Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Bizkitt66

Analisem, por favor!

Recommended Posts

Recebi de mim mesmo um e-mail com um trojan... daqueles do tipo cartão virtual Te amo demais, etc, etc...

Acho q pode ser uma infecção... Analisem, por favor!

Grato desde Já!

Logfile of HijackThis v1.99.1

Scan saved at 18:16:05, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\KGB\Mpk.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\AdobeR.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\KGB\MPKView.exe

C:\Documents and Settings\user\Meus documentos\Pôgramas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.intraer;10.*;<local>

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203782856578

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu, Jose Melo. Aí vai o Log do ComboFix:

ComboFix 08-03-24.1 - user 2008-03-24 19:52:46.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.592 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Meus documentos\Pôgramas\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

2008-03-22 18:56 . 2008-03-22 18:56 <DIR> d-------- C:\PenClean

2008-03-18 16:00 . 2007-03-23 04:48 <DIR> d--h----- C:\Documents and Settings\Convidado\Modelos

2008-03-18 16:00 . 2008-03-18 16:01 <DIR> dr-h----- C:\Documents and Settings\Convidado\Meus documentos

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> dr-h----- C:\Documents and Settings\Convidado\Menu Iniciar

2008-03-18 16:00 . 2008-03-18 16:01 <DIR> dr-h----- C:\Documents and Settings\Convidado\Favoritos

2008-03-18 16:00 . 2008-03-18 16:00 <DIR> dr-h----- C:\Documents and Settings\Convidado\Dados de aplicativos

2008-03-18 16:00 . 2008-03-18 16:01 <DIR> d--h----- C:\Documents and Settings\Convidado\Configurações locais

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de rede

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de impressão

2008-03-11 22:50 . 2008-03-11 22:50 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-10 19:28 . 2008-03-10 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-03-10 19:27 . 2008-03-10 19:27 <DIR> d-------- C:\Arquivos de programas\Last.fm

2008-02-28 09:51 . 2008-02-28 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Startup Manager

2008-02-28 09:51 . 2008-02-28 09:55 <DIR> d-------- C:\Arquivos de programas\Startup Manager

2008-02-27 19:46 . 2008-02-28 10:30 <DIR> d-------- C:\Arquivos de programas\Rockstar Games

2008-02-25 15:51 . 2008-02-25 15:51 <DIR> d-------- C:\Arquivos de programas\FreshDevices

2008-02-25 09:38 . 2008-02-25 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-25 09:38 . 2008-02-25 09:38 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 22:53 --------- d-sh--w C:\Documents and Settings\All Users\Dados de aplicativos\MPK

2008-03-24 22:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-23 09:39 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\uTorrent

2008-03-22 21:56 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Skype

2008-03-22 19:57 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-21 18:00 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-03-10 20:49 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\LimeWire

2008-03-02 00:02 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-01 19:56 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-02-28 13:31 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-28 12:41 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-02-28 12:32 --------- d-----w C:\Arquivos de programas\LG mobile

2008-02-25 12:39 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-25 12:38 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-23 12:59 --------- d-----w C:\Arquivos de programas\avisplit

2008-02-22 23:51 --------- d-----w C:\Arquivos de programas\Gabest

2008-02-20 22:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-16 03:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-02-14 05:33 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-12 02:34 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\AVG7

2008-02-10 17:32 --------- d-----w C:\Arquivos de programas\QuickTime

2008-02-09 23:51 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-01-24 22:19 --------- d-----w C:\Arquivos de programas\eMule

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

------- Sigcheck -------

2004-08-04 00:45 803328 048367ef3e654f8fb83e4dbb1e26b81d C:\WINDOWS\system32\wininet.dll

2004-08-04 00:45 803328 048367ef3e654f8fb83e4dbb1e26b81d C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-04 00:45 658432 398a619ce60090303042d1f8cc68f712 C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

2004-08-04 00:40 2182144 4ea3db2d812d8bd35e7b88508ce5c66a C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-04 00:40 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2004-08-04 00:40 2315264 b1a78d1fb7119668049eb3b2445423cd C:\WINDOWS\system32\ntoskrnl.exe

2004-08-04 00:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\explorer.exe

2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\VistaMizer\old\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 13:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-27 15:06 219136]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 13:25 68856]

C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\

Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2008-03-10 19:27:42 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"Mpk.exe"= C:\Arquivos de programas\KGB\Mpk.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 18:02 341928]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 16:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--------- 2006-08-16 00:20 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-08-16 00:20 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

--------- 2004-04-21 10:26 86016 C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-10 14:32 385024 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

C:\WINDOWS\AdobeR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--------- 2006-08-16 00:23 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--------- 2006-08-16 00:21 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--a------ 2006-08-09 05:18 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Guru]

C:\Arquivos de programas\StartupGuru\startupguru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-08 13:25 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys []

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 06:52]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-08-06 10:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-03-23 03:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-05 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-22 13:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 04:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 22:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-22 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 00:00:01 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 01:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-16 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-05 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 18:00:16 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 19:54:20

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\combofix]

"ImagePath"="C:\WINDOWS\system32\cmd.exe /c start /i /dC:\ComboFix\ C:\WINDOWS\system32\cmd.exe /c Sys.bat /\c@"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\KGB\MPK.dll

.

Tempo para conclusão: 2008-03-24 19:55:43

ComboFix-quarantined-files.txt 2008-03-24 22:55:41

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\P64s0PkN.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aí vão os logs!

ComboFix 08-03-24.1 - user 2008-03-25 21:31:20.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.546 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Meus documentos\Pôgramas\ComboFix.exe

Command switches used :: C:\Documents and Settings\user\Meus documentos\P“gramas\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))

.

2008-03-24 20:24 . 2008-03-24 20:24 <DIR> d-------- C:\Documents and Settings\user\.receitanet

2008-03-24 20:23 . 2007-12-04 10:11 69,632 -ra------ C:\WINDOWS\system32\MSJCE.dll

2008-03-24 20:23 . 2008-03-24 20:23 3,363 --a------ C:\WINDOWS\vpd.properties

2008-03-22 18:56 . 2008-03-22 18:56 <DIR> d-------- C:\PenClean

2008-03-18 16:00 . 2007-03-23 04:48 <DIR> d--h----- C:\Documents and Settings\Convidado\Modelos

2008-03-18 16:00 . 2008-03-18 16:01 <DIR> dr-h----- C:\Documents and Settings\Convidado\Meus documentos

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> dr-h----- C:\Documents and Settings\Convidado\Menu Iniciar

2008-03-18 16:00 . 2008-03-18 16:01 <DIR> dr-h----- C:\Documents and Settings\Convidado\Favoritos

2008-03-18 16:00 . 2008-03-18 16:00 <DIR> dr-h----- C:\Documents and Settings\Convidado\Dados de aplicativos

2008-03-18 16:00 . 2008-03-24 19:55 <DIR> d--h----- C:\Documents and Settings\Convidado\Configurações locais

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de rede

2008-03-18 16:00 . 2007-03-23 01:42 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de impressão

2008-03-11 22:50 . 2008-03-24 20:23 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-10 19:28 . 2008-03-10 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-03-10 19:27 . 2008-03-10 19:27 <DIR> d-------- C:\Arquivos de programas\Last.fm

2008-02-28 09:51 . 2008-02-28 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Startup Manager

2008-02-28 09:51 . 2008-02-28 09:55 <DIR> d-------- C:\Arquivos de programas\Startup Manager

2008-02-27 19:46 . 2008-02-28 10:30 <DIR> d-------- C:\Arquivos de programas\Rockstar Games

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 00:31 --------- d-sh--w C:\Documents and Settings\All Users\Dados de aplicativos\MPK

2008-03-25 21:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-24 23:53 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\LimeWire

2008-03-23 09:39 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\uTorrent

2008-03-22 21:56 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Skype

2008-03-22 19:57 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-21 18:00 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-03-02 00:02 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-01 19:56 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2008-02-28 13:31 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-28 12:41 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-02-28 12:32 --------- d-----w C:\Arquivos de programas\LG mobile

2008-02-25 18:51 --------- d-----w C:\Arquivos de programas\FreshDevices

2008-02-25 12:39 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-25 12:38 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-25 12:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-25 12:38 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-23 12:59 --------- d-----w C:\Arquivos de programas\avisplit

2008-02-22 23:51 --------- d-----w C:\Arquivos de programas\Gabest

2008-02-20 22:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-16 03:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-02-14 05:33 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-12 02:34 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\AVG7

2008-02-10 17:32 --------- d-----w C:\Arquivos de programas\QuickTime

2008-02-09 23:51 --------- d-----w C:\Arquivos de programas\Oi Internet

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

------- Sigcheck -------

2004-08-04 00:45 803328 048367ef3e654f8fb83e4dbb1e26b81d C:\WINDOWS\system32\wininet.dll

2004-08-04 00:45 803328 048367ef3e654f8fb83e4dbb1e26b81d C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-04 00:45 658432 398a619ce60090303042d1f8cc68f712 C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

2004-08-04 00:40 2182144 4ea3db2d812d8bd35e7b88508ce5c66a C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-04 00:40 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2004-08-04 00:40 2315264 b1a78d1fb7119668049eb3b2445423cd C:\WINDOWS\system32\ntoskrnl.exe

2004-08-04 00:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\explorer.exe

2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\VistaMizer\old\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-24_19.55.32.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-24 22:41:44 58,794 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-03-25 21:50:45 58,794 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-24 22:41:44 67,430 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-03-25 21:50:45 67,430 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-03-24 22:41:44 392,494 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-03-25 21:50:45 392,494 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-03-24 22:41:44 425,310 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-03-25 21:50:45 425,310 ----a-w C:\WINDOWS\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-27 15:06 219136]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 13:25 68856]

C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\

Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2008-03-10 19:27:42 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"Mpk.exe"= C:\Arquivos de programas\KGB\Mpk.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 18:02 341928]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 16:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--------- 2006-08-16 00:20 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-08-16 00:20 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

--------- 2004-04-21 10:26 86016 C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-10 14:32 385024 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

C:\WINDOWS\AdobeR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--------- 2006-08-16 00:23 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--------- 2006-08-16 00:21 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--a------ 2006-08-09 05:18 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Guru]

C:\Arquivos de programas\StartupGuru\startupguru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-08 13:25 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Jogos\\GunBound\\GunboundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys []

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 06:52]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-08-06 10:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-03-23 03:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-05 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-22 13:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-24 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 04:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-25 22:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-25 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-26 00:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-25 01:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-23 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-25 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-05 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\P64s0PkN.exe

"2008-03-21 18:00:16 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 21:33:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\KGB\MPK.dll

.

Tempo para conclusão: 2008-03-25 21:34:42

ComboFix-quarantined-files.txt 2008-03-26 00:34:34

ComboFix2.txt 2008-03-24 22:55:44

Logfile of HijackThis v1.99.1

Scan saved at 21:41:49, on 25/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\KGB\Mpk.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\user\Meus documentos\Pôgramas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.intraer;10.*;<local>

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203782856578

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o Painel de Controle > Tarefas agendadas e exclua todas as tarefas;

- No mais, o log está limpo :)

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

valeu, Jose Melo!!!!!

Fiz tudo, mas n consegui atualizar o IE... Trava na tela de Baixando atualizaçoes para o IE7...

E esse GbPlugin? É normal?

Só pra garantir aí vai o Log Do HiJack depois do CCleaner... Brigadão!!!

Logfile of HijackThis v1.99.1

Scan saved at 19:47:51, on 27/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\user\Meus documentos\Pôgramas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.intraer;10.*;<local>

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203782856578

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
mas n consegui atualizar o IE... Trava na tela de Baixando atualizaçoes para o IE7...

Parece que trava, mas o processo é um pouco demorado, dependendo da velocidade da sua conexão.

E esse GbPlugin? É normal?

É normal. O plugin é instalado por alguns bancos para segurança no acesso aos dados pessoais. No seu caso foi instalado pelo Banco ABN.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×