Ir ao conteúdo
Regras do Clube do Hardware

Erro gbiehdst.dll

digobranco

Por digobranco
em Outros problemas de hardware

Posts recomendados

digobranco
 

digobranco

Postado
Postado

Pessoal,

vocês poderia me ajudar com esse problema. Esta aparecendo erro de DLL e nao consegue carregar o arquivo gbiehdst.dll.

Ja realizei o log do ComboFix e HJT. Seguem os logs. Obrigado pelo apoio.

ComboFix 13-03-24.03 - Cleia Kelly 24/03/2013 16:53:17.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.512 [GMT -3:00]

Executando de: c:\documents and settings\Cleia Kelly\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-02-24 to 2013-03-24 ))))))))))))))))))))))))))))

.

.

2013-03-23 20:26 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-03-23 20:26 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-17 17:46 . 2013-03-17 17:46 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2013-03-17 01:26 . 2013-03-06 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-03-17 01:26 . 2013-03-06 23:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-03-17 01:26 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-17 01:26 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-17 01:26 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-17 01:25 . 2013-03-06 23:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2013-03-03 17:02 . 2013-03-03 17:02 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee

2013-03-02 02:36 . 2013-03-02 02:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2013-03-02 02:36 . 2013-03-02 02:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2013-03-02 02:36 . 2013-03-03 17:01 -------- d-----w- c:\arquivos de programas\McAfee Security Scan

2013-03-02 02:36 . 2013-03-15 23:20 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-02 02:36 . 2013-03-15 23:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-06 23:33 . 2011-05-27 21:42 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33 . 2009-05-05 22:15 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-03-06 23:33 . 2009-05-05 22:15 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-03-06 23:33 . 2009-05-05 22:15 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-03-06 23:33 . 2012-08-04 02:37 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-03-06 23:33 . 2009-05-05 22:15 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-03-06 23:32 . 2010-08-15 15:35 41664 ----a-w- c:\windows\avastSS.scr

2013-03-06 23:32 . 2009-05-05 22:15 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2004-08-04 02:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-05 20:13 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:13 . 2004-08-04 03:45 43520 ------w- c:\windows\system32\licmgr10.dll

2013-02-05 20:13 . 2004-08-04 03:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:55 . 2004-08-04 03:37 385024 ------w- c:\windows\system32\html.iec

2013-01-26 03:55 . 2004-08-04 03:45 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 07:25 . 2004-08-04 00:40 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-07 07:25 . 2004-08-04 03:40 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 10:09 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 03:45 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 03:45 1296896 ----a-w- c:\windows\system32\quartz.dll

2012-05-05 20:41 . 2012-05-05 20:41 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\arquiv~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 212992]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Atalho para a Página de Propriedades do High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-06 148888]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-06 68592]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-07 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-07 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-07 135168]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2007-11-20 18:51 347464 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"d:\\StubInstaller.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

.

R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/8/2012 23:37 21576]

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [16/3/2013 22:25 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [16/3/2013 22:26 199384]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [16/3/2013 22:26 49248]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/3/2013 14:46 102008]

R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [16/3/2013 22:26 101656]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/5/2011 18:42 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/5/2009 19:15 368176]

R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\All Users\Dados de aplicativos\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [23/3/2013 18:44 317112]

R1 RapportEI;RapportEI;c:\arquivos de programas\Trusteer\Rapport\bin\RapportEI.sys [17/3/2013 14:46 102680]

R1 RapportPG;RapportPG;c:\arquivos de programas\Trusteer\Rapport\bin\RapportPG.sys [17/3/2013 14:46 173880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/5/2009 19:15 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [16/3/2013 22:26 66336]

R2 avast! Firewall;avast! Firewall;c:\arquivos de programas\Alwil Software\Avast5\afwServ.exe [16/3/2013 22:25 136912]

R2 RapportMgmtService;Rapport Management Service;c:\arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe [17/3/2013 14:46 1124184]

R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/5/2007 13:30 508160]

S0 GbpSvc;GbpSvc;c:\windows\system32\drivers\gbpkms.sys --> c:\windows\system32\drivers\gbpkms.sys [?]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [8/1/2013 11:55 161536]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [16/3/2013 22:26 164736]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\3.0.318\McCHSvc.exe [5/2/2013 12:48 235216]

S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Dados de aplicativos\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/3/2012 13:50 55448]

UnknownUnknown GbpSv;GbpSv; [x]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - APPMGMT

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-15 23:05 1629648 ----a-w- c:\arquivos de programas\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 23:20]

.

2013-03-24 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-30 23:32]

.

2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-25 19:25]

.

2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-25 19:25]

.

2013-03-24 c:\windows\Tasks\User_Feed_Synchronization-{99083CFB-F27D-4F6D-A933-F4F2F72EF0BE}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.babylon.com/home?affID=10588

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 201.6.2.25 201.6.2.145

FF - ProfilePath - c:\documents and settings\Cleia Kelly\Dados de aplicativos\Mozilla\Firefox\Profiles\mjgynh9l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?affID=10588

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=10588&babsrc=KW_def&mntrId=082a1673000000000000001731b0f5e1&q=

FF - ExtSQL: !HIDDEN! 2009-09-01 18:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: extensions.BabylonToolbar_i.id - 082a1673000000000000001731b0f5e1

FF - user.js: extensions.BabylonToolbar_i.hardId - 082a1673000000000000001731b0f5e1

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15424

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:02

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babclient

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=10588

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - def

FF - user.js: extensions.BabylonToolbar_i.instlRef - std

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-GameXN GO - c:\documents and settings\All Users\Dados de aplicativos\GameXN\GameXNGO.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-24 17:03

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1056)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

- - - - - - - > 'explorer.exe'(4924)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2013-03-24 17:06:02

ComboFix-quarantined-files.txt 2013-03-24 20:05

ComboFix2.txt 2013-03-24 18:57

.

Pré-execução: 7 pasta(s) 31.516.934.144 bytes disponíveis

Pós execução: 8 pasta(s) 31.509.581.824 bytes disponíveis

.

- - End Of File - - 2AA1A8B250415DDFFC710E7408E7B3DB

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:47:07, on 24/3/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Cleia Kelly\Meus documentos\Downloads\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?affID=10588

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Arquivos de programas\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [GameXN GO] "C:\Documents and Settings\All Users\Dados de aplicativos\GameXN\GameXNGO.exe" /startup

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O24 - Desktop Component 0: (no name) - http://bl108w.blu108.mail.live.com/att/GetAttachment.aspx?tnail=2&messageId=90b8a141-3b15-4301-96c1-7bb6ee6c6e09&Aux=4|0|8CA14B7DEA1EAA0|

--

End of file - 10071 bytes

marcmira
 

marcmira

Postado
Postado

se precisa de analise de logs poste no setor remoção de malware, leia os tópicos em destaque e poste os logs que os analistas trabalham.

att e bem vindo(a) ao fórum

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ir à lista de tópicos

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

Mais

×
×
  • Criar novo...