Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
sandroluol

Me ajude para tirar gbiehbsb.dll

Recommended Posts

Estou com o mesmo problema, aparece a caixa de dialogo rundll, e nela contem a mensagem nao encontrou modulo gbiehbsb.dll

ja baixei o arquivo combofix...

aqui esta o arquivo gerado pelo hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:39:16, on 3/24/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\HpqToaster.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1606980848-1292428093-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sandro')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: prf20.tmp

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--

End of file - 6907 bytes

Aqui vai o log combofix.txt

ComboFix 08-03-23.2 - Laudicea 2008-03-24 16:12:29.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.329 [GMT -3:00]

Executando de: C:\Documents and Settings\Laudicea\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

2008-03-24 16:01 . 2008-03-24 16:01 <DIR> d-------- C:\ComboFix(2)

2008-03-24 13:12 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-24 13:12 . 2007-04-30 12:46 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-24 13:12 . 2004-01-09 08:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-24 13:12 . 2007-04-30 12:35 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-24 13:12 . 2007-04-30 12:41 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-24 13:12 . 2007-04-30 12:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-24 13:12 . 2007-04-30 12:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-24 13:12 . 2007-04-30 12:37 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-24 13:12 . 2007-04-30 12:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-24 13:07 . 2008-03-24 13:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

2008-03-24 08:58 . 2008-03-24 08:58 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-03-24 08:25 . 2008-03-24 08:59 <DIR> d-------- C:\Documents and Settings\Laudicea\Dados de aplicativos\Spyware Terminator

2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d--h----- C:\Documents and Settings\Laudicea\Modelos

2008-03-24 08:19 . 2008-03-24 08:25 <DIR> dr------- C:\Documents and Settings\Laudicea\Meus documentos

2008-03-24 08:19 . 2008-03-24 08:19 <DIR> dr------- C:\Documents and Settings\Laudicea\Menu Iniciar

2008-03-24 08:19 . 2008-03-24 08:25 <DIR> dr------- C:\Documents and Settings\Laudicea\Favoritos

2008-03-24 08:19 . 2008-03-24 13:07 <DIR> dr-h----- C:\Documents and Settings\Laudicea\Dados de aplicativos

2008-03-24 08:19 . 2008-03-24 08:25 <DIR> d--h----- C:\Documents and Settings\Laudicea\Configurações locais

2008-03-24 08:19 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Laudicea\Ambiente de rede

2008-03-24 08:19 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Laudicea\Ambiente de impressão

2008-03-24 08:03 . 2008-03-24 07:48 <DIR> d--h----- C:\Documents and Settings\Sandro\Modelos

2008-03-24 08:03 . 2008-03-24 08:03 <DIR> dr------- C:\Documents and Settings\Sandro\Meus documentos

2008-03-24 08:03 . 2008-03-08 14:10 <DIR> dr------- C:\Documents and Settings\Sandro\Menu Iniciar

2008-03-24 08:03 . 2008-03-24 08:03 <DIR> dr------- C:\Documents and Settings\Sandro\Favoritos

2008-03-24 08:03 . 2008-03-24 08:13 <DIR> d-------- C:\Documents and Settings\Sandro\Dados de aplicativos\Spyware Terminator

2008-03-24 08:03 . 2008-03-24 13:07 <DIR> dr-h----- C:\Documents and Settings\Sandro\Dados de aplicativos

2008-03-24 08:03 . 2008-03-24 08:03 <DIR> d--h----- C:\Documents and Settings\Sandro\Configurações locais

2008-03-24 08:03 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Sandro\Ambiente de rede

2008-03-24 08:03 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Sandro\Ambiente de impressão

2008-03-24 07:57 . 2004-08-04 00:45 463,872 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll

2008-03-24 07:56 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-03-24 07:55 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll

2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-03-24 07:54 . 2008-03-24 07:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-03-24 07:40 . 2001-08-23 13:00 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin

2008-03-24 07:39 . 2004-08-04 00:45 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\cdosys.dll

2008-03-24 07:34 . 2008-03-24 07:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

2008-03-23 20:10 . 2008-03-24 07:33 <DIR> d-------- C:\Arquivos de programas\WinClamAVShield

2008-03-23 19:58 . 2008-03-24 07:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

2008-03-23 19:58 . 2008-03-24 09:36 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-03-23 19:58 . 2008-03-24 07:34 <DIR> d-------- C:\Arquivos de programas\Crawler

2008-03-23 19:58 . 2008-03-23 19:58 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-03-19 22:25 . 2008-03-19 22:25 122,368 --a------ C:\WINDOWS\svcpool.dll

2008-03-19 22:24 . 2008-03-19 22:25 312,832 --a------ C:\WINDOWS\dxdiag.exe

2008-03-19 22:23 . 2008-03-19 22:23 1,376 --a------ C:\WINDOWS\svchost

2008-03-13 20:31 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-13 20:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-13 20:31 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-03-12 16:25 . 2008-03-12 16:25 268 --ah----- C:\sqmdata19.sqm

2008-03-12 16:25 . 2008-03-12 16:25 244 --ah----- C:\sqmnoopt19.sqm

2008-03-12 07:48 . 2008-03-12 07:48 268 --ah----- C:\sqmdata18.sqm

2008-03-12 07:48 . 2008-03-12 07:48 244 --ah----- C:\sqmnoopt18.sqm

2008-03-11 18:55 . 2008-03-11 18:55 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InterTrust

2008-03-11 18:55 . 1998-11-13 11:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe

2008-03-11 18:54 . 2008-03-11 18:54 <DIR> d-------- C:\unzipped

2008-03-11 18:45 . 2004-08-04 00:45 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-03-11 18:45 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-03-11 18:45 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-03-11 18:45 . 2004-08-04 00:45 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-03-10 20:26 . 2008-03-10 20:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-10 20:26 . 2008-03-10 20:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

2008-03-10 20:25 . 2007-06-08 13:46 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns_64.dll

2008-03-10 20:25 . 2006-06-30 05:46 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns.dll

2008-03-10 20:25 . 2006-11-02 06:09 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-03-10 20:25 . 2005-10-31 14:30 987,136 --a------ C:\WINDOWS\system32\BttnCmn.dll

2008-03-10 20:25 . 2007-06-18 16:12 16,768 --a------ C:\WINDOWS\system32\drivers\HpqKbFiltr.sys

2008-03-10 20:25 . 2006-06-28 09:54 9,472 --a------ C:\WINDOWS\system32\drivers\CPQBttn.sys

2008-03-10 18:38 . 2008-03-10 18:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-03-10 07:33 . 2008-03-10 07:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-03-10 07:03 . 2008-03-10 18:07 <DIR> d-------- C:\Arquivos de programas\speed-bit

2008-03-10 06:57 . 2008-03-10 06:57 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData

2008-03-09 21:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-09 21:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-09 21:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 21:12 . 2008-03-15 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-03-09 21:12 . 2008-03-09 21:12 268 --ah----- C:\sqmdata17.sqm

2008-03-09 21:12 . 2008-03-09 21:12 244 --ah----- C:\sqmnoopt17.sqm

2008-03-09 21:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-03-08 18:44 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-08 18:44 . 2008-03-08 18:44 421 --a------ C:\WINDOWS\ODBC.INI

2008-03-08 18:13 . 2008-03-08 18:13 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-08 18:08 . 2008-03-24 14:02 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2008-03-08 18:08 . 2008-03-08 18:08 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-03-08 18:08 . 2008-03-08 18:08 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-03-08 18:08 . 2008-03-08 18:08 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-03-08 17:45 . 2008-03-08 17:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-08 17:45 . 2008-03-08 17:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-08 17:43 . 2008-03-08 17:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\nView_Profiles

2008-03-08 17:40 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe

2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvuide.exe

2008-03-08 17:39 . 2006-03-02 21:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys

2008-03-08 17:39 . 2006-02-19 19:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu

2008-03-08 17:39 . 2005-10-19 01:05 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 23:25 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-10 23:25 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-03-10 22:11 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-10 10:33 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS

2008-03-10 10:00 --------- d-----w C:\Arquivos de programas\DAP

2008-03-10 09:56 --------- d-----w C:\Arquivos de programas\Google

2008-03-10 00:01 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-10 00:00 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-08 19:50 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2008-03-08 17:18 --------- d-----w C:\Documents and Settings\laudicea ramalho\Dados de aplicativos\AVG7

2008-03-08 02:27 --------- d-----w C:\Documents and Settings\sandro lucena\Dados de aplicativos\AVG7

2008-02-02 20:47 --------- d-----w C:\Arquivos de programas\mozilla.org

2008-01-29 11:47 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

2008-03-10 18:08 1470488 --a------ C:\Arquivos de programas\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

C:\WINDOWS\gbiehbsb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Arquivos de programas\speed-bit\tbspe1.dll" [2008-03-10 18:08 1470488]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]

"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]

"DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.exe" [2008-03-10 07:00 4576768]

"QlbCtrl"="C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]

"SynTPStart"="C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-23 19:58 2957824]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42 75392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\Laudicea\Menu Iniciar\Programas\Inicializar\

prf20.tmp [2008-03-24 08:19:52 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-23 19:58]

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 20:49]

*Newly Created Service* - AAVMKER4

*Newly Created Service* - ASWMON2

*Newly Created Service* - ASWRDR

*Newly Created Service* - ASWTDI

*Newly Created Service* - ASWUPDSV

*Newly Created Service* - AVAST!_ANTIVIRUS

*Newly Created Service* - AVAST!_MAIL_SCANNER

*Newly Created Service* - AVAST!_WEB_SCANNER

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-24 18:38:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 16:14:35

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-24 16:14:56

ComboFix-quarantined-files.txt 2008-03-24 19:14:54

.

2008-03-14 10:31:16 --- E O F ---

E agora o que faço ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\svcpool.dll
C:\WINDOWS\dxdiag.exe
C:\WINDOWS\svchost
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-03-23.2 - Laudicea 2008-03-28 22:36:31.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.299 [GMT -3:00]

    Executando de: C:\Documents and Settings\Laudicea\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Laudicea\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\dxdiag.exe

    C:\WINDOWS\svchost

    C:\WINDOWS\svcpool.dll

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\dxdiag.exe

    C:\WINDOWS\svchost

    C:\WINDOWS\svcpool.dll

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))

    .

    2008-03-28 21:53 . 2008-03-28 21:53 <DIR> d-------- C:\WINDOWS\LastGood

    2008-03-24 19:08 . 2008-03-24 19:08 <DIR> d-------- C:\Documents and Settings\Laudicea\Contacts

    2008-03-24 16:01 . 2008-03-24 16:01 <DIR> d-------- C:\ComboFix(2)

    2008-03-24 13:12 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

    2008-03-24 13:12 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

    2008-03-24 13:12 . 2004-01-09 08:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

    2008-03-24 13:12 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

    2008-03-24 13:12 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2008-03-24 13:12 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2008-03-24 13:12 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2008-03-24 13:12 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2008-03-24 13:12 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2008-03-24 13:07 . 2008-03-24 13:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

    2008-03-24 08:58 . 2008-03-24 08:58 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2008-03-24 08:25 . 2008-03-28 11:00 <DIR> d-------- C:\Documents and Settings\Laudicea\Dados de aplicativos\Spyware Terminator

    2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d--h----- C:\Documents and Settings\Laudicea\Modelos

    2008-03-24 08:19 . 2008-03-24 19:17 <DIR> dr------- C:\Documents and Settings\Laudicea\Meus documentos

    2008-03-24 08:19 . 2008-03-24 08:19 <DIR> dr------- C:\Documents and Settings\Laudicea\Menu Iniciar

    2008-03-24 08:19 . 2008-03-24 08:25 <DIR> dr------- C:\Documents and Settings\Laudicea\Favoritos

    2008-03-24 08:19 . 2008-03-24 19:09 <DIR> dr-h----- C:\Documents and Settings\Laudicea\Dados de aplicativos

    2008-03-24 08:19 . 2008-03-24 16:15 <DIR> d--h----- C:\Documents and Settings\Laudicea\Configurações locais

    2008-03-24 08:19 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Laudicea\Ambiente de rede

    2008-03-24 08:19 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Laudicea\Ambiente de impressão

    2008-03-24 08:03 . 2008-03-24 07:48 <DIR> d--h----- C:\Documents and Settings\Sandro\Modelos

    2008-03-24 08:03 . 2008-03-24 08:03 <DIR> dr------- C:\Documents and Settings\Sandro\Meus documentos

    2008-03-24 08:03 . 2008-03-08 14:10 <DIR> dr------- C:\Documents and Settings\Sandro\Menu Iniciar

    2008-03-24 08:03 . 2008-03-24 08:03 <DIR> dr------- C:\Documents and Settings\Sandro\Favoritos

    2008-03-24 08:03 . 2008-03-24 08:13 <DIR> d-------- C:\Documents and Settings\Sandro\Dados de aplicativos\Spyware Terminator

    2008-03-24 08:03 . 2008-03-24 13:07 <DIR> dr-h----- C:\Documents and Settings\Sandro\Dados de aplicativos

    2008-03-24 08:03 . 2008-03-24 16:15 <DIR> d--h----- C:\Documents and Settings\Sandro\Configurações locais

    2008-03-24 08:03 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Sandro\Ambiente de rede

    2008-03-24 08:03 . 2008-03-08 14:10 <DIR> d--h----- C:\Documents and Settings\Sandro\Ambiente de impressão

    2008-03-24 07:57 . 2004-08-04 00:45 463,872 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll

    2008-03-24 07:56 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

    2008-03-24 07:55 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll

    2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

    2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

    2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

    2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

    2008-03-24 07:54 . 2008-03-24 07:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

    2008-03-24 07:54 . 2008-03-24 07:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

    2008-03-24 07:40 . 2001-08-23 13:00 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin

    2008-03-24 07:39 . 2004-08-04 00:45 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\cdosys.dll

    2008-03-24 07:34 . 2008-03-24 07:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

    2008-03-23 20:10 . 2008-03-24 07:33 <DIR> d-------- C:\Arquivos de programas\WinClamAVShield

    2008-03-23 19:58 . 2008-03-24 07:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

    2008-03-23 19:58 . 2008-03-24 20:28 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

    2008-03-23 19:58 . 2008-03-24 07:34 <DIR> d-------- C:\Arquivos de programas\Crawler

    2008-03-23 19:58 . 2008-03-23 19:58 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

    2008-03-13 20:31 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

    2008-03-13 20:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

    2008-03-13 20:31 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

    2008-03-12 16:25 . 2008-03-12 16:25 268 --ah----- C:\sqmdata19.sqm

    2008-03-12 16:25 . 2008-03-12 16:25 244 --ah----- C:\sqmnoopt19.sqm

    2008-03-12 07:48 . 2008-03-12 07:48 268 --ah----- C:\sqmdata18.sqm

    2008-03-12 07:48 . 2008-03-12 07:48 244 --ah----- C:\sqmnoopt18.sqm

    2008-03-11 18:55 . 2008-03-11 18:55 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InterTrust

    2008-03-11 18:55 . 1998-11-13 11:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe

    2008-03-11 18:54 . 2008-03-11 18:54 <DIR> d-------- C:\unzipped

    2008-03-11 18:45 . 2004-08-04 00:45 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

    2008-03-11 18:45 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

    2008-03-11 18:45 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

    2008-03-11 18:45 . 2004-08-04 00:45 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

    2008-03-10 20:26 . 2008-03-10 20:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

    2008-03-10 20:26 . 2008-03-10 20:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

    2008-03-10 20:25 . 2007-06-08 13:46 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns_64.dll

    2008-03-10 20:25 . 2006-06-30 05:46 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns.dll

    2008-03-10 20:25 . 2006-11-02 06:09 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

    2008-03-10 20:25 . 2005-10-31 14:30 987,136 --a------ C:\WINDOWS\system32\BttnCmn.dll

    2008-03-10 20:25 . 2007-06-18 16:12 16,768 --a------ C:\WINDOWS\system32\drivers\HpqKbFiltr.sys

    2008-03-10 20:25 . 2006-06-28 09:54 9,472 --a------ C:\WINDOWS\system32\drivers\CPQBttn.sys

    2008-03-10 18:38 . 2008-03-10 18:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

    2008-03-10 07:33 . 2008-03-10 07:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

    2008-03-10 07:03 . 2008-03-10 18:07 <DIR> d-------- C:\Arquivos de programas\speed-bit

    2008-03-10 06:57 . 2008-03-10 06:57 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData

    2008-03-09 21:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-03-09 21:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-03-09 21:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-03-09 21:12 . 2008-03-15 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

    2008-03-09 21:12 . 2008-03-09 21:12 268 --ah----- C:\sqmdata17.sqm

    2008-03-09 21:12 . 2008-03-09 21:12 244 --ah----- C:\sqmnoopt17.sqm

    2008-03-09 21:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

    2008-03-08 18:44 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    2008-03-08 18:44 . 2008-03-08 18:44 421 --a------ C:\WINDOWS\ODBC.INI

    2008-03-08 18:13 . 2008-03-08 18:13 0 --a------ C:\WINDOWS\nsreg.dat

    2008-03-08 18:08 . 2008-03-28 21:52 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

    2008-03-08 18:08 . 2008-03-08 18:08 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

    2008-03-08 18:08 . 2008-03-08 18:08 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

    2008-03-08 18:08 . 2008-03-08 18:08 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

    2008-03-08 17:45 . 2008-03-08 17:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

    2008-03-08 17:45 . 2008-03-08 17:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

    2008-03-08 17:43 . 2008-03-08 17:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\nView_Profiles

    2008-03-08 17:40 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

    2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

    2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe

    2008-03-08 17:39 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvuide.exe

    2008-03-08 17:39 . 2006-03-02 21:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys

    2008-03-08 17:39 . 2006-02-19 19:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu

    2008-03-08 17:39 . 2005-10-19 01:05 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu

    2008-03-08 17:39 . 2005-12-07 18:06 1,570 --a------ C:\WINDOWS\system32\nvide.nvu

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-10 23:25 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-03-10 23:25 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-03-10 22:11 --------- d-----w C:\Arquivos de programas\Windows Live

    2008-03-10 10:33 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS

    2008-03-10 10:00 --------- d-----w C:\Arquivos de programas\DAP

    2008-03-10 09:56 --------- d-----w C:\Arquivos de programas\Google

    2008-03-10 00:01 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

    2008-03-10 00:00 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2008-03-08 19:50 --------- d-----w C:\Arquivos de programas\lg_fwupdate

    2008-03-08 17:18 --------- d-----w C:\Documents and Settings\laudicea ramalho\Dados de aplicativos\AVG7

    2008-03-08 02:27 --------- d-----w C:\Documents and Settings\sandro lucena\Dados de aplicativos\AVG7

    2008-02-02 20:47 --------- d-----w C:\Arquivos de programas\mozilla.org

    2008-01-29 11:47 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

    2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-24_16.14.47,00 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-03-29 00:56:42 6,992 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{911755B7-4F21-4137-AFC2-CBB49FC06DDB}.bin

    - 2008-03-24 17:05:37 40,190 ----a-w C:\WINDOWS\system32\perfc009.dat

    + 2008-03-29 00:56:29 40,190 ----a-w C:\WINDOWS\system32\perfc009.dat

    - 2008-03-24 17:05:37 48,826 ----a-w C:\WINDOWS\system32\perfc016.dat

    + 2008-03-29 00:56:29 48,826 ----a-w C:\WINDOWS\system32\perfc016.dat

    - 2008-03-24 17:05:37 311,802 ----a-w C:\WINDOWS\system32\perfh009.dat

    + 2008-03-29 00:56:29 311,802 ----a-w C:\WINDOWS\system32\perfh009.dat

    - 2008-03-24 17:05:37 344,618 ----a-w C:\WINDOWS\system32\perfh016.dat

    + 2008-03-29 00:56:29 344,618 ----a-w C:\WINDOWS\system32\perfh016.dat

    + 2008-03-29 00:52:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    2008-03-10 18:08 1470488 --a------ C:\Arquivos de programas\speed-bit\tbspe1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

    C:\WINDOWS\gbiehbsb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Arquivos de programas\speed-bit\tbspe1.dll" [2008-03-10 18:08 1470488]

    [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Arquivos de programas\speed-bit\tbspe1.dll [2008-03-10 18:08 1470488]

    [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpWirelessAssistant"="C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]

    "nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]

    "DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.exe" [2008-03-10 07:00 4576768]

    "QlbCtrl"="C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]

    "SynTPStart"="C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]

    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

    "SpywareTerminator"="C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-23 19:58 2957824]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\DAP\\DAP.exe"=

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-23 19:58]

    R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 20:49]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-03-29 01:38:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

    - C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-28 22:38:06

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-28 22:38:28

    ComboFix-quarantined-files.txt 2008-03-29 01:38:25

    ComboFix2.txt 2008-03-24 19:14:57

    .

    2008-03-27 21:08:20 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 23:06:59, on 3/28/aaaa

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

    C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

    C:\Arquivos de programas\Hewlett-Packard\Shared\HpqToaster.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

    O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

    O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: Crawler Search - tbr:iemenu

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\Shared\hpqwmi.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

    --

    End of file - 6991 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×