×
Ir ao conteúdo
  • Cadastre-se

Possivel ataque !


Falabate

Posts recomendados

Bom dia a todos !

Algum tempo venho observando que de forma intermitente, o meu navegador Internet Explorer 8.0 apresenta um travamento em alguns sites e certa lentidão.

Hora a página trava e só resolvo saindo do IE, outrora fica perfeito com a navegação boa..... não entendo..

Já passei o Norton antivirus, spyboot, adware e nada detectado, nenhum problema.

Talvez um possivel ataque que não esteja sendo detectado, não sei.. por isso peço ajuda !!

Meu log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:25:28, on 5/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\BraZip\BraZip.exe

C:\DOCUME~1\FABIO\CONFIG~1\Temp\SZ2445\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249341796968

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249341880656

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 6957 bytes

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Link para o comentário
Compartilhar em outros sites

Seg o meu log para análise.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/8/2009 18:14:26

System Uptime: 9/6/2009 09:19:48 (2136 hours ago)

Motherboard: First International Computer, Inc. | | K7M-400A

Processor: AMD Athlon XP 2400+ | Socket A | 1991/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 27,509 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VIA Rhine II Fast Ethernet Adapter

Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_92161509&REV_78\3&61AAA01&0&90

Manufacturer: VIA Technologies, Inc.

Name: VIA Rhine II Fast Ethernet Adapter

PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_92161509&REV_78\3&61AAA01&0&90

Service: FET5X86V

==== System Restore Points ===================

RP6: 31/8/2009 09:27:24 - Ponto de verificação do sistema

RP7: 1/9/2009 09:53:29 - Ponto de verificação do sistema

RP8: 5/9/2009 13:37:15 - Ponto de verificação do sistema

==== Installed Programs ======================

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1.3 - Português

AiO_Scan_CDA

AiOSoftwareNPI

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para o Windows XP (KB943729)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

AutoUpdate

BraZip 9.0

BufferChm

CCleaner (remove only)

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Digital Video Converter v1.15.0.45

DivX Codec

DivX Version Checker

DVD Shrink 3.2

DVD Suite

eSupportQFolder

EVGA Display Driver

F300

F300_Help

Fax_CDA

Free Registry Defrag

Google Earth

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB970653-v3)

HP Customer Participation Program 7.0

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Software Update

HP Solution Center 7.0

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevicesMFC

Java 6 Update 13

LimeWire 4.18.8

MarketResearch

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

MSXML 4.0 SP2 (KB954430)

Nero 7 Essentials

NewCopy_CDA

Norton Internet Security

OGA Notifier 2.0.0048.0

PowerDVD

PowerProducer

ProductContextNPI

Readme

Realtek AC'97 Audio

REALTEK GbE & FE Ethernet PCI NIC Driver

Scan

ScannerCopy

Sicalc Auto Atendimento

SolutionCenter

Spybot - Search & Destroy

SpywareBlaster 4.2

Status

Teclado Multimidia ( ACK290 )

Toolbox

TrayApp

VC80CRTRedist - 8.0.50727.762

VDownloader 0.83

VIA Rhine-Family Fast-Ethernet Adapter

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VobSub v2.23 (Remove Only)

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

==== End Of File ===========================

MER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-09-06 10:26:29

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 897D64A8 ZwAlertResumeThread

SSDT 897CE4A8 ZwAlertThread

SSDT 89511A78 ZwAllocateVirtualMemory

SSDT 8968AE18 ZwAssignProcessToJobObject

SSDT 890E3C10 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB79E9040]

SSDT 896A6EF0 ZwCreateMutant

SSDT 896E79B8 ZwCreateSymbolicLinkObject

SSDT 89739EE0 ZwCreateThread

SSDT 89690138 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB79E92C0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB79E9820]

SSDT 897C4DF8 ZwDuplicateObject

SSDT 897A2158 ZwFreeVirtualMemory

SSDT 897E21D8 ZwImpersonateAnonymousToken

SSDT 897EF9D8 ZwImpersonateThread

SSDT 89382208 ZwLoadDriver

SSDT 8971D7E0 ZwMapViewOfSection

SSDT 89860720 ZwOpenEvent

SSDT 896F4928 ZwOpenProcess

SSDT 896C52B0 ZwOpenProcessToken

SSDT 896CFA70 ZwOpenSection

SSDT 89666DD8 ZwOpenThread

SSDT 8955F6F0 ZwProtectVirtualMemory

SSDT 89713D88 ZwResumeThread

SSDT 896C3E98 ZwSetContextThread

SSDT 8963D678 ZwSetInformationProcess

SSDT 896AB138 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB79E9A70]

SSDT 89692E18 ZwSuspendProcess

SSDT 896D8930 ZwSuspendThread

SSDT 896DFE30 ZwTerminateProcess

SSDT 896ACFD0 ZwTerminateThread

SSDT 896C51A8 ZwUnmapViewOfSection

SSDT 8978FD18 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10075390 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[648] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 01302F20 C:\ARQUIV~1\GbPlugin\gbiehUni.dll (Gbieh Module/Banco Unibanco)

.text C:\WINDOWS\system32\winlogon.exe[648] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 01302DC0 C:\ARQUIV~1\GbPlugin\gbiehUni.dll (Gbieh Module/Banco Unibanco)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 10050E80 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!FindWindowA 7E3782E1 5 Bytes JMP 10076EE0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!GetKeyState 7E379ED9 5 Bytes JMP 10051140 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!GetWindowTextW 7E37A5CD 5 Bytes JMP 1007D670 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!GetAsyncKeyState 7E37A78F 5 Bytes JMP 10051550 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!GetKeyboardState 7E37D226 5 Bytes JMP 10051340 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 10050E00 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!FindWindowExA 7E38214A 5 Bytes JMP 10076F10 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\BraZip\BraZip.exe[3532] user32.dll!GetWindowTextA 7E38216B 5 Bytes JMP 1007D630 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403351FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40503C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40503B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40503BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40503A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40503A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40503C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40503AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 03350034

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 403351FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 403743F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40503C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40503B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40503BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40503A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40503A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40503C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40503AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!CoCreateInstanceEx 774E0526 5 Bytes JMP 033500B8

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 4040D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!CoGetClassObject 774F56C5 5 Bytes JMP 0335013F

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] ole32.dll!OleLoadFromStream 77509C85 5 Bytes JMP 40503F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Você postou o conteúdo do attach.txt, eu quero o log do DDS.txt

Link para o comentário
Compartilhar em outros sites

Ok, desculpe o equivoco, segue o log do DDS

DDS (Ver_09-07-30.01) - NTFSx86

Run by FABIO at 19:10:40,18 on dom 06/09/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1535.1024 [GMT -3:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\FABIO\Meus documentos\Programas Log\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://g1.globo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\arquivos de programas\norton internet security\engine\16.5.0.135\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\arquivos de programas\norton internet security\engine\16.5.0.135\IPSBHO.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquiv~1\gbplugin\gbiehUni.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\arquivos de programas\norton internet security\engine\16.5.0.135\coIEPlg.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249341796968

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249341880656

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\arquivos de programas\norton internet security\engine\16.5.0.135\CoIEPlg.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginUni - c:\arquiv~1\gbplugin\gbiehUni.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquiv~1\gbplugin\gbiehUni.dll

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-8-3 26632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-3 64160]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-8-3 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-8-3 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-8-3 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\dados de aplicativos\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090904.002\IDSXpx86.sys [2009-9-5 276344]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-8-3 53128]

R2 Norton Internet Security;Norton Internet Security;c:\arquivos de programas\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-8-3 115560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\arquivos comuns\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\dados de aplicativos\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090905.025\NAVENG.SYS [2009-9-6 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\dados de aplicativos\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090905.025\NAVEX15.SYS [2009-9-6 1323568]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

=============== Created Last 30 ================

2009-08-30 10:44 <DIR> --d----- c:\windows\$regcmp$

2009-08-29 15:47 <DIR> --d----- c:\windows\ie8updates

2009-08-29 15:45 <DIR> -cd-h--- c:\windows\ie8

2009-08-29 15:36 <DIR> --d----- C:\07bdc1195c0ec1cf9c751607d8978f4b

2009-08-19 18:38 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys

2009-08-19 18:38 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS

2009-08-13 16:53 268 a---h--- C:\sqmdata19.sqm

2009-08-13 16:53 244 a---h--- C:\sqmnoopt19.sqm

2009-08-13 16:51 268 a---h--- C:\sqmdata18.sqm

2009-08-13 16:51 244 a---h--- C:\sqmnoopt18.sqm

2009-08-13 16:51 268 a---h--- C:\sqmdata17.sqm

2009-08-13 16:51 244 a---h--- C:\sqmnoopt17.sqm

2009-08-13 00:18 268 a---h--- C:\sqmdata16.sqm

2009-08-13 00:18 244 a---h--- C:\sqmnoopt16.sqm

2009-08-12 23:02 244 a---h--- C:\sqmnoopt15.sqm

2009-08-12 23:02 232 a---h--- C:\sqmdata15.sqm

2009-08-12 19:54 15,688 a------- c:\windows\system32\lsdelete.exe

2009-08-12 18:46 221,184 a------- c:\windows\system32\wmpns.dll

2009-08-12 18:44 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

2009-08-12 18:44 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

2009-08-12 18:12 <DIR> --dsh--- c:\documents and settings\fabio\IECompatCache

2009-08-12 18:10 <DIR> --dsh--- c:\documents and settings\fabio\PrivacIE

2009-08-12 18:09 <DIR> --dsh--- c:\documents and settings\fabio\IETldCache

2009-08-12 17:57 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-08-12 17:57 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-08-12 17:56 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-08-12 15:43 268 a---h--- C:\sqmdata14.sqm

2009-08-12 15:43 244 a---h--- C:\sqmnoopt14.sqm

2009-08-12 10:00 268 a---h--- C:\sqmdata13.sqm

2009-08-12 10:00 244 a---h--- C:\sqmnoopt13.sqm

2009-08-10 21:09 268 a---h--- C:\sqmdata12.sqm

2009-08-10 21:09 244 a---h--- C:\sqmnoopt12.sqm

2009-08-10 17:39 244 a---h--- C:\sqmnoopt11.sqm

2009-08-10 17:39 232 a---h--- C:\sqmdata11.sqm

2009-08-10 16:29 268 a---h--- C:\sqmdata10.sqm

2009-08-10 16:29 244 a---h--- C:\sqmnoopt10.sqm

2009-08-10 15:13 244 a---h--- C:\sqmnoopt09.sqm

2009-08-10 15:13 232 a---h--- C:\sqmdata09.sqm

2009-08-10 08:40 268 a---h--- C:\sqmdata08.sqm

2009-08-10 08:40 244 a---h--- C:\sqmnoopt08.sqm

2009-08-10 08:21 268 a---h--- C:\sqmdata07.sqm

2009-08-10 08:21 244 a---h--- C:\sqmnoopt07.sqm

2009-08-09 13:11 244 a---h--- C:\sqmnoopt06.sqm

2009-08-09 13:11 232 a---h--- C:\sqmdata06.sqm

2009-08-09 11:23 244 a---h--- C:\sqmnoopt05.sqm

2009-08-09 11:23 232 a---h--- C:\sqmdata05.sqm

2009-08-08 16:24 3,303 a------- c:\windows\system32\wbem\Outlook_01ca185de20af6f8.mof

2009-08-08 15:44 268 a---h--- C:\sqmdata04.sqm

2009-08-08 15:44 244 a---h--- C:\sqmnoopt04.sqm

2009-08-08 15:33 244 a---h--- C:\sqmnoopt03.sqm

2009-08-08 15:33 232 a---h--- C:\sqmdata03.sqm

2009-08-08 14:50 268 a---h--- C:\sqmdata02.sqm

2009-08-08 14:50 244 a---h--- C:\sqmnoopt02.sqm

==================== Find3M ====================

2009-08-17 14:43 26,632 a------- c:\windows\system32\drivers\gbpkm.sys

2009-08-08 16:24 347,294 a------- c:\windows\system32\perfh016.dat

2009-08-08 16:24 49,586 a------- c:\windows\system32\perfc016.dat

2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-08-03 23:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-08-03 22:33 119,860 a------- c:\windows\hpoins11.dat

2009-08-03 21:46 410,984 a------- c:\windows\system32\deploytk.dll

2009-08-03 21:14 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-08-03 21:14 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-08-03 20:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2009-08-03 20:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL

2009-08-03 20:00 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2009-08-03 20:00 805 a------- c:\windows\system32\drivers\SYMEVENT.INF

2009-08-03 19:16 57,344 a------- c:\windows\UnInst32.EXE

2009-08-03 18:56 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-08-03 18:08 21,844 a------- c:\windows\system32\emptyregdb.dat

2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll

2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll

2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe

2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 13:59 915,456 a------- c:\windows\system32\wininet.dll

2009-06-25 05:27 732,672 a------- c:\windows\system32\lsasrv.dll

2009-06-25 05:27 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 05:27 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 05:27 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 05:27 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-25 05:27 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-15 07:44 77,824 a------- c:\windows\system32\telnet.exe

2009-06-15 07:44 81,408 a------- c:\windows\system32\tlntsess.exe

2009-06-10 11:14 85,504 a------- c:\windows\system32\avifil32.dll

2009-06-10 09:21 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 03:15 132,096 a------- c:\windows\system32\wkssvc.dll

2009-05-18 19:54 219,952 a------- c:\arquivos de programas\utorrent 1.7.7.exe

============= FINISH: 19:11:09,31 ===============

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Temporariamente desative antivirus de seu computador!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Clique em accept.
  • Surgirá uma janela, clique em Run.
  • O programa será instalado e depois começará a fazer as atualizações (updates). Aguarde...
  • Quando completar as atualizações (100%), clique no botão 3507611311_825f7c7183_o.jpg
  • Verifique, no painel à direita, se estão marcados as seguintes caixas:
  • Em: Detect malicious programs of the following categories:
    • Viruses, Worms, Trojan Horses, Rootkits (por default já vem selecionada)
    • Spyware, Adware, Dialers, and other potentially dangerous programs

    [*]Em: Scan compound files (doesn't apply to the File scan area):

    • Archives
    • Mail databases
  • Clique em My Computer para começar o scan. Aguarde...
  • Ao fim do scan clique no link View scan report.
  • Clique no botão 3508421676_e090b1e383_o.jpg
  • Na janela que abrir em Files of type escolha a extensão Text file (.txt), escolha um local e dê um nome para o arquivo.
  • Pode fechar a página do Kaspersky.
  • Abra o arquivo em que salvou o relatório, selecione todo o conteúdo (ctr + a), copie (ctrl + c) e cole (ctrl + v) em sua próxima resposta.

Link para o comentário
Compartilhar em outros sites

Segue o resultado ;

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, September 8, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, September 08, 2009 13:59:49

Records in database: 2760537

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Objects scanned: 46915

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:38:00

No threats found. Scanned area is clean.

Selected area has been scanned.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Seu problema não tem relação com malwares.

Algum tempo venho observando que de forma intermitente, o meu navegador Internet Explorer 8.0 apresenta um travamento em alguns sites e certa lentidão.

Hora a página trava e só resolvo saindo do IE, outrora fica perfeito com a navegação boa..... não entendo..

Já passei o Norton antivirus, spyboot, adware e nada detectado, nenhum problema.

Tente desinstalar o IE8 e veja se resolve seus problemas.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.