Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
donneenha

GbiehCef Run-time error 53

Recommended Posts

Boa tarde,

toda vez que abro um programa, ou uma janela vem uma mensagem de erro dizendo o seguinte :

"GbiehCef

Run-time error '53':

File not found"

(Em anexo vai a imagem da mensagem de erro)

Já tentei de tudo que eu sei pra tetar tirar isso e não consegui.

Eu baixei o HijackThis e rodei pela primeira vez no PC e abaixo vai o logfile gerado por ele:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:39:56, on 24/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: GbiehCef.GBIEHObj - {70C64D27-921E-455F-A25B-FC56E8DDDFE4} - C:\WINDOWS\GbiehCef.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: GbiehItau.GBIEHObj - {A3EB9BE6-2D35-49D4-B7A1-D36102642CFC} - C:\WINDOWS\GbiehItau.dll

O2 - BHO: Scoop2008.GBIEHObj - {BEEB2618-69CF-4CD9-9DD0-76886A003022} - C:\WINDOWS\Scoop2008.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: GbiehBank.GBIEHObj - {EDD47EE4-7E9C-45C0-9479-47F3CCED434A} - C:\WINDOWS\GbiehBank.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198556626718

O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://churrascoibmr.myphotoalbum.com/ImageUploader4.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbiehBank - C:\WINDOWS\

O20 - Winlogon Notify: GbiehCef - C:\WINDOWS\

O20 - Winlogon Notify: GbiehItau - C:\WINDOWS\

O20 - Winlogon Notify: Scapd - C:\WINDOWS\

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

--

End of file - 8480 bytes

Obrigada

post-337796-13884946903121_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! donneenha

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

--------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Ola Joram, aí vai o que você requisitou:

    Obrigada e beijos

    ComboFix 08-04-22.5 - TATI 2008-04-25 18:43:52.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.193 [GMT -3:00]

    Executando de: C:\Documents and Settings\TATI\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    --------------

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 18:52:01, on 25/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe

    C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: GbiehCef.GBIEHObj - {70C64D27-921E-455F-A25B-FC56E8DDDFE4} - C:\WINDOWS\GbiehCef.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: GbiehItau.GBIEHObj - {A3EB9BE6-2D35-49D4-B7A1-D36102642CFC} - C:\WINDOWS\GbiehItau.dll

    O2 - BHO: Scoop2008.GBIEHObj - {BEEB2618-69CF-4CD9-9DD0-76886A003022} - C:\WINDOWS\Scoop2008.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O2 - BHO: GbiehBank.GBIEHObj - {EDD47EE4-7E9C-45C0-9479-47F3CCED434A} - C:\WINDOWS\GbiehBank.dll

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe"

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198556626718

    O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://churrascoibmr.myphotoalbum.com/ImageUploader4.cab

    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: GbiehBank - C:\WINDOWS\

    O20 - Winlogon Notify: GbiehCef - C:\WINDOWS\

    O20 - Winlogon Notify: GbiehItau - C:\WINDOWS\

    O20 - Winlogon Notify: Scapd - C:\WINDOWS\

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    --

    End of file - 8466 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Opa! donneenha

    Boa Noite!

    >@< O ComboFix,não executou!

    -------------------------

    >@< Reinicie em Modo de Segurança,e delete C:\QooBox <!>

    >@< Execute,novamente,o ComboFix e poste o relatório.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Oi Joram,boa tarde. Fiz do modo que recomendou e rodou certinho. Abaixo vai o log do Combofix e logo depois o do HijackThis atualizado. Mais uma vez obrigada.

    ComboFix 08-04-22.5 - TATI 2008-04-26 16:47:42.1 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.284 [GMT -3:00]

    Executando de: C:\Documents and Settings\TATI\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Arquivos de programas\version.txt

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))

    .

    2008-04-26 16:39 . 2007-07-27 17:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

    2008-04-26 16:39 . 2008-04-26 16:49 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

    2008-04-26 16:39 . 2008-04-26 16:39 <DIR> d-------- C:\Documents and Settings\Administrador

    2008-04-26 16:39 . 2008-04-26 16:47 1,024 --ah----- C:\Documents and Settings\Administrador\NtUser.dat.LOG

    2008-04-24 16:39 . 2008-04-24 16:39 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2008-04-24 15:31 . 2005-05-22 02:00 90,112 --------- C:\WINDOWS\SDUnInst.exe

    2008-04-24 15:16 . 2008-04-24 15:54 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\Smart PC Solutions

    2008-04-24 15:12 . 2008-04-24 15:12 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll

    2008-04-23 22:38 . 2008-04-16 22:36 18 --a------ C:\WINDOWS\system32\GbiehCef.ini

    2008-04-23 22:00 . 2008-04-23 22:00 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\InstallShield

    2008-04-23 22:00 . 2008-04-24 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

    2008-04-23 22:00 . 2008-04-24 16:00 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools

    2008-04-23 19:31 . 2008-04-23 19:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

    2008-04-23 19:31 . 2008-04-23 19:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

    2008-04-23 19:29 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

    2008-04-23 19:29 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys

    2008-04-23 19:28 . 2008-04-24 16:39 <DIR> d-------- C:\Program Files

    2008-04-23 19:28 . 2008-04-23 19:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

    2008-04-18 14:50 . 2008-04-18 14:50 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\gtk-2.0

    2008-04-18 14:50 . 2008-04-18 14:50 <DIR> d-------- C:\Documents and Settings\TATI\avidemux

    2008-04-16 23:12 . 2008-04-16 23:25 48 --a------ C:\WINDOWS\LiveContacts.ini

    2008-04-16 22:36 . 2008-04-16 22:36 18 --a------ C:\WINDOWS\GbiehCef.ini

    2008-04-16 22:33 . 2008-04-16 22:33 98,304 ---hs---- C:\WINDOWS\GbiehItau.dll

    2008-04-16 22:33 . 2008-04-16 22:33 65,536 ---hs---- C:\WINDOWS\Scoop2008.dll

    2008-04-16 22:33 . 2008-04-16 22:33 36,864 ---hs---- C:\WINDOWS\GbiehCef.dll

    2008-04-16 22:33 . 2008-04-16 22:33 32,768 ---hs---- C:\WINDOWS\GbiehBank.dll

    2008-04-16 22:33 . 2008-04-23 22:51 4 --a------ C:\WINDOWS\wiadebug.dat

    2008-04-07 11:13 . 2008-04-07 11:13 <DIR> d-------- C:\Arquivos de programas\Alwil Software

    2008-04-07 11:13 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

    2008-04-07 09:14 . 2008-04-07 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

    2008-04-06 11:16 . 2008-04-06 11:16 9,662 --a------ C:\WINDOWS\EPISME00.SWB

    2008-04-03 14:45 . 2008-04-03 14:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-03-27 13:39 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys

    2008-03-27 13:39 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

    2008-03-27 13:39 . 2003-08-05 11:41 53,248 --a------ C:\WINDOWS\ap561.exe

    2008-03-27 13:39 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

    2008-03-27 13:39 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

    2008-03-27 13:39 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src

    2008-03-27 13:39 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-04-26 19:35 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Skype

    2008-04-24 19:20 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-04-24 19:00 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-04-24 18:55 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Move Networks

    2008-04-22 20:02 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\MegauploadToolbar

    2008-04-19 01:35 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\LimeWire

    2008-04-17 01:33 122 ----a-w C:\Arquivos de programas\wiadebug.txt

    2008-04-08 00:29 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Apple Computer

    2008-04-06 21:36 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-03-24 17:13 --------- d-----w C:\Arquivos de programas\Java

    2008-03-24 16:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-03-24 14:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2008-03-24 14:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-03-08 22:42 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

    2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trend Micro

    2008-03-06 21:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

    2008-03-06 21:47 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\AVG7

    2008-03-04 15:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

    2005-04-01 01:17 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

    2003-08-05 14:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe

    2002-11-26 19:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe

    2002-11-22 18:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe

    2002-10-29 21:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe

    2002-10-01 17:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70C64D27-921E-455F-A25B-FC56E8DDDFE4}]

    2008-04-16 22:33 36864 ---hs---- C:\WINDOWS\GbiehCef.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB9BE6-2D35-49D4-B7A1-D36102642CFC}]

    2008-04-16 22:33 98304 ---hs---- C:\WINDOWS\GbiehItau.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEB2618-69CF-4CD9-9DD0-76886A003022}]

    2008-04-16 22:33 65536 ---hs---- C:\WINDOWS\Scoop2008.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD47EE4-7E9C-45C0-9479-47F3CCED434A}]

    2008-04-16 22:33 32768 ---hs---- C:\WINDOWS\GbiehBank.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 14:34 3739672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-13 23:51 352256]

    "iTunesHelper"="C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe" [2007-09-26 14:42 267064]

    "SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]

    "SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35 716800]

    "QuickTime Task"="C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" [2008-01-31 23:13 385024]

    "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehBank]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehCef]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehItau]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Scapd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^TATI^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk]

    backup=C:\WINDOWS\pss\Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]

    --a------ 2005-02-08 04:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

    --------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

    --------- 2005-05-19 19:38 1957888 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    --------- 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

    -ra------ 2006-07-10 15:33 176128 C:\WINDOWS\system32\S3Trayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    -ra------ 2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\WINDOWS\\system32\\rundll32.exe"=

    "C:\\Documents and Settings\\TATI\\Meus documentos\\Programas\\LimeWire\\LimeWire.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "C:\\Documents and Settings\\TATI\\Meus documentos\\Programas\\iTunes.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 05:24]

    S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-11 23:43]

    *Newly Created Service* - CATCHME

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2007-10-04 23:23:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-26 16:49:10

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-04-26 16:50:11

    ComboFix-quarantined-files.txt 2008-04-26 19:49:47

    Pre-Run: 66,816,012,288 bytes disponíveis

    Post-Run: 66,808,066,048 bytes disponíveis

    187 --- E O F --- 2007-11-07 18:33:55

    ----------------------------------------------------------

    AGORA O HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:20:31, on 26/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe

    C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

    C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: GbiehCef.GBIEHObj - {70C64D27-921E-455F-A25B-FC56E8DDDFE4} - C:\WINDOWS\GbiehCef.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: GbiehItau.GBIEHObj - {A3EB9BE6-2D35-49D4-B7A1-D36102642CFC} - C:\WINDOWS\GbiehItau.dll

    O2 - BHO: Scoop2008.GBIEHObj - {BEEB2618-69CF-4CD9-9DD0-76886A003022} - C:\WINDOWS\Scoop2008.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O2 - BHO: GbiehBank.GBIEHObj - {EDD47EE4-7E9C-45C0-9479-47F3CCED434A} - C:\WINDOWS\GbiehBank.dll

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe"

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198556626718

    O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://churrascoibmr.myphotoalbum.com/ImageUploader4.cab

    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: GbiehBank - C:\WINDOWS\

    O20 - Winlogon Notify: GbiehCef - C:\WINDOWS\

    O20 - Winlogon Notify: GbiehItau - C:\WINDOWS\

    O20 - Winlogon Notify: Scapd - C:\WINDOWS\

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    --

    End of file - 8405 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Noite! donneenha

    <!> Delete:

    C:\QooBox

    C:\ComboFix.txt << Log anterior do ComboFix.

    ----------------------

    >@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas.

    >@< Salve-o,no Desktop,com o nome: CFScript.txt

    >@< Reinicie o computador,em Modo de Segurança.

    File::
    C:\WINDOWS\GbiehCef.ini
    C:\WINDOWS\GbiehItau.dll
    C:\WINDOWS\Scoop2008.dll
    C:\WINDOWS\GbiehCef.dll
    C:\WINDOWS\GbiehBank.dll
    C:\WINDOWS\wiadebug.dat
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70C64D27-921E-455F-A25B-FC56E8DDDFE4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB9BE6-2D35-49D4-B7A1-D36102642CFC}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEB2618-69CF-4CD9-9DD0-76886A003022}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD47EE4-7E9C-45C0-9479-47F3CCED434A}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehBank]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehCef]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbiehItau]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Scapd]

    >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

    >@< Veja a demonstração!

    cpiadecfscriptxt7.gif

    >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

    >@< Caso não reinicie,faça-o manualmente!

    >@< Durante a execução,não utilize o teclado ou Mouse!

    >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-04-22.5 - TATI 2008-04-26 19:22:46.2 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.286 [GMT -3:00]

    Executando de: C:\Documents and Settings\TATI\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\TATI\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\GbiehBank.dll

    C:\WINDOWS\GbiehCef.dll

    C:\WINDOWS\GbiehCef.ini

    C:\WINDOWS\GbiehItau.dll

    C:\WINDOWS\Scoop2008.dll

    C:\WINDOWS\wiadebug.dat

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\GbiehCef.ini

    C:\WINDOWS\wiadebug.dat

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))

    .

    2008-04-26 17:45 . 2008-04-26 17:45 <DIR> d-------- C:\WINDOWS\LastGood

    2008-04-26 17:45 . 2008-04-26 17:47 <DIR> d-------- C:\Arquivos de programas\Panda Security

    2008-04-26 16:39 . 2007-07-27 17:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

    2008-04-26 16:39 . 2008-04-26 19:24 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

    2008-04-26 16:39 . 2007-07-27 14:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

    2008-04-26 16:39 . 2008-04-26 16:39 <DIR> d-------- C:\Documents and Settings\Administrador

    2008-04-26 16:39 . 2008-04-26 19:22 1,024 --ah----- C:\Documents and Settings\Administrador\NtUser.dat.LOG

    2008-04-24 16:39 . 2008-04-24 16:39 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2008-04-24 15:31 . 2005-05-22 02:00 90,112 --------- C:\WINDOWS\SDUnInst.exe

    2008-04-24 15:16 . 2008-04-24 15:54 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\Smart PC Solutions

    2008-04-24 15:12 . 2008-04-24 15:12 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll

    2008-04-23 22:38 . 2008-04-16 22:36 18 --a------ C:\WINDOWS\system32\GbiehCef.ini

    2008-04-23 22:00 . 2008-04-23 22:00 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\InstallShield

    2008-04-23 22:00 . 2008-04-24 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

    2008-04-23 22:00 . 2008-04-24 16:00 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools

    2008-04-23 19:31 . 2008-04-23 19:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

    2008-04-23 19:31 . 2008-04-23 19:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

    2008-04-23 19:29 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

    2008-04-23 19:29 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys

    2008-04-23 19:28 . 2008-04-24 16:39 <DIR> d-------- C:\Program Files

    2008-04-23 19:28 . 2008-04-23 19:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

    2008-04-18 14:50 . 2008-04-18 14:50 <DIR> d-------- C:\Documents and Settings\TATI\Dados de aplicativos\gtk-2.0

    2008-04-18 14:50 . 2008-04-18 14:50 <DIR> d-------- C:\Documents and Settings\TATI\avidemux

    2008-04-16 23:12 . 2008-04-16 23:25 48 --a------ C:\WINDOWS\LiveContacts.ini

    2008-04-07 11:13 . 2008-04-07 11:13 <DIR> d-------- C:\Arquivos de programas\Alwil Software

    2008-04-07 11:13 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

    2008-04-07 09:14 . 2008-04-07 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

    2008-04-06 11:16 . 2008-04-06 11:16 9,662 --a------ C:\WINDOWS\EPISME00.SWB

    2008-04-03 14:45 . 2008-04-03 14:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-03-27 13:39 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys

    2008-03-27 13:39 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

    2008-03-27 13:39 . 2003-08-05 11:41 53,248 --a------ C:\WINDOWS\ap561.exe

    2008-03-27 13:39 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

    2008-03-27 13:39 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

    2008-03-27 13:39 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src

    2008-03-27 13:39 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-26 22:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-04-26 20:21 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Skype

    2008-04-24 19:20 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-04-24 19:00 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-04-24 18:55 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Move Networks

    2008-04-22 20:02 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\MegauploadToolbar

    2008-04-19 01:35 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\LimeWire

    2008-04-17 01:33 122 ----a-w C:\Arquivos de programas\wiadebug.txt

    2008-04-08 00:29 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\Apple Computer

    2008-04-06 21:36 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-03-24 17:13 --------- d-----w C:\Arquivos de programas\Java

    2008-03-24 16:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-03-24 14:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2008-03-24 14:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-03-08 22:42 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

    2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trend Micro

    2008-03-06 21:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

    2008-03-06 21:47 --------- d-----w C:\Documents and Settings\TATI\Dados de aplicativos\AVG7

    2008-03-04 15:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

    2005-04-01 01:17 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

    2003-08-05 14:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe

    2002-11-26 19:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe

    2002-11-22 18:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe

    2002-10-29 21:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe

    2002-10-01 17:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 14:34 3739672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-13 23:51 352256]

    "iTunesHelper"="C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe" [2007-09-26 14:42 267064]

    "SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]

    "SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35 716800]

    "QuickTime Task"="C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" [2008-01-31 23:13 385024]

    "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^TATI^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk]

    backup=C:\WINDOWS\pss\Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]

    --a------ 2005-02-08 04:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

    --------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

    --------- 2005-05-19 19:38 1957888 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    --------- 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

    -ra------ 2006-07-10 15:33 176128 C:\WINDOWS\system32\S3Trayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    -ra------ 2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\WINDOWS\\system32\\rundll32.exe"=

    "C:\\Documents and Settings\\TATI\\Meus documentos\\Programas\\LimeWire\\LimeWire.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "C:\\Documents and Settings\\TATI\\Meus documentos\\Programas\\iTunes.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 05:24]

    S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-11 23:43]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2007-10-04 23:23:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-26 19:24:15

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-04-26 19:25:16

    ComboFix-quarantined-files.txt 2008-04-26 22:24:51

    Pre-Run: 66,716,000,256 bytes disponíveis

    Post-Run: 66,707,329,024 bytes disponíveis

    179 --- E O F --- 2007-11-07 18:33:55

    --------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:30:42, on 26/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe

    C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

    C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\TATI\Meus documentos\Programas\iTunesHelper.exe"

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\TATI\Meus documentos\Programas\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198556626718

    O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://churrascoibmr.myphotoalbum.com/ImageUploader4.cab

    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\TATI\Meus documentos\Programas\Manutenção do PC\ADAWARE-segurança\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    --

    End of file - 7984 bytes

    Joram, MUITO OBRIGADA!

    Você conseguiu!

    MIl beijos,

    Tati

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Joram,

    Andei pesquisando na internet e vi que esse vírus era um backdoor né?

    Estou livre e posso me despreocupar dele agora?

    Estou aguardando sua resposta.

    Obrigada

    Beijos,

    Tati

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Noite! donneenha

    >@< Em Modo Seguro,delete: C:\WINDOWS\system32\GbiehCef.ini << Delete!

    -------------------

    >@< Faça uma pesquisa,pelo Jotti,ao arquivo: LiveContacts.ini

    >@< Em File to upload,coloque o caminho:

    C:\WINDOWS\LiveContacts.ini

    >@< Em seguida,clique em Submit.

    >@< Copie e poste,o relatório desta análise.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Scanner results

    Scan taken on 27 Apr 2008 00:54:02 (GMT)

    A-Squared Found nothing

    AntiVir Found nothing

    ArcaVir Found nothing

    Avast Found nothing

    AVG Antivirus Found nothing

    BitDefender Found nothing

    ClamAV Found nothing

    CPsecure Found nothing

    Dr.Web Found nothing

    F-Prot Antivirus Found nothing

    F-Secure Anti-Virus Found nothing

    Fortinet Found nothing

    Ikarus Found nothing

    Kaspersky Anti-Virus Found nothing

    NOD32 Found nothing

    Norman Virus Control Found nothing

    Panda Antivirus Found nothing

    Sophos Antivirus Found nothing

    VirusBuster Found nothing

    VBA32 Found nothing

    Joram, eu rodei o antivirus online do panda e ele encontrou como latente o Bck/VB.XB nos documentos:

    1. C:\Documents and Settings\TATI\Meus documento...ix.exe[327882R2FWJFW\NirCmdC.cfexe]

    2. C:\Documents and Settings\TATI\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]

    o Antivirus do Panda não conseguiu eliminar, disse ser Not Desinfectable. Como eu faço para removê-lo?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Joram, eu rodei o antivirus online do panda e ele encontrou como latente o Bck/VB.XB nos documentos:

    1. C:\Documents and Settings\TATI\Meus documento...ix.exe[327882R2FWJFW\NirCmdC.cfexe]

    2. C:\Documents and Settings\TATI\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]

    o Antivirus do Panda não conseguiu eliminar, disse ser Not Desinfectable. Como eu faço para removê-lo?

    -----------------------

    Opa! donneenha

    Boa Noite!

    >@< Digite no Executar: ComboFix.exe /u --> Clique OK.

    >@< Se houver uma solicitação,escolha o dois. ( 2 )

    >@< Esse procedimento,irá desinstalar o ComboFix,livrando-a da indicação efetuada pelo Panda.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Bom dia,

    Obrigada Joram. Mais alguma recomendação?

    ----------------------

    Bom Dia! donneenha

    >@< Faça o download do CCleaner.

    >@< Baixe-o para o Desktop!

    >@< Abra o programa e clique em Analisar >> Executar Limpeza.

    >@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

    ----------------------

    Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

    Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

    Depois,desmarque novamente! >> Aplicar >> Ok.

    Para maiores detalhes,vá em:< Docs >

    >@< O log está limpo! ;)

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×