Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Marcelo Galvão

gbiehbsb.dll

Recommended Posts

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jose Melo, Segue relatório Combo:

ComboFix 08-03-22.3 - Home 2008-03-23 10:00:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.560 [GMT -3:00]

Executando de: C:\Documents and Settings\Home\Configurações locais\Temporary Internet Files\Content.IE5\LBFJHTWE\ComboFix[1].exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-22 11:39 . 2008-03-22 11:40 <DIR> d-------- C:\VP-EYE

2008-03-22 11:32 . 2008-03-22 11:32 <DIR> d-------- C:\WINDOWS\Setup2K

2008-03-22 11:32 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\SPCA561.SYS

2008-03-22 11:32 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2008-03-22 11:32 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe

2008-03-22 11:32 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

2008-03-22 11:32 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

2008-03-22 11:32 . 2008-03-22 11:44 7,431 --a------ C:\WINDOWS\Tw561a.src

2008-03-22 11:32 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

2008-03-17 08:42 . 2008-03-17 08:42 27,267,584 --a------ C:\Snap.avi

2008-03-16 23:55 . 2008-03-22 11:40 37,089 --a------ C:\WINDOWS\unvpeye.ini

2008-03-16 23:35 . 2008-03-16 23:35 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-16 23:35 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-16 23:35 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-16 23:35 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-16 23:35 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-16 23:35 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-16 23:35 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-16 23:35 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-16 23:35 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-16 21:32 . 2008-03-16 21:32 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-16 12:14 . 2008-03-16 19:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-03-16 12:14 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-16 08:02 . 2008-03-16 08:02 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-16 01:07 . 2008-03-16 01:19 <DIR> d-------- C:\Hercules Profissional

2008-03-16 01:07 . 2008-03-16 01:07 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-03-16 01:07 . 2008-03-20 19:59 13,030 --a------ C:\PDOXUSRS.NET

2008-03-16 01:06 . 2008-03-16 01:06 <DIR> d-------- C:\Documents and Settings\Home\WINDOWS

2008-03-16 01:06 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe

2008-03-16 00:51 . 2008-03-16 00:55 <DIR> d-------- C:\MYFILES

2008-03-16 00:31 . 2008-03-16 00:31 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\PC Tools

2008-03-16 00:31 . 2008-03-23 09:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-16 00:31 . 2008-03-20 12:33 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-03-16 00:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-16 00:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-16 00:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-16 00:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-13 20:09 . 2008-03-16 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-13 20:09 . 2008-03-16 00:02 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-13 17:37 . 2008-03-22 11:44 152,064 --a------ C:\WINDOWS\snap.dat

2008-03-12 16:25 . 2008-03-14 08:21 4,416 --a------ C:\WINDOWS\mssnmsgr.dll

2008-03-12 14:59 . 2008-03-12 14:59 <DIR> d-------- C:\WINDOWS\_tmp

2008-03-12 14:54 . 2008-03-14 20:01 3,392 --a------ C:\WINDOWS\svchost

2008-03-11 20:33 . 2008-03-16 09:39 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\skypePM

2008-03-11 20:33 . 2008-03-11 20:33 32 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-03-11 20:29 . 2008-03-16 20:52 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Skype

2008-03-11 20:19 . 2008-03-11 20:19 <DIR> d-------- C:\Arquivos de programas\Google

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Arquivos de programas\Skype

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-03-10 21:05 . 2008-03-10 21:05 <DIR> d-------- C:\Arquivos de programas\EMUSB2.0

2008-03-10 21:04 . 2008-03-10 21:04 <DIR> d-------- C:\Arquivos de programas\eMPIA

2008-03-10 21:04 . 2004-06-08 17:35 163,840 --a------ C:\WINDOWS\emSTI.exe

2008-03-10 21:04 . 1998-09-01 17:24 35,600 --a------ C:\WINDOWS\emAMCAP.exe

2008-03-10 17:42 . 2008-03-10 17:42 <DIR> d---s---- C:\Documents and Settings\Home\UserData

2008-03-10 11:36 . 2008-03-13 16:58 <DIR> d-------- C:\Documents and Settings\Home\Contacts

2008-03-10 11:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-10 11:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-03-10 11:22 . 2008-03-10 11:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-10 11:12 . 2008-03-10 11:12 <DIR> d-------- C:\Arquivos de programas\RALINK

2008-03-10 11:12 . 2005-07-29 11:44 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-03-10 11:12 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2008-03-10 11:12 . 2005-06-17 19:19 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2008-03-10 11:12 . 2005-08-25 11:15 81,920 --a------ C:\WINDOWS\system32\Install6x.dll

2008-03-10 11:12 . 2008-03-10 11:12 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-10 11:12 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x

2008-03-08 18:40 . 2008-03-08 18:40 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Corel

2008-03-06 14:37 . 2008-03-06 14:37 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-03-06 14:37 . 2008-03-06 14:37 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-03-06 14:37 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-06 14:34 . 2008-03-06 14:34 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-06 14:34 . 2008-03-06 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-06 14:33 . 2008-03-06 14:33 <DIR> dr-h----- C:\MSOCache

2008-03-06 14:29 . 2008-03-06 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-03-06 14:27 . 2008-03-06 14:27 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-06 14:27 . 2008-03-06 14:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-05 13:22 . 2008-03-05 13:22 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Ahead

2008-03-05 13:21 . 2008-03-05 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-05 13:21 . 2008-03-05 13:21 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-05 13:21 . 2008-03-05 13:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-05 13:18 . 2008-03-05 13:18 268 --ah----- C:\sqmdata01.sqm

2008-03-05 13:18 . 2008-03-05 13:18 244 --ah----- C:\sqmnoopt01.sqm

2008-03-05 13:17 . 2008-03-05 13:17 268 --ah----- C:\sqmdata00.sqm

2008-03-05 13:17 . 2008-03-05 13:17 244 --ah----- C:\sqmnoopt00.sqm

2008-03-05 13:15 . 2008-03-05 13:15 <DIR> d-------- C:\MyWorks

2008-03-05 13:15 . 2008-03-22 11:34 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-05 13:15 . 2008-03-05 13:16 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-03-05 13:15 . 2008-03-10 11:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-05 13:15 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-03-05 13:12 . 2006-05-18 21:01 18,796,544 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL

2008-03-05 13:07 . 2008-03-05 13:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-05 13:07 . 2008-03-05 13:07 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-03-05 13:06 . 2008-03-05 13:06 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-03-05 13:06 . 2008-03-21 01:12 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\AVG7

2008-03-05 13:06 . 2008-03-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-03-05 13:06 . 2008-03-13 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-03-05 13:06 . 2008-03-05 13:06 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 15:35 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-05 15:34 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-05 15:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

C:\WINDOWS\gbiehbsb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 17:17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-13 17:15 219136]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-03-10 11:13:10 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-03-13 17:15 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 18:05 143360 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2006-03-01 20:22 577536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

-ra------ 2006-08-30 06:44 180224 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 10:02:17

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-23 10:02:47

ComboFix-quarantined-files.txt 2008-03-23 13:02:38

ComboFix2.txt 2008-03-16 14:18:59

ComboFix3.txt 2008-03-16 13:18:03

.

2008-03-19 13:19:44 --- E O F ---

SEGUE HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 10:07:22, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Home\Configurações locais\Temporary Internet Files\Content.IE5\5I676Y70\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9926BA2B-E098-499B-8792-309B3D6AC272}: NameServer = 10.10.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D2EF3B-893C-40B6-9CB9-96073C02C5B0}: NameServer = 10.10.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Folder::
C:\WINDOWS\_tmp
File::
C:\WINDOWS\mssnmsgr.dll
C:\WINDOWS\svchost
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
C:\WINDOWS\gbiehbsb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jose Melo, Fiz o que você me solicitou e resolveu meu problema, segue combofix:

ComboFix 08-03-14.4 - Home 2008-03-23 22:07:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.605 [GMT -3:00]

Executando de: C:\Documents and Settings\Home\Meus documentos\Meus arquivos recebidos\ComboFix.exe

Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\_tmp

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

2008-03-23 10:28 . 2008-03-23 10:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-03-23 10:28 . 2008-03-23 16:18 <DIR> d-------- C:\Arquivos de programas\SGB

2008-03-22 11:39 . 2008-03-22 11:40 <DIR> d-------- C:\VP-EYE

2008-03-22 11:32 . 2008-03-22 11:32 <DIR> d-------- C:\WINDOWS\Setup2K

2008-03-22 11:32 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\SPCA561.SYS

2008-03-22 11:32 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2008-03-22 11:32 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe

2008-03-22 11:32 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

2008-03-22 11:32 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

2008-03-22 11:32 . 2008-03-22 11:44 7,431 --a------ C:\WINDOWS\Tw561a.src

2008-03-22 11:32 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

2008-03-17 08:42 . 2008-03-17 08:42 27,267,584 --a------ C:\Snap.avi

2008-03-16 23:55 . 2008-03-22 11:40 37,089 --a------ C:\WINDOWS\unvpeye.ini

2008-03-16 23:35 . 2008-03-16 23:35 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-16 23:35 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-16 23:35 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-16 23:35 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-16 23:35 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-16 23:35 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-16 23:35 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-16 23:35 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-16 23:35 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-16 21:32 . 2008-03-16 21:32 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-16 12:14 . 2008-03-16 19:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-03-16 12:14 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-16 08:02 . 2008-03-16 08:02 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-16 01:07 . 2008-03-23 16:38 <DIR> d-------- C:\Hercules Profissional

2008-03-16 01:07 . 2008-03-16 01:07 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-03-16 01:07 . 2008-03-23 16:42 13,030 --a------ C:\PDOXUSRS.NET

2008-03-16 01:06 . 2008-03-16 01:06 <DIR> d-------- C:\Documents and Settings\Home\WINDOWS

2008-03-16 01:06 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe

2008-03-16 00:51 . 2008-03-16 00:55 <DIR> d-------- C:\MYFILES

2008-03-16 00:31 . 2008-03-16 00:31 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\PC Tools

2008-03-16 00:31 . 2008-03-23 22:00 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-16 00:31 . 2008-03-20 12:33 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-03-16 00:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-16 00:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-16 00:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-16 00:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-13 20:09 . 2008-03-16 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-13 20:09 . 2008-03-16 00:02 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-13 17:37 . 2008-03-22 11:44 152,064 --a------ C:\WINDOWS\snap.dat

2008-03-11 20:33 . 2008-03-16 09:39 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\skypePM

2008-03-11 20:33 . 2008-03-11 20:33 32 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-03-11 20:29 . 2008-03-16 20:52 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Skype

2008-03-11 20:19 . 2008-03-11 20:19 <DIR> d-------- C:\Arquivos de programas\Google

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Arquivos de programas\Skype

2008-03-11 20:17 . 2008-03-11 20:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-03-10 21:05 . 2008-03-10 21:05 <DIR> d-------- C:\Arquivos de programas\EMUSB2.0

2008-03-10 21:04 . 2008-03-10 21:04 <DIR> d-------- C:\Arquivos de programas\eMPIA

2008-03-10 21:04 . 2004-06-08 17:35 163,840 --a------ C:\WINDOWS\emSTI.exe

2008-03-10 21:04 . 1998-09-01 17:24 35,600 --a------ C:\WINDOWS\emAMCAP.exe

2008-03-10 17:42 . 2008-03-10 17:42 <DIR> d---s---- C:\Documents and Settings\Home\UserData

2008-03-10 11:36 . 2008-03-13 16:58 <DIR> d-------- C:\Documents and Settings\Home\Contacts

2008-03-10 11:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-10 11:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-03-10 11:22 . 2008-03-10 11:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-10 11:12 . 2008-03-10 11:12 <DIR> d-------- C:\Arquivos de programas\RALINK

2008-03-10 11:12 . 2005-07-29 11:44 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-03-10 11:12 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2008-03-10 11:12 . 2005-06-17 19:19 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2008-03-10 11:12 . 2005-08-25 11:15 81,920 --a------ C:\WINDOWS\system32\Install6x.dll

2008-03-10 11:12 . 2008-03-10 11:12 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-10 11:12 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-10 11:12 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x

2008-03-08 18:40 . 2008-03-08 18:40 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Corel

2008-03-06 14:37 . 2008-03-06 14:37 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-03-06 14:37 . 2008-03-06 14:37 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-03-06 14:37 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-06 14:34 . 2008-03-06 14:34 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-06 14:34 . 2008-03-06 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-06 14:33 . 2008-03-06 14:33 <DIR> dr-h----- C:\MSOCache

2008-03-06 14:29 . 2008-03-06 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-03-06 14:27 . 2008-03-06 14:27 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-06 14:27 . 2008-03-06 14:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-05 13:22 . 2008-03-05 13:22 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\Ahead

2008-03-05 13:21 . 2008-03-05 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-05 13:21 . 2008-03-05 13:21 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-05 13:21 . 2008-03-05 13:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-05 13:18 . 2008-03-05 13:18 268 --ah----- C:\sqmdata01.sqm

2008-03-05 13:18 . 2008-03-05 13:18 244 --ah----- C:\sqmnoopt01.sqm

2008-03-05 13:17 . 2008-03-05 13:17 268 --ah----- C:\sqmdata00.sqm

2008-03-05 13:17 . 2008-03-05 13:17 244 --ah----- C:\sqmnoopt00.sqm

2008-03-05 13:15 . 2008-03-05 13:15 <DIR> d-------- C:\MyWorks

2008-03-05 13:15 . 2008-03-22 11:34 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-05 13:15 . 2008-03-05 13:16 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-03-05 13:15 . 2008-03-10 11:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-05 13:15 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-03-05 13:12 . 2006-05-18 21:01 18,796,544 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL

2008-03-05 13:07 . 2008-03-05 13:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-05 13:07 . 2008-03-05 13:07 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-03-05 13:06 . 2008-03-05 13:06 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-03-05 13:06 . 2008-03-23 17:18 <DIR> d-------- C:\Documents and Settings\Home\Dados de aplicativos\AVG7

2008-03-05 13:06 . 2008-03-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-03-05 13:06 . 2008-03-13 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-03-05 13:06 . 2008-03-05 13:06 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-05 13:06 . 2008-03-05 13:06 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 15:35 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-05 15:34 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-05 15:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 17:17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-13 17:15 219136]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-03-10 11:13:10 598016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-03-13 17:15 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 18:05 143360 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2006-03-01 20:22 577536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

-ra------ 2006-08-30 06:44 180224 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 22:08:00

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-23 22:08:24

ComboFix-quarantined-files.txt 2008-03-24 01:08:22

ComboFix2.txt 2008-03-23 13:02:48

ComboFix3.txt 2008-03-16 14:18:59

ComboFix4.txt 2008-03-16 13:18:03

.

2008-03-19 13:19:44 --- E O F ---

E o Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 22:20:00, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Home\Configurações locais\Temporary Internet Files\Content.IE5\4LI789YN\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9926BA2B-E098-499B-8792-309B3D6AC272}: NameServer = 10.10.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D2EF3B-893C-40B6-9CB9-96073C02C5B0}: NameServer = 10.10.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

grato pela atenção

Marcelo Galvão

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×