Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
RonaldoGibi

Malware cp1041.nls - segue log do HijackThis

Posts recomendados

Colegas, boa noite!

Minha maquina está infectada com um virus que cria um arquivo cp1041.nls na raiz do c:

Ele esta interferindo no desempenho do meu equipamento e não sei quais outros efeitos ele poderia gerar.

Gostaria do apoio de vocês na solução do problema.

Segue abaixo o log gerado pelo HijackThis.

Obrigado a todos.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40:04, on 30/12/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgvv.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - _{1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - (no file)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c12271ff34ed5d0e16/netzip/RdxIE601_br.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B07C7495-4904-44BD-B8F2-9EF387EC32F2}: NameServer = 200.221.11.101 200.147.255.100

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Acelerador UOL - Universo Online Ltda. - C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe

O23 - Service: Apache - Unknown owner - C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: MySql - Unknown owner - C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10310 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

Primeiramente agradeço o retorno e informo que executei o procedimento conforme solicitado.

Segue abaixo o log registrado no arquivo combofix.txt e também o novo HijackThis.

Aproveitei e colei também logo após os dados contidos no arquivo pend.txt

ComboFix 08-01-03.3 - Usuario 2008-01-03 17:30:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1046.18.202 [GMT -2:00]

Executando de: C:\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Geral\Dados de aplicativos\HbTools

C:\Documents and Settings\Jogos\Dados de aplicativos\HbTools

C:\WINDOWS\system32\Cfx32.lic

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\totour.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\npf

((((((((((((((((((((((( Ficheiros criados de 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))

.

2008-01-03 17:31 . 2008-01-03 17:31 91,648 --a------ C:\cp1467.nls

2008-01-03 17:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 20:27 . 2008-01-01 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-01 20:27 . 2008-01-01 20:27 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-25 15:32 . 2007-12-25 15:33 <DIR> d-------- C:\Documents and Settings\Jogos\Contacts

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-03 19:39 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AVG7

2007-12-31 12:54 --------- d-----w C:\Documents and Settings\Geral\Dados de aplicativos\AVG7

2007-12-30 21:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2007-12-30 21:07 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-12-30 20:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-30 18:43 --------- d-----w C:\Arquivos de programas\FlashGet

2007-12-02 16:43 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Ulead Systems

2007-12-02 15:33 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Grisoft

2007-12-01 21:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-23 01:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2007-11-23 01:13 --------- d-----w C:\Arquivos de programas\CCleaner

2007-11-23 00:46 --------- d-----w C:\Arquivos de programas\Trend Micro

2007-11-18 20:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2007-11-18 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VisualZone

2007-11-18 19:21 --------- d-----w C:\Arquivos de programas\Visio

2007-11-04 10:00 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-11-03 19:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-11-03 19:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2007-11-03 19:17 --------- d-----w C:\Documents and Settings\Geral\Dados de aplicativos\Grisoft

2007-04-08 16:39 45,499 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_08_11_17_12_small.dmp.zip

2006-09-20 19:52 103,936 --sha-w C:\Arquivos de programas\Thumbs.db

2006-09-06 02:26 335 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6500.dat

2006-09-06 02:24 13,046 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb2969.dat

2006-09-06 02:24 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb847.dat

2006-09-06 00:06 6,144 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4683.dat

2006-09-05 20:45 6,144 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb7873.dat

2006-09-05 20:44 177,152 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb495.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8943.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8506.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8060.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4672.dat

2006-09-05 12:31 299 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb1942.dat

2006-09-05 12:29 47 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb41.dat

2006-09-05 12:26 9,216 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8467.dat

2006-09-05 12:26 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6334.dat

2006-04-01 17:15 3,136,470 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2006-02-12 17:48 44,593 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_02_12_14_45_41_small.dmp.zip

2005-12-24 19:34 41,158 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_24_17_31_17_small.dmp.zip

2005-01-23 13:05 15,535,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_01_18_18_23_12.dmp.zip

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 16:06 13312]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-03 05:14 5058560]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28 790528]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" [2003-05-30 10:42 585728]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 14:42 968696]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 00:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 15:06 114688]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 14:57 344064]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-30 17:30 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 16:06 13312]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-03 23:22 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\WINDOWS\Downloaded Program Files\gbiehabn.dll [2006-12-19 13:33 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceleradorUOL]

2005-07-05 23:50 224768 --a------ C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 08:50 155648 --a------ C:\WINDOWS\System32\\NeroCheck.exe

R2 Acelerador UOL;Acelerador UOL;"C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe" -f "C:\Arquivos de programas\UOL\Acelerador UOL\acelerador.cfg" []

R2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-01-05 13:41]

R3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-01-05 13:40]

S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2006-01-19 12:34]

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-01-03 19:37:43 C:\WINDOWS\Tasks\givqc.job"

- c:\windows\system32\manswrzc.exe

"2007-04-24 16:51:19 C:\WINDOWS\Tasks\hkhbfga.job"

------------------------------------------------------------------------------------

Log Hijacthis

------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59, on 2008-01-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - _{1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - (no file)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c12271ff34ed5d0e16/netzip/RdxIE601_br.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B07C7495-4904-44BD-B8F2-9EF387EC32F2}: NameServer = 200.221.11.101 200.147.255.100

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Acelerador UOL - Universo Online Ltda. - C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe

O23 - Service: Apache - Unknown owner - C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: MySql - Unknown owner - C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 10399 bytes

-----------------------------------------------------------------------

Dados do arquivo Pend.txt

-----------------------------------------------------------------------

\??\C:\ntdetect.com\0\0

\??\C:\boot.ini\0\0

\??\C:\ntldr\0\0

\??\C:\WINDOWS\0\0

\??\C:\WINDOWS\explorer.exe\0\0

\??\C:\WINDOWS\system32\csrss.exe\0\0

\??\C:\WINDOWS\system32\lsass.exe\0\0

\??\C:\WINDOWS\system32\services.exe\0\0

\??\C:\WINDOWS\system32\smss.exe\0\0

\??\C:\WINDOWS\system32\svchost.exe\0\0

\??\C:\WINDOWS\system32\userinit.exe\0\0

\??\C:\WINDOWS\system32\winlogon.exe\0\0

\??\C:\WINDOWS\system32\hal.dll\0\0

\??\C:\WINDOWS\system32\ntdll.dll\0\0

\??\C:\WINDOWS\system32\config\0\0

\??\C:\WINDOWS\system32\drivers\0\0

\??\C:\WINDOWS\system32\wbem\0\0

Mas uma vez obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Faça o download do ComboFix e salve-o na área de trabalho;

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\cp1467.nls

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole novo log do Combofix e do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

Executei o combofix conforme orientado e segue abaixo o novo log do combofix e do hijacthis.

Porém, constatei que não só persiste o arquivo cp1041.nls mas também foi criado um outro denominado cp1334.nls

Agradeço novamente e aguardo o retorno.

________________________________________________________________

Log combofix

ComboFix 08-01-04.1 - Usuario 2008-01-03 23:08:32.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1046.18.373 [GMT -2:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Usuario\Desktop\CFScript.txt

FILE

C:\cp1467.nls

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))

.

2008-01-03 23:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 22:34 . 2008-01-03 22:34 0 --a------ C:\cp1334.nls

2008-01-03 22:32 . 2008-01-03 22:32 0 --a------ C:\cp1041.nls

2008-01-03 21:04 . 2008-01-03 21:04 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Image Zone Express

2008-01-01 20:27 . 2008-01-01 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-01 20:27 . 2008-01-01 20:27 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-25 15:32 . 2007-12-25 15:33 <DIR> d-------- C:\Documents and Settings\Jogos\Contacts

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 00:51 --------- d---a-w C:\Arquivos de programas\Common Files

2008-01-04 00:51 --------- d-----w C:\Arquivos de programas\Gel

2008-01-03 23:37 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\LimeWire

2008-01-03 23:37 --------- d-----w C:\Arquivos de programas\FlashGet

2008-01-03 22:53 --------- d-----w C:\Arquivos de programas\Ulead Systems

2008-01-03 22:52 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-03 22:40 --------- d-----w C:\Arquivos de programas\HP

2008-01-03 22:12 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AVG7

2007-12-31 12:54 --------- d-----w C:\Documents and Settings\Geral\Dados de aplicativos\AVG7

2007-12-30 21:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2007-12-30 21:07 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-12-30 20:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-02 16:43 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Ulead Systems

2007-12-02 15:33 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Grisoft

2007-12-01 21:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-23 01:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2007-11-23 01:13 --------- d-----w C:\Arquivos de programas\CCleaner

2007-11-23 00:46 --------- d-----w C:\Arquivos de programas\Trend Micro

2007-11-18 20:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2007-11-18 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VisualZone

2007-11-18 19:21 --------- d-----w C:\Arquivos de programas\Visio

2007-11-04 10:00 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-04-08 16:39 45,499 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_08_11_17_12_small.dmp.zip

2006-09-20 19:52 103,936 --sha-w C:\Arquivos de programas\Thumbs.db

2006-09-06 02:26 335 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6500.dat

2006-09-06 02:24 13,046 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb2969.dat

2006-09-06 02:24 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb847.dat

2006-09-06 00:06 6,144 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4683.dat

2006-09-05 20:45 6,144 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb7873.dat

2006-09-05 20:44 177,152 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb495.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8943.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8506.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8060.dat

2006-09-05 12:36 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4672.dat

2006-09-05 12:31 299 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb1942.dat

2006-09-05 12:29 47 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb41.dat

2006-09-05 12:26 9,216 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8467.dat

2006-09-05 12:26 0 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6334.dat

2006-04-01 17:15 3,136,470 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2006-02-12 17:48 44,593 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_02_12_14_45_41_small.dmp.zip

2005-12-24 19:34 41,158 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_24_17_31_17_small.dmp.zip

2005-01-23 13:05 15,535,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_01_18_18_23_12.dmp.zip

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 16:06 13312]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-03 05:14 5058560]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28 790528]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" [2003-05-30 10:42 585728]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 14:42 968696]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 00:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 15:06 114688]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 14:57 344064]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-30 17:30 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 16:06 13312]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-03 23:22 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\WINDOWS\Downloaded Program Files\gbiehabn.dll [2006-12-19 13:33 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceleradorUOL]

2005-07-05 23:50 224768 --a------ C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 08:50 155648 --a------ C:\WINDOWS\System32\\NeroCheck.exe

S2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-01-05 13:41]

S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]

S3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-01-05 13:40]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2006-01-19 12:34]

S4 Acelerador UOL;Acelerador UOL;"C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe" -f "C:\Arquivos de programas\UOL\Acelerador UOL\acelerador.cfg" []

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-04 00:50:43 C:\WINDOWS\Tasks\givqc.job"

- c:\windows\system32\manswrzc.exe

"2007-04-24 16:51:19 C:\WINDOWS\Tasks\hkhbfga.job"

________________________________________________________________

Arquivo Pend.txt

\??\C:\ntdetect.com\0\0

\??\C:\boot.ini\0\0

\??\C:\ntldr\0\0

\??\C:\WINDOWS\0\0

\??\C:\WINDOWS\explorer.exe\0\0

\??\C:\WINDOWS\system32\csrss.exe\0\0

\??\C:\WINDOWS\system32\lsass.exe\0\0

\??\C:\WINDOWS\system32\services.exe\0\0

\??\C:\WINDOWS\system32\smss.exe\0\0

\??\C:\WINDOWS\system32\svchost.exe\0\0

\??\C:\WINDOWS\system32\userinit.exe\0\0

\??\C:\WINDOWS\system32\winlogon.exe\0\0

\??\C:\WINDOWS\system32\hal.dll\0\0

\??\C:\WINDOWS\system32\ntdll.dll\0\0

\??\C:\WINDOWS\system32\config\0\0

\??\C:\WINDOWS\system32\drivers\0\0

\??\C:\WINDOWS\system32\wbem\0\0

________________________________________________________

Log hijactthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:20, on 2008-01-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c12271ff34ed5d0e16/netzip/RdxIE601_br.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B07C7495-4904-44BD-B8F2-9EF387EC32F2}: NameServer = 200.221.11.101 200.147.255.100

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Apache - Unknown owner - C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: MySql - Unknown owner - C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9238 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Faça o download do ComboFix e salve-o na área de trabalho;

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\cp1334.nls
C:\cp1041.nls
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6500.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb847.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4683.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb7873.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb495.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8943.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8506.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8060.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4672.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb1942.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb41.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8467.dat
C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6334.dat
C:\WINDOWS\Tasks\givqc.job
C:\WINDOWS\Tasks\hkhbfga.job

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole novo log do HijackThis e do ComboFix na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Colega, boa noite!

Executei o procedimento conforme solicitado e acredito que o problema foi resolvido.

Gostaria de agradecer a atenção que foi de grande valia.

Segue abaixo os logs do Combofix e HijackThis:

Combofix:

-------------------------------------------------------------

ComboFix 08-01-04.1 - Usuario 2008-01-06 18:30:54.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1046.18.370 [GMT -2:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Usuario\Desktop\CFScript.txt

FILE

C:\cp1041.nls

C:\cp1334.nls

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb1942.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb41.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4672.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4683.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb495.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6334.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6500.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb7873.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8060.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8467.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb847.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8506.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8943.dat

C:\WINDOWS\Tasks\givqc.job

C:\WINDOWS\Tasks\hkhbfga.job

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb1942.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb41.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4672.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb4683.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb495.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6334.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb6500.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb7873.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8060.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8467.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb847.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8506.dat

C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb8943.dat

C:\WINDOWS\Tasks\givqc.job

C:\WINDOWS\Tasks\hkhbfga.job

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))

.

2008-01-04 19:30 . 2008-01-04 19:30 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-03 23:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 21:04 . 2008-01-03 21:04 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Image Zone Express

2008-01-01 20:27 . 2008-01-01 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-01 20:27 . 2008-01-01 20:27 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-25 15:32 . 2007-12-25 15:33 <DIR> d-------- C:\Documents and Settings\Jogos\Contacts

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 12:48 --------- d-----w C:\Documents and Settings\Geral\Dados de aplicativos\AVG7

2008-01-04 22:33 --------- d-----w C:\Arquivos de programas\FlashGet

2008-01-04 21:59 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AVG7

2008-01-04 00:51 --------- d---a-w C:\Arquivos de programas\Common Files

2008-01-04 00:51 --------- d-----w C:\Arquivos de programas\Gel

2008-01-03 23:37 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\LimeWire

2008-01-03 22:53 --------- d-----w C:\Arquivos de programas\Ulead Systems

2008-01-03 22:52 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-03 22:40 --------- d-----w C:\Arquivos de programas\HP

2007-12-30 21:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2007-12-30 21:07 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-12-30 20:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-02 16:43 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Ulead Systems

2007-12-02 15:33 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Grisoft

2007-12-01 21:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-23 01:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2007-11-23 01:13 --------- d-----w C:\Arquivos de programas\CCleaner

2007-11-23 00:46 --------- d-----w C:\Arquivos de programas\Trend Micro

2007-11-18 20:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2007-11-18 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VisualZone

2007-11-18 19:21 --------- d-----w C:\Arquivos de programas\Visio

2007-04-08 16:39 45,499 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_08_11_17_12_small.dmp.zip

2006-09-20 19:52 103,936 --sha-w C:\Arquivos de programas\Thumbs.db

2006-09-06 02:24 13,046 -c--a-w C:\Documents and Settings\Usuario\Dados de aplicativos\internaldb2969.dat

2006-04-01 17:15 3,136,470 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2006-02-12 17:48 44,593 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_02_12_14_45_41_small.dmp.zip

2005-12-24 19:34 41,158 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_24_17_31_17_small.dmp.zip

2005-01-23 13:05 15,535,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_01_18_18_23_12.dmp.zip

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 16:06 13312]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-03 05:14 5058560]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28 790528]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" [2003-05-30 10:42 585728]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 14:42 968696]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 00:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 15:06 114688]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 14:57 344064]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-30 17:30 579072]

"AceleradorUOLRemoval"="c:\arquivos de programas\uol\acelerador uol\acuollr.exe" [2005-07-05 23:50 224768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 16:06 13312]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-03 23:22 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\WINDOWS\Downloaded Program Files\gbiehabn.dll [2006-12-19 13:33 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceleradorUOL]

C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 08:50 155648 --a------ C:\WINDOWS\System32\\NeroCheck.exe

R2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-01-05 13:41]

R3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-01-05 13:40]

S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2006-01-19 12:34]

.

Conte£do da pasta 'Tarefas Agendadas'

"2007-04-29 13:01:39 C:\WINDOWS\Tasks\hxkpk.job"

HijackThis:

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:45, on 2008-01-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AceleradorUOLRemoval] "c:\arquivos de programas\uol\acelerador uol\acuollr.exe" -R

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c12271ff34ed5d0e16/netzip/RdxIE601_br.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O23 - Service: Apache - Unknown owner - C:\ARQUIV~1\EASYPH~1\Apache\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: MySql - Unknown owner - C:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9036 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...