debugger\7.0\Bin\bordbg70.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\LETEAM~1\CONFIG~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O q faço, por favor. alguem pode me ajudar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Muito Obrigado por estar me ajudando.

    Log do ComboFix

    ComboFix 08-02-23 - Le te Amo 2008-02-28 11:25:32.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.91 [GMT -3:00]Executando de: C:\Documents and Settings\Le te Amo\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))

    .

    2008-02-25 21:31 . 2008-02-25 21:31 <DIR> d-------- C:\WINDOWS\OvtCam

    2008-02-25 21:08 . 2008-02-25 21:08 <DIR> d-------- C:\WebcamProeX

    2008-02-25 21:08 . 2008-02-25 21:08 <DIR> d-------- C:\CtDriverInstTemp

    2008-02-23 12:36 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-02-23 12:31 . 2008-02-23 12:31 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

    2008-02-23 04:51 . 2008-02-28 11:14 <DIR> d-------- C:\Documents and Settings\Le te Amo\Dados de aplicativos\AVG7

    2008-02-23 04:50 . 2008-02-23 04:50 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

    2008-02-23 04:50 . 2008-02-23 04:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

    2008-02-23 04:01 . 2008-02-23 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

    2008-02-23 04:01 . 2008-02-23 04:01 <DIR> d-------- C:\Arquivos de programas\ESET

    2008-02-23 03:56 . 2008-02-23 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

    2008-02-23 03:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

    2008-02-23 03:31 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

    2008-02-23 03:31 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

    2008-02-23 03:31 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

    2008-02-23 03:26 . 2006-06-27 05:40 12,800 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe

    2008-02-23 03:26 . 2006-06-27 05:40 3,584 -----c--- C:\WINDOWS\system32\dllcache\WgaLogon.dll

    2008-02-15 22:36 . 2008-02-15 22:36 604,672 --a------ C:\Gabriel_Garcia_Marquez_Pablo_Picaso.pps

    2008-02-14 11:44 . 2008-02-14 11:44 116 --a------ C:\WINDOWS\NeroDigital.ini

    2008-02-14 11:36 . 2008-02-14 11:36 <DIR> d-------- C:\Arquivos de programas\Ahead

    2008-02-14 11:36 . 2003-12-05 13:51 1,318,912 --------- C:\WINDOWS\UNMRW.exe

    2008-02-14 11:36 . 2003-12-09 18:33 29,678 --------- C:\WINDOWS\UNMRW.cfg

    2008-02-14 11:36 . 2003-12-08 20:55 25,072 --------- C:\WINDOWS\system32\drivers\incdrm.sys

    2008-02-14 11:29 . 2008-02-14 11:44 <DIR> d-------- C:\Documents and Settings\Le te Amo\Dados de aplicativos\Ahead

    2008-02-14 11:26 . 2008-02-14 11:26 <DIR> d-------- C:\Arquivos de programas\Nero

    2008-02-14 11:26 . 2008-02-14 11:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

    2008-02-14 00:19 . 2008-02-14 00:20 <DIR> d-------- C:\LinhaDefensiva

    2008-02-14 00:18 . 2008-02-14 00:18 180,719 --a------ C:\bankerfix.exe

    2008-02-13 20:01 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

    2008-02-13 20:01 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

    2008-02-13 20:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    2008-02-13 20:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

    2008-02-11 12:41 . 2008-02-11 12:41 9,705 --a------ C:\WINDOWS\cefpasso3.html

    2008-02-09 02:15 . 2008-02-09 12:25 <DIR> d-------- C:\Arquivos de programas\PlayNow

    2008-02-09 02:15 . 2008-02-09 02:15 438,784 --------- C:\WINDOWS\Setup1.exe

    2008-02-09 02:15 . 2008-02-09 02:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

    2008-02-09 01:13 . 2008-02-09 01:13 <DIR> d-------- C:\Arquivos de programas\Hp

    2008-02-09 00:46 . 2008-02-09 00:46 <DIR> d-------- C:\Arquivos de programas\Alwil Software

    2008-02-08 23:40 . 2008-02-08 23:43 159 --a------ C:\WINDOWS\sharedapp.reg

    2008-02-04 13:20 . 2008-02-18 10:00 2,432 --a------ C:\WINDOWS\mssnmsgr.dll

    2008-02-04 01:53 . 2008-02-04 01:53 <DIR> d-------- C:\WINDOWS\_tmp

    2008-02-04 01:52 . 2008-02-04 01:52 311,808 --a------ C:\WINDOWS\ping.exe

    2008-02-04 01:52 . 2008-02-04 01:52 121,344 --------- C:\WINDOWS\svcpool.dll

    2008-02-03 21:09 . 2008-02-03 21:09 64 --a------ C:\WINDOWS\wininit.ini

    2008-02-03 15:41 . 2008-02-03 15:41 <DIR> d-------- C:\Arquivos de programas\Activision

    2008-02-02 02:36 . 2008-02-02 02:36 1,190 --a------ C:\WINDOWS\mozver.dat

    2008-02-02 02:32 . 2008-02-02 02:32 0 --a------ C:\WINDOWS\nsreg.dat

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-14 14:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

    2008-02-14 14:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\River Past

    2008-02-09 02:39 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-02-04 13:08 --------- d-----w C:\Arquivos de programas\Borland

    2008-02-04 13:04 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-02-01 18:27 --------- d-----w C:\Arquivos de programas\Java

    2008-02-01 03:31 --------- d-----w C:\Documents and Settings\Le te Amo\Dados de aplicativos\LimeWire

    2007-12-30 20:24 --------- d-----w C:\Documents and Settings\Le te Amo\Dados de aplicativos\Tibia

    2007-12-07 01:07 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    2007-10-25 14:57 21,448 ----a-w C:\Documents and Settings\Le te Amo\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

    C:\WINDOWS\gbiehbsb.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]

    "SoundMan"="SOUNDMAN.EXE" [2004-11-15 07:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 14:35 4603904]

    "nwiz"="nwiz.exe" [2004-09-30 14:35 921600 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 14:35 86016]

    "WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2006-11-21 14:38 35328]

    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 03:39 176128]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

    "PlayNowGames"="" []

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-23 04:55 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    "AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-23 04:55 219136]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-01 09:59:12 113664]

    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

    Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "status"= present

    "winlogon"= C:\heap41a\svchost.exe C:\heap41a\std.txt

    "gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoStartMenuPinnedList"= 0 (0x0)

    "NoStartMenuMFUprogramsList"= 0 (0x0)

    "NoUserNameInStartMenu"= 0 (0x0)

    "NoStartMenuSubFolders"= 0 (0x0)

    "NoCommonGroups"= 0 (0x0)

    "NoPrinterTabs"= 0 (0x0)

    "NoDeletePrinter"= 0 (0x0)

    "NoAddPrinter"= 0 (0x0)

    "NoPrinters"= 0 (0x0)

    "NoFavoritesMenu"= 0 (0x0)

    "NoSetFolders"= 0 (0x0)

    "NoToolbarCustomize"= 0 (0x0)

    "NoRecentDocsNetHood"= 0 (0x0)

    "NoChangeAnimation"= 0 (0x0)

    "NoChangeKeyboardNavigationIndicators"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [ ]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [ ]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019

    "C:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

    "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

    "E:\\HALF-LIFE 2ª VER..exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\SIERRA\\Half-Life\\voice_tweak.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\GameBoyAdvenced\\pol_6\\pol_6.2\\Pokemon Online.exe"=

    "C:\\Arquivos de programas\\RiPG\\RiPG.exe"=

    "C:\\Arquivos de programas\\CyberDefender\\AntiSpyware\\cdas9.exe"=

    "C:\\NeverwinterNights\\NWN\\nwmain.exe"=

    "D:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe"=

    "D:\\Arquivos de programas\\Electronic Arts\\Sports Car GT\\Spcar.exe"=

    "C:\\Arquivos de programas\\PlayNow\\PlayNowClient.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

    R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 02:00]

    R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 05:43]

    S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe []

    S2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-11-28 20:50]

    S3 BorlandRemoteDebuggingService;Borland Remote Debugging Service;C:\Arquivos de programas\Borland\Remote Debugger\7.0\Bin\bordbg70.exe []

    S3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-11-28 20:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214b2324-a1b3-11dc-8af4-0013d491a934}]

    \Shell\Auto\command - F:\MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8ae2c5e-4132-11db-8792-0013d491a934}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acec2bcc-6b62-11db-87a5-0013d491a934}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-28 11:28:51

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-02-28 11:30:23

    ComboFix-quarantined-files.txt 2008-02-28 14:30:12

    .

    2008-02-25 16:19:33 --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    Folder::
    C:\WINDOWS\_tmp
    File::
    C:\WINDOWS\sharedapp.reg
    C:\WINDOWS\mssnmsgr.dll
    C:\WINDOWS\ping.exe
    C:\WINDOWS\svcpool.dll
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "status"=-
    "winlogon"=-
    "gbieh.1"=-

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-02-23 - Le te Amo 2008-03-01 11:53:56.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.74 [GMT -3:00]

    Executando de: C:\Documents and Settings\Le te Amo\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Le te Amo\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\ping.exe

    C:\WINDOWS\sharedapp.reg

    C:\WINDOWS\svcpool.dll

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\_tmp

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\ping.exe

    C:\WINDOWS\sharedapp.reg

    C:\WINDOWS\svcpool.dll

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))

    .

    2008-02-25 21:31 . 2008-02-25 21:31 <DIR> d-------- C:\WINDOWS\OvtCam

    2008-02-25 21:08 . 2008-02-25 21:08 <DIR> d-------- C:\WebcamProeX

    2008-02-25 21:08 . 2008-02-25 21:08 <DIR> d-------- C:\CtDriverInstTemp

    2008-02-23 12:36 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-02-23 12:31 . 2008-02-23 12:31 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

    2008-02-23 04:51 . 2008-03-01 11:44 <DIR> d-------- C:\Documents and Settings\Le te Amo\Dados de aplicativos\AVG7

    2008-02-23 04:50 . 2008-02-23 04:50 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

    2008-02-23 04:50 . 2008-02-23 04:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

    2008-02-23 04:01 . 2008-02-23 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

    2008-02-23 04:01 . 2008-02-23 04:01 <DIR> d-------- C:\Arquivos de programas\ESET

    2008-02-23 03:56 . 2008-02-23 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

    2008-02-23 03:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

    2008-02-23 03:31 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

    2008-02-23 03:31 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

    2008-02-23 03:31 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

    2008-02-23 03:26 . 2006-06-27 05:40 12,800 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe

    2008-02-23 03:26 . 2006-06-27 05:40 3,584 -----c--- C:\WINDOWS\system32\dllcache\WgaLogon.dll

    2008-02-15 22:36 . 2008-02-15 22:36 604,672 --a------ C:\Gabriel_Garcia_Marquez_Pablo_Picaso.pps

    2008-02-14 11:44 . 2008-02-14 11:44 116 --a------ C:\WINDOWS\NeroDigital.ini

    2008-02-14 11:36 . 2008-02-14 11:36 <DIR> d-------- C:\Arquivos de programas\Ahead

    2008-02-14 11:36 . 2003-12-05 13:51 1,318,912 --------- C:\WINDOWS\UNMRW.exe

    2008-02-14 11:36 . 2003-12-09 18:33 29,678 --------- C:\WINDOWS\UNMRW.cfg

    2008-02-14 11:36 . 2003-12-08 20:55 25,072 --------- C:\WINDOWS\system32\drivers\incdrm.sys

    2008-02-14 11:29 . 2008-02-14 11:44 <DIR> d-------- C:\Documents and Settings\Le te Amo\Dados de aplicativos\Ahead

    2008-02-14 11:26 . 2008-02-14 11:26 <DIR> d-------- C:\Arquivos de programas\Nero

    2008-02-14 11:26 . 2008-02-14 11:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

    2008-02-14 00:19 . 2008-02-14 00:20 <DIR> d-------- C:\LinhaDefensiva

    2008-02-14 00:18 . 2008-02-14 00:18 180,719 --a------ C:\bankerfix.exe

    2008-02-13 20:01 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

    2008-02-13 20:01 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

    2008-02-13 20:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    2008-02-13 20:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

    2008-02-11 12:41 . 2008-02-11 12:41 9,705 --a------ C:\WINDOWS\cefpasso3.html

    2008-02-09 02:15 . 2008-02-09 12:25 <DIR> d-------- C:\Arquivos de programas\PlayNow

    2008-02-09 02:15 . 2008-02-09 02:15 438,784 --------- C:\WINDOWS\Setup1.exe

    2008-02-09 02:15 . 2008-02-09 02:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

    2008-02-09 01:13 . 2008-02-09 01:13 <DIR> d-------- C:\Arquivos de programas\Hp

    2008-02-09 00:46 . 2008-02-09 00:46 <DIR> d-------- C:\Arquivos de programas\Alwil Software

    2008-02-03 21:09 . 2008-02-03 21:09 64 --a------ C:\WINDOWS\wininit.ini

    2008-02-03 15:41 . 2008-02-03 15:41 <DIR> d-------- C:\Arquivos de programas\Activision

    2008-02-02 02:36 . 2008-02-02 02:36 1,190 --a------ C:\WINDOWS\mozver.dat

    2008-02-02 02:32 . 2008-02-02 02:32 0 --a------ C:\WINDOWS\nsreg.dat

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-14 14:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

    2008-02-14 14:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\River Past

    2008-02-09 02:39 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-02-04 13:08 --------- d-----w C:\Arquivos de programas\Borland

    2008-02-04 13:04 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-02-01 18:27 --------- d-----w C:\Arquivos de programas\Java

    2008-02-01 03:31 --------- d-----w C:\Documents and Settings\Le te Amo\Dados de aplicativos\LimeWire

    2007-12-07 01:07 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    2007-10-25 14:57 21,448 ----a-w C:\Documents and Settings\Le te Amo\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]

    "SoundMan"="SOUNDMAN.EXE" [2004-11-15 07:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 14:35 4603904]

    "nwiz"="nwiz.exe" [2004-09-30 14:35 921600 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 14:35 86016]

    "WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2006-11-21 14:38 35328]

    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 03:39 176128]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

    "PlayNowGames"="" []

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-23 04:55 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    "AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-23 04:55 219136]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-01 09:59:12 113664]

    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

    Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoStartMenuPinnedList"= 0 (0x0)

    "NoStartMenuMFUprogramsList"= 0 (0x0)

    "NoUserNameInStartMenu"= 0 (0x0)

    "NoStartMenuSubFolders"= 0 (0x0)

    "NoCommonGroups"= 0 (0x0)

    "NoPrinterTabs"= 0 (0x0)

    "NoDeletePrinter"= 0 (0x0)

    "NoAddPrinter"= 0 (0x0)

    "NoPrinters"= 0 (0x0)

    "NoFavoritesMenu"= 0 (0x0)

    "NoSetFolders"= 0 (0x0)

    "NoToolbarCustomize"= 0 (0x0)

    "NoRecentDocsNetHood"= 0 (0x0)

    "NoChangeAnimation"= 0 (0x0)

    "NoChangeKeyboardNavigationIndicators"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [ ]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [ ]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019

    "C:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

    "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

    "E:\\HALF-LIFE 2ª VER..exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\SIERRA\\Half-Life\\voice_tweak.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\GameBoyAdvenced\\pol_6\\pol_6.2\\Pokemon Online.exe"=

    "C:\\Arquivos de programas\\RiPG\\RiPG.exe"=

    "C:\\Arquivos de programas\\CyberDefender\\AntiSpyware\\cdas9.exe"=

    "C:\\NeverwinterNights\\NWN\\nwmain.exe"=

    "D:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe"=

    "D:\\Arquivos de programas\\Electronic Arts\\Sports Car GT\\Spcar.exe"=

    "C:\\Arquivos de programas\\PlayNow\\PlayNowClient.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

    R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 02:00]

    R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 05:43]

    S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe []

    S2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-11-28 20:50]

    S3 BorlandRemoteDebuggingService;Borland Remote Debugging Service;C:\Arquivos de programas\Borland\Remote Debugger\7.0\Bin\bordbg70.exe []

    S3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-11-28 20:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214b2324-a1b3-11dc-8af4-0013d491a934}]

    \Shell\Auto\command - F:\MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8ae2c5e-4132-11db-8792-0013d491a934}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acec2bcc-6b62-11db-87a5-0013d491a934}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-01 11:56:22

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-01 11:57:29

    ComboFix-quarantined-files.txt 2008-03-01 14:57:19

    ComboFix2.txt 2008-02-28 14:30:23

    .

    2008-02-25 16:19:33 --- E O F ---

    Logfile of HijackThis v1.99.1

    Scan saved at 12:04:12, on 1/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\DOCUME~1\LETEAM~1\CONFIG~1\Temp\Rar$EX01.344\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    R3 - URLSearchHook: (no name) - {F35CE83E-9EBF-40d5-AE87-53F982389740} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab

    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: Borland Remote Debugging Service (BorlandRemoteDebuggingService) - Unknown owner - C:\Arquivos de programas\Borland\Remote Debugger\7.0\Bin\bordbg70.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\LETEAM~1\CONFIG~1\Temp\hpdj.exe (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

    - Atualize o Internet Explorer:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar > Corrigir erros selecionados

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • valeu cara

    Muito Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×