Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
cirotf

System error 1400

Recommended Posts

Está aparecendo a mensagem System error 1400 parece que é o vírus gbB1B... Há algum tempo fui atendifdo, me mandaram baixar o combofix e passar o log:

ComboFix 08-03-14.4 - Administrador 2008-03-15 12:52:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.257 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\WINDOWS\svcpool.dll

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\aspi32.exe

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\winhlp.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))

.

2008-03-15 12:52 . 2008-03-15 12:52 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-03-14 17:55 . 2008-03-14 17:51 691,545 --a------ C:\WINDOWS\unins000.exe

2008-03-14 17:55 . 2008-03-14 17:55 2,549 --a------ C:\WINDOWS\unins000.dat

2008-03-13 17:32 . 2008-03-13 17:51 0 --a------ C:\WINDOWS\svchost_

2008-03-12 07:48 . 2008-03-12 07:48 1,270 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-05 09:01 . 2008-03-05 09:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia Multimedia Player

2008-02-29 19:24 . 2008-03-12 10:19 12,496 --a------ C:\WINDOWS\mssnmsgr.dll

2008-02-29 18:30 . 2008-02-29 18:50 <DIR> d-------- C:\WINDOWS\_tmp

2008-02-29 17:57 . 2008-02-29 17:58 121,344 --------- C:\WINDOWS\svcpool.dll

2008-02-29 17:56 . 2008-02-29 17:58 759,808 --a------ C:\WINDOWS\gbiehbsb.dll

2008-02-29 17:56 . 2008-03-11 18:32 1,376 --a------ C:\WINDOWS\upd_svchost

2008-02-29 17:56 . 2008-03-12 10:26 0 --a------ C:\WINDOWS\svchost

2008-02-22 13:21 . 2008-02-23 18:05 <DIR> d-------- C:\Jeanne

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-15 15:40 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-10 01:05 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express

2008-03-05 12:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\PC Suite

2008-03-01 11:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-02-29 20:59 --------- d--h--w C:\Arquivos de programas\Scpad

2008-02-29 20:58 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-26 19:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-01-26 19:12 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia

2008-01-26 17:17 --------- d-----w C:\Arquivos de programas\DIFX

2008-01-26 17:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-01-26 17:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2008-01-26 17:16 --------- d-----w C:\Arquivos de programas\PC Connectivity Solution

2008-01-26 17:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-01-18 21:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-01-18 21:00 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Yahoo!

2008-01-18 21:00 --------- d-----w C:\Arquivos de programas\Yahoo!

2006-01-01 14:24 12,794,880 ----a-w C:\Arquivos de programas\MP10Setup.exe

2005-02-25 02:22 208,896 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe

2005-02-22 06:47 39,040 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys

2005-02-22 06:47 143,360 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll

2004-11-01 09:12 23,424 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS

2004-11-01 09:11 94,208 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\GLM7x.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

2007-12-10 12:46 1510424 --a------ C:\Arquivos de programas\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

2008-02-29 17:58 759808 --a------ C:\WINDOWS\gbiehbsb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Arquivos de programas\P2P_Energy\tbP2P_.dll" [2007-12-10 12:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= C:\Arquivos de programas\P2P_Energy\tbP2P_.dll [2007-12-10 12:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"MyVideoDaily2"="C:\Arquivos de programas\MyVideoDaily2\MyVideoDaily2.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"Steam"="C:\Túlio\fotos\Steam.exe" [ ]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"SpybotSD TeaTimer"="C:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"PC Suite Tray"="C:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 15:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 15:16 1495040 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 15:16 86016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"RealTray"="C:\Real\Player\realplay.exe" [2006-05-15 13:16 115200]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-06-13 07:29 282624]

"SoundMax"="C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 06:27 860160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 21:45 15360]

"Nokia.PCSync"="C:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 08:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\The All-Seeing Eye\\eye.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\The 7 Deadly Sins\\mirc.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"C:\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Real\\Player\\realplay.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\eQuake\\fuhquake-gl.exe"=

"C:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\javaw.exe"=

"C:\\D\\mpserver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12035:UDP"= 12035:UDP:Second Life

"12036:UDP"= 12036:UDP:Second Life

"13000:UDP"= 13000:UDP:Second Life

"13050:UDP"= 13050:UDP:Second Life

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 04:07]

S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [1782-01-18 21:14]

S3 RushTopDevice;RushTopDevice;C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [2005-02-22 03:47]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

S3 SlowDownCPU;SlowDownCPU;C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [2004-11-01 06:12]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4268aa92-5d55-11dc-ac1f-0013d31b250b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c76954-4a5a-11dc-abf8-0013d31b250b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a93830d3-cb7c-11dc-ad6f-0013d31b250b}]

\Shell\AutoRun\command - E:\gqsk.bat

\Shell\explore\Command - E:\gqsk.bat

\Shell\open\Command - E:\gqsk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea0043d0-19fb-11dc-ab48-0013d31b250b}]

\Shell\AutoRun\command - E:\nncu6kk.com

\Shell\explore\Command - E:\nncu6kk.com

\Shell\open\Command - E:\nncu6kk.com

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-15 12:47:36 C:\WINDOWS\Tasks\passelivre.job"

- C:\Documents and Settings\Administrador\Desktop\passelivre.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-15 12:55:10

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\WINDOWS\svcpool.dll

.

Tempo para conclusão: 2008-03-15 12:56:02

ComboFix-quarantined-files.txt 2008-03-15 15:55:59

.

2008-03-15 11:37:17 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Folder::
C:\WINDOWS\svchost_
File::
C:\WINDOWS\mssnmsgr.dll
C:\WINDOWS\_tmp
C:\WINDOWS\svcpool.dll
C:\WINDOWS\gbiehbsb.dll
C:\WINDOWS\upd_svchost
C:\WINDOWS\svchost
C:\WINDOWS\Tasks\passelivre.job
Registry::
[-HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a93830d3-cb7c-11dc-ad6f-0013d31b250b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea0043d0-19fb-11dc-ab48-0013d31b250b}]

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Tenho que sempre desativar o antivírus antes de rodar o Combofix e Hijack?

    Em anexo o log do Combofix e do Hijack...

    ComboFix 08-03-30.4 - Administrador 2008-04-01 8:12:02.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.223 [GMT -3:00]

    Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\_tmp

    C:\WINDOWS\gbiehbsb.dll

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\svchost

    C:\WINDOWS\svcpool.dll

    C:\WINDOWS\Tasks\passelivre.job

    C:\WINDOWS\upd_svchost

    .

    The following files were disabled during the run:

    C:\WINDOWS\svcpool.dll

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\gbiehbsb.dll

    C:\WINDOWS\mssnmsgr.dll

    C:\WINDOWS\svchost

    C:\WINDOWS\svchost_\

    C:\WINDOWS\svcpool.dll

    C:\WINDOWS\Tasks\passelivre.job

    C:\WINDOWS\upd_svchost

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))

    .

    2008-03-31 20:18 . 2008-03-31 20:18 <DIR> d-------- C:\Avast4

    2008-03-31 20:18 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

    2008-03-31 20:18 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

    2008-03-30 20:54 . 2008-03-29 15:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2008-03-30 20:54 . 2008-01-17 14:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2008-03-30 20:54 . 2008-03-29 15:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2008-03-30 20:40 . 2008-03-30 20:40 <DIR> d-------- C:\Arquivos de programas\SopCast

    2008-03-25 14:22 . 2008-03-25 14:22 213 --a------ C:\Atalho para Unidade de CD.lnk

    2008-03-23 22:30 . 2008-03-23 22:29 218,112 --a------ C:\HijackThis.exe

    2008-03-15 12:52 . 2008-04-01 08:14 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

    2008-03-14 17:55 . 2008-03-14 17:51 691,545 --a------ C:\WINDOWS\unins000.exe

    2008-03-14 17:55 . 2008-03-14 17:55 2,549 --a------ C:\WINDOWS\unins000.dat

    2008-03-13 17:32 . 2008-03-13 17:51 0 --a------ C:\WINDOWS\svchost_

    2008-03-12 07:48 . 2008-03-12 07:48 1,270 --a------ C:\WINDOWS\system32\MRT.INI

    2008-03-05 09:01 . 2008-03-05 09:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia Multimedia Player

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-31 23:38 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2008-03-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-03-10 01:05 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express

    2008-03-05 12:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\PC Suite

    2008-03-01 11:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-02-29 20:59 --------- d--h--w C:\Arquivos de programas\Scpad

    2008-02-29 20:58 --------- d-----w C:\Arquivos de programas\GbPlugin

    2006-01-01 14:24 12,794,880 ----a-w C:\Arquivos de programas\MP10Setup.exe

    2005-02-25 02:22 208,896 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe

    2005-02-22 06:47 39,040 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys

    2005-02-22 06:47 143,360 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll

    2004-11-01 09:12 23,424 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS

    2004-11-01 09:11 94,208 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\GLM7x.dll

    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-15_12.55.34,15 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

    + 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

    - 2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

    + 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

    + 2005-03-04 15:11:04 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll

    + 2008-04-01 11:17:04 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_550.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

    "MyVideoDaily2"="C:\Arquivos de programas\MyVideoDaily2\MyVideoDaily2.exe" [ ]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

    "Steam"="C:\Túlio\fotos\Steam.exe" [ ]

    "updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

    "SpybotSD TeaTimer"="C:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    "PC Suite Tray"="C:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 15:16 5562368]

    "nwiz"="nwiz.exe" [2005-04-01 15:16 1495040 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 15:16 86016]

    "RealTray"="C:\Real\Player\realplay.exe" [2006-05-15 13:16 115200]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-06-13 07:29 282624]

    "SoundMax"="C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 06:27 860160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 21:45 15360]

    "Nokia.PCSync"="C:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    --a------ 2007-01-19 11:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

    --a------ 2004-10-14 08:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\The All-Seeing Eye\\eye.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "C:\\The 7 Deadly Sins\\mirc.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

    "C:\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\Real\\Player\\realplay.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\eQuake\\fuhquake-gl.exe"=

    "C:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\javaw.exe"=

    "C:\\D\\mpserver.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "12035:UDP"= 12035:UDP:Second Life

    "12036:UDP"= 12036:UDP:Second Life

    "13000:UDP"= 13000:UDP:Second Life

    "13050:UDP"= 13050:UDP:Second Life

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 04:07]

    S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [1782-01-18 21:14]

    S3 RushTopDevice;RushTopDevice;C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [2005-02-22 03:47]

    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

    S3 SlowDownCPU;SlowDownCPU;C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [2004-11-01 06:12]

    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4268aa92-5d55-11dc-ac1f-0013d31b250b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c76954-4a5a-11dc-abf8-0013d31b250b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-01 08:17:19

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ*veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Avast4\aswUpdSv.exe

    C:\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Avast4\ashMaiSv.exe

    C:\Avast4\ashWebSv.exe

    C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusÆo: 2008-04-01 8:20:02 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-04-01 11:19:59

    Pre-Run: 9,652,744,192 bytes disponíveis

    Post-Run: 9,646,587,904 bytes dispon¡veis

    .

    2008-03-31 23:22:50 --- E O F ---

    Logfile of HijackThis v1.99.1

    Scan saved at 08:26:40, on 1/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Avast4\aswUpdSv.exe

    C:\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Real\Player\realplay.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Spybot - Search & Destroy\TeaTimer.exe

    C:\Nokia\Nokia PC Suite 6\PCSuite.exe

    C:\Avast4\ashMaiSv.exe

    C:\Avast4\ashWebSv.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

    R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Puxa Rápido\IEBHO.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RealTray] C:\Real\Player\realplay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MyVideoDaily2] C:\Arquivos de programas\MyVideoDaily2\MyVideoDaily2.exe /delay

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [steam] "C:\Túlio\fotos\Steam.exe" -silent

    O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: &Clean Traces - C:\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c6.cab?38b83d5e23cd4e4804d8a69d7582dbdd5712a6979d075f01f7b5b1609b3fe7a9769767e73d80555889fe4744136ff8490002abfbfbb0f73c08df6ea6db490ec6835cb6:fcc4f96ce7c418e3c9fb30d021da5aad

    O17 - HKLM\System\CCS\Services\Tcpip\..\{874CA80E-949D-40EC-8296-96E27434FCAF}: NameServer = 192.168.254.254

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    File::
    C:\WINDOWS\svchost_

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ai vai.....

    ComboFix 08-03-30.4 - Administrador 2008-04-02 20:11:46.4 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.243 [GMT -3:00]

    Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\svchost_

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\svchost_

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))

    .

    2008-04-01 08:20 . 2008-04-01 08:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-04-01 08:20 . 2008-04-01 08:20 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-04-01 08:20 . 2008-04-01 08:20 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

    2008-04-01 08:20 . 2008-04-01 08:20 <DIR> d-------- C:\Documents and Settings\Convidado\Configuraþ§es locais

    2008-04-01 08:20 . 2008-04-01 08:20 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

    2008-03-31 20:18 . 2008-03-31 20:18 <DIR> d-------- C:\Avast4

    2008-03-31 20:18 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

    2008-03-31 20:18 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

    2008-03-30 20:54 . 2008-03-29 15:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2008-03-30 20:54 . 2008-01-17 14:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2008-03-30 20:54 . 2008-03-29 15:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2008-03-30 20:40 . 2008-03-30 20:40 <DIR> d-------- C:\Arquivos de programas\SopCast

    2008-03-25 14:22 . 2008-03-25 14:22 213 --a------ C:\Atalho para Unidade de CD.lnk

    2008-03-23 22:30 . 2008-03-23 22:29 218,112 --a------ C:\HijackThis.exe

    2008-03-14 17:55 . 2008-03-14 17:51 691,545 --a------ C:\WINDOWS\unins000.exe

    2008-03-14 17:55 . 2008-03-14 17:55 2,549 --a------ C:\WINDOWS\unins000.dat

    2008-03-12 07:48 . 2008-03-12 07:48 1,270 --a------ C:\WINDOWS\system32\MRT.INI

    2008-03-05 09:01 . 2008-03-05 09:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia Multimedia Player

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-02 20:04 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

    2008-03-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-03-10 01:05 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express

    2008-03-05 12:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\PC Suite

    2008-03-01 11:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-02-29 20:59 --------- d--h--w C:\Arquivos de programas\Scpad

    2008-02-29 20:58 --------- d-----w C:\Arquivos de programas\GbPlugin

    2006-01-01 14:24 12,794,880 ----a-w C:\Arquivos de programas\MP10Setup.exe

    2005-02-25 02:22 208,896 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe

    2005-02-22 06:47 39,040 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys

    2005-02-22 06:47 143,360 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll

    2004-11-01 09:12 23,424 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS

    2004-11-01 09:11 94,208 -c--a-w C:\WINDOWS\inf\MSI\SlowDownCPU\GLM7x.dll

    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-15_12.55.34,15 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2005-03-04 15:11:04 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll

    + 2008-04-02 19:56:31 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_588.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

    "MyVideoDaily2"="C:\Arquivos de programas\MyVideoDaily2\MyVideoDaily2.exe" [ ]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

    "Steam"="C:\Túlio\fotos\Steam.exe" [ ]

    "updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

    "SpybotSD TeaTimer"="C:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    "PC Suite Tray"="C:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 15:16 5562368]

    "nwiz"="nwiz.exe" [2005-04-01 15:16 1495040 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 15:16 86016]

    "RealTray"="C:\Real\Player\realplay.exe" [2006-05-15 13:16 115200]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-06-13 07:29 282624]

    "SoundMax"="C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 06:27 860160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 21:45 15360]

    "Nokia.PCSync"="C:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    --a------ 2007-01-19 11:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

    --a------ 2004-10-14 08:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\The All-Seeing Eye\\eye.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "C:\\The 7 Deadly Sins\\mirc.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

    "C:\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    "C:\\Real\\Player\\realplay.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\eQuake\\fuhquake-gl.exe"=

    "C:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\javaw.exe"=

    "C:\\D\\mpserver.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "12035:UDP"= 12035:UDP:Second Life

    "12036:UDP"= 12036:UDP:Second Life

    "13000:UDP"= 13000:UDP:Second Life

    "13050:UDP"= 13050:UDP:Second Life

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 04:07]

    S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [1782-01-18 21:14]

    S3 RushTopDevice;RushTopDevice;C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [2005-02-22 03:47]

    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

    S3 SlowDownCPU;SlowDownCPU;C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [2004-11-01 06:12]

    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4268aa92-5d55-11dc-ac1f-0013d31b250b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c76954-4a5a-11dc-abf8-0013d31b250b}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a93830d3-cb7c-11dc-ad6f-0013d31b250b}]

    \Shell\AutoRun\command - gqsk.bat

    \Shell\explore\Command - gqsk.bat

    \Shell\open\Command - gqsk.bat

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-02 20:13:46

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-04-02 20:14:08

    ComboFix-quarantined-files.txt 2008-04-02 23:14:05

    Pre-Run: 9,569,251,328 bytes disponíveis

    Post-Run: 9,557,876,736 bytes disponíveis

    .

    2008-03-31 23:22:50 --- E O F ---

    Logfile of HijackThis v1.99.1

    Scan saved at 20:17:30, on 2/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Avast4\aswUpdSv.exe

    C:\Avast4\ashServ.exe

    C:\Real\Player\realplay.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Nokia\Nokia PC Suite 6\PCSuite.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Avast4\ashMaiSv.exe

    C:\Avast4\ashWebSv.exe

    C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\DAP\DAP.EXE

    C:\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

    R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Puxa Rápido\IEBHO.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

    O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RealTray] C:\Real\Player\realplay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MyVideoDaily2] C:\Arquivos de programas\MyVideoDaily2\MyVideoDaily2.exe /delay

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [steam] "C:\Túlio\fotos\Steam.exe" -silent

    O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: &Clean Traces - C:\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c6.cab?38b83d5e23cd4e4804d8a69d7582dbdd5712a6979d075f01f7b5b1609b3fe7a9769767e73d80555889fe4744136ff8490002abfbfbb0f73c08df6ea6db490ec6835cb6:fcc4f96ce7c418e3c9fb30d021da5aad

    O17 - HKLM\System\CCS\Services\Tcpip\..\{874CA80E-949D-40EC-8296-96E27434FCAF}: NameServer = 192.168.254.254

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

    - Atualize o Internet Explorer:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Resolvido, mui agradecido Jose.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×