- Forum do BABOO
-
Visualizando perfil: Postagens: frankin 2
frankin 2
Participa desde: 01/Oct/2007Offline Última atividade May 01 2012 08:52 PM
Meu conteúdoEstatísticas da Comunidade
- Grupo Participante
- Mensagens: 45
- Visualizações 906
- Idade desconhecida
- Aniversário desconhecido
Amigos
frankin 2 ainda não tem amigos
Últimos visitantes
-
Guest
14 Apr 2009 - 09:45 -
-
-
Posts I've Made
In Topic: Computador lento
24 December 2011 - 12:38 PM
Não consegui postar o conteúdo do log, mas coloquei o log do Combofix em arquivo de Doc. Anexo.
In Topic: Computador lento
24 December 2011 - 09:44 AM
Segue logs solicitados:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Versão da Base de Dados: 911122402
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24/12/2011 10:22:39
mbam-log-2011-12-24 (10-22-39).txt
Tipo de Verificação: Verificação Rápida
Objetos escaneados: 177941
Tempo decorrido: 11 minuto(s), 41 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 3
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
c:\documents and settings\jose carlos\meus documentos\downloads\pdfcreatorsetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2000478354-682003330-725345543-1003\Dc2.exe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2000478354-682003330-725345543-1003\Dc3.exe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-12-24 - 10:00
-------------------------------------------------------
Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6
=======================================================
Arquivo infectado detectado: C:\Install.exe
Arquivo infectado removido com sucesso!
----- Fim -------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:29, on 24/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10Play.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10SecS.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10Tray.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [VC10Player] C:\Arquivos de programas\Virtual CD v10\System\VC10Play.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Arquivos de programas\Virtual CD v10\System\VC10SecS.exe
--
End of file - 11730 bytes
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Versão da Base de Dados: 911122402
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24/12/2011 10:22:39
mbam-log-2011-12-24 (10-22-39).txt
Tipo de Verificação: Verificação Rápida
Objetos escaneados: 177941
Tempo decorrido: 11 minuto(s), 41 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 3
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
c:\documents and settings\jose carlos\meus documentos\downloads\pdfcreatorsetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2000478354-682003330-725345543-1003\Dc2.exe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2000478354-682003330-725345543-1003\Dc3.exe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-12-24 - 10:00
-------------------------------------------------------
Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6
=======================================================
Arquivo infectado detectado: C:\Install.exe
Arquivo infectado removido com sucesso!
----- Fim -------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:29, on 24/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10Play.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10SecS.exe
C:\Arquivos de programas\Virtual CD v10\System\VC10Tray.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [VC10Player] C:\Arquivos de programas\Virtual CD v10\System\VC10Play.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Arquivos de programas\Virtual CD v10\System\VC10SecS.exe
--
End of file - 11730 bytes
In Topic: Análise de Log do HijackThis
27 June 2011 - 12:11 PM
Cara agradeço de mais a sua ajudada, mais o meu PC está reiniciando sozinho, se não é virus o que pode ser? A formatação será a melhor opção?
In Topic: Análise de Log do HijackThis
27 June 2011 - 12:18 AM
Novos relatórios:
ComboFix 11-06-26.01 - Jose Carlos 26/06/2011 23:53:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.653 [GMT -3:00]
Executando de: c:\documents and settings\Jose Carlos\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 204 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\Jose Carlos\Meus documentos\000flash.001
c:\documents and settings\Jose Carlos\Meus documentos\000setup.999
c:\windows\IsUn0416.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))
.
.
2011-06-27 00:45 . 2011-06-27 00:44 388608 ----a-w- C:\HijackThis.exe
2011-06-26 03:00 . 2011-06-26 03:00 -------- d-----w- c:\arquivos de programas\DealPly
2011-06-16 05:45 . 2011-06-16 05:51 -------- d-----w- c:\documents and settings\Jose Carlos\Dados de aplicativos\QuickStoresToolbar
2011-06-16 05:45 . 2011-06-16 05:45 -------- d-----w- c:\arquivos de programas\Unlocker
2011-06-11 03:37 . 2011-06-11 03:37 -------- d-----w- c:\arquivos de programas\Take2
2011-06-11 02:22 . 2011-06-11 02:22 -------- d-----w- c:\arquivos de programas\Elifoot
2011-06-11 02:16 . 2011-06-11 02:16 -------- d-----w- c:\documents and settings\Jose Carlos\Configurações locais\Dados de aplicativos\Opera
2011-06-11 02:16 . 2011-06-11 02:16 -------- d-----w- c:\arquivos de programas\Opera
2011-06-08 16:08 . 2011-06-08 16:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2011-06-03 16:23 . 2011-06-03 16:27 -------- d-----w- c:\arquivos de programas\Orçamento Pessoal 2011
2011-06-03 16:22 . 2011-06-03 16:22 937984 ------w- c:\windows\Setup1.exe
2011-06-03 16:22 . 2011-06-03 16:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-02 01:20 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 12:06 . 2010-10-30 01:57 46624 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2011-05-10 12:10 . 2010-10-18 18:53 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-18 18:53 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-18 18:54 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-18 18:54 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-18 18:54 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-18 18:54 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-18 18:54 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-18 18:54 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-18 18:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 07:52 . 2010-04-29 16:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 05:25 . 2011-02-09 09:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-01 18:42 . 2011-03-20 02:42 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-29 08:00 . 2011-04-11 03:46 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-31 05:43 . 2010-10-31 05:43 1254736 ----a-w- c:\arquivos de programas\wlsetup-custom.exe
2010-10-31 05:41 . 2010-10-31 05:41 1288552 ----a-w- c:\arquivos de programas\wlsetup-web.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll
[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b4445e02-de70-48a5-abcd-85f297636cec}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
2011-06-06 12:20 78600 ----a-w- c:\arquivos de programas\DealPly\DealPlyIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4445e02-de70-48a5-abcd-85f297636cec}]
2011-01-17 14:54 175912 ----a-w- c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b4445e02-de70-48a5-abcd-85f297636cec}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B4445E02-DE70-48A5-ABCD-85F297636CEC}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2011-01-20 520568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-04-09 163840]
"ANIWZCS2Service"="c:\arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2010-12-07 74752]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-04-08 254696]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-06-13 12:03 1412896 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Jose Carlos\\Meus documentos\\Downloads\\Tony[1].Hawks.Pro.Skater.2 by baixedetudo.net\\Tony Hawk's Pro Skater 2\\THawk2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [29/10/2010 22:57 46624]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/10/2010 00:29 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/6/2011 22:20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/10/2010 15:54 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/10/2010 15:54 19544]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2010-10-22 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\arquivos de programas\Easeware\DriverEasy\DriverEasy.exe [2010-10-22 22:29]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{FD778BE7-372E-4735-B62F-777DA153D450}.job
- c:\windows\system32\msfeedssync.exe [2007-09-02 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://start.facemoods.com/?a=gppc
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 201.17.128.108 201.17.128.102
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 00:07
Windows 5.1.2600 Service Pack 2 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2011-06-27 00:13:30
ComboFix-quarantined-files.txt 2011-06-27 03:13
.
Pré-execução: 10 pasta(s) 10.009.849.856 bytes disponíveis
Pós execução: 12 pasta(s) 10.043.834.368 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A7CE99C5F1F0C829E651FE8B4BE0DF4D
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:16:02, on 27/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.Microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 8718 bytes
ComboFix 11-06-26.01 - Jose Carlos 26/06/2011 23:53:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.653 [GMT -3:00]
Executando de: c:\documents and settings\Jose Carlos\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 204 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Jose Carlos\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\Jose Carlos\Meus documentos\000flash.001
c:\documents and settings\Jose Carlos\Meus documentos\000setup.999
c:\windows\IsUn0416.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))
.
.
2011-06-27 00:45 . 2011-06-27 00:44 388608 ----a-w- C:\HijackThis.exe
2011-06-26 03:00 . 2011-06-26 03:00 -------- d-----w- c:\arquivos de programas\DealPly
2011-06-16 05:45 . 2011-06-16 05:51 -------- d-----w- c:\documents and settings\Jose Carlos\Dados de aplicativos\QuickStoresToolbar
2011-06-16 05:45 . 2011-06-16 05:45 -------- d-----w- c:\arquivos de programas\Unlocker
2011-06-11 03:37 . 2011-06-11 03:37 -------- d-----w- c:\arquivos de programas\Take2
2011-06-11 02:22 . 2011-06-11 02:22 -------- d-----w- c:\arquivos de programas\Elifoot
2011-06-11 02:16 . 2011-06-11 02:16 -------- d-----w- c:\documents and settings\Jose Carlos\Configurações locais\Dados de aplicativos\Opera
2011-06-11 02:16 . 2011-06-11 02:16 -------- d-----w- c:\arquivos de programas\Opera
2011-06-08 16:08 . 2011-06-08 16:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2011-06-03 16:23 . 2011-06-03 16:27 -------- d-----w- c:\arquivos de programas\Orçamento Pessoal 2011
2011-06-03 16:22 . 2011-06-03 16:22 937984 ------w- c:\windows\Setup1.exe
2011-06-03 16:22 . 2011-06-03 16:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-02 01:20 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 12:06 . 2010-10-30 01:57 46624 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2011-05-10 12:10 . 2010-10-18 18:53 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-18 18:53 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-18 18:54 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-18 18:54 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-18 18:54 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-18 18:54 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-18 18:54 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-18 18:54 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-18 18:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 07:52 . 2010-04-29 16:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 05:25 . 2011-02-09 09:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-01 18:42 . 2011-03-20 02:42 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-29 08:00 . 2011-04-11 03:46 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-31 05:43 . 2010-10-31 05:43 1254736 ----a-w- c:\arquivos de programas\wlsetup-custom.exe
2010-10-31 05:41 . 2010-10-31 05:41 1288552 ----a-w- c:\arquivos de programas\wlsetup-web.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll
[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b4445e02-de70-48a5-abcd-85f297636cec}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
2011-06-06 12:20 78600 ----a-w- c:\arquivos de programas\DealPly\DealPlyIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4445e02-de70-48a5-abcd-85f297636cec}]
2011-01-17 14:54 175912 ----a-w- c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b4445e02-de70-48a5-abcd-85f297636cec}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B4445E02-DE70-48A5-ABCD-85F297636CEC}"= "c:\arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b4445e02-de70-48a5-abcd-85f297636cec}]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2011-01-20 520568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-04-09 163840]
"ANIWZCS2Service"="c:\arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2010-12-07 74752]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-04-08 254696]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-06-13 12:03 1412896 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Jose Carlos\\Meus documentos\\Downloads\\Tony[1].Hawks.Pro.Skater.2 by baixedetudo.net\\Tony Hawk's Pro Skater 2\\THawk2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [29/10/2010 22:57 46624]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/10/2010 00:29 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/6/2011 22:20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/10/2010 15:54 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/10/2010 15:54 19544]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2010-10-22 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\arquivos de programas\Easeware\DriverEasy\DriverEasy.exe [2010-10-22 22:29]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{FD778BE7-372E-4735-B62F-777DA153D450}.job
- c:\windows\system32\msfeedssync.exe [2007-09-02 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://start.facemoods.com/?a=gppc
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 201.17.128.108 201.17.128.102
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 00:07
Windows 5.1.2600 Service Pack 2 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2011-06-27 00:13:30
ComboFix-quarantined-files.txt 2011-06-27 03:13
.
Pré-execução: 10 pasta(s) 10.009.849.856 bytes disponíveis
Pós execução: 12 pasta(s) 10.043.834.368 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A7CE99C5F1F0C829E651FE8B4BE0DF4D
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:16:02, on 27/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.Microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 8718 bytes
In Topic: Análise de Log do HijackThis
26 June 2011 - 11:37 PM
Segue os relatórios:
Tipo de Verificação: Verificação Rápida
Objetos escaneados: 139855
Tempo decorrido: 5 minuto(s), 28 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
-----------------------------------------------------------------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-06-26 - 23:17
-------------------------------------------------------
Lista de Definição: 2011-05-23-1 | CORE: 2010-12-28-6
=======================================================
----- Fim -------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:01, on 26/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.Microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 10081 bytes
-
Tipo de Verificação: Verificação Rápida
Objetos escaneados: 139855
Tempo decorrido: 5 minuto(s), 28 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
-----------------------------------------------------------------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-06-26 - 23:17
-------------------------------------------------------
Lista de Definição: 2011-05-23-1 | CORE: 2010-12-28-6
=======================================================
----- Fim -------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:01, on 26/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.Microsoft....k/?LinkId=74005
R3 - URLSearchHook: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: estacioagraduacaodistancia - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: estacioagraduacaodistancia Toolbar - {b4445e02-de70-48a5-abcd-85f297636cec} - C:\Arquivos de programas\estacioagraduacaodistancia\prxtbest0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Arquivos de programas\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jose Carlos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 10081 bytes
-
- Forum do BABOO
- Visualizando perfil: Postagens: frankin 2
- Política de Privacidade
- Termos, Condições Gerais e Regras ·
