[GCG]

Ae meu MSN tah mandando msg automatica para todos os contatos ON, mas soh de vez em quando dps de eu estar um bom tempo ON, ele manda, e dps de algum geito oculta as janelas de conversa q ele mandou as msg, ele manda um arquivo .rar com um .src dentro, q foi o q eu recebi e abri sem querer.....o q eu faço para tirar isso????
usei aquele programa q faz um log de n sei oq, hijackthis
tah ae...
O q posso fazer???
vlwwwwwww


Logfile of HijackThis v1.99.1
Scan saved at 22:32:41, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\SnAgOS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\SnEngine.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\DOCUME~1\USURIO~1\CONFIG~1\Temp\Rar$EX00.116\ HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul...recontrol2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa...GbPluginCef.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: printers - {CDEB2953-0635-44DA-B678-5F568C5F1ED0} - libwinets.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

[PedroNeto]

Ola,
estar faltando vc fazer o download do bankerfix
http://linhadefensiv...br/dl/bankerfix

Abraços

[GCG]

Ae eu passei soh q n deu nada, ae passei denovo, dps q fui ver q o log ficava salvo numa pasta, ai n sei se aconteceu algo antes, e o segundo salvou por cima, mas tah ae....

BankerFix 2.4 - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
Data: 3/8/2007 - 22:49
-------------------------------------------------------
Lista de Definição: 2007-07-28-1
=======================================================


Killando arquivos em Help
-----------------------------------

Killing '*'

Removendo Arquivos em Help
-----------------------------------


Arquivos ruins restantes
-----------------------------------


----- Fim -------------------------

[Coruj@]

GCG, as mensagens automáticas no msn continuam aparecendo?


Um forte abraço,

[GCG]

Continuam....
Cara um ponto de restauraçao resolveria o problema???pq tenho um de um dia antes disto acontecer...

[Coruj@]

Sabe qual é exatamente a mensagem ou o nome do arquivo scr?

[GCG]

Se eu n m engano eh pictures80.src
n tenho certeza....mas q eu me lembre eh isso....
vem dentro de um .rar
Cara um ponto de restauraçao resolveria o problema???

[Coruj@]

Se você tem um ponto de restauração antes de aparecer o problema, a princípio resolveria sim. Caso você queira remover o problema e/ou ajudar na identificação deste que parece ser um problema novo, por favor, faça o procedimento abaixo. Mesmo que depois você utilize a restauração do sistema, ok?

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

• Digite a opção para continuar e <ENTER>.
  
• Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Log reservado: C:\ComboFix.txt

@- Post os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

[GCG]

Bom fiz como vc pediu tah ae....vlws pela ajuda, vo tenta tirar pq tenho um arquivo d 2GB, q n quero ter q baixar denovo....vlwwss
soh para constar aqui og minha mae disse q o avast durante o dia detectou varios cavalos de troia e uma hora um q ela nem tava na NET mas tava conectado, um discador tentando ser instalado eu acho d um site q tinha um IP, ai o avast pedia para desconectar para q o arquivo n fosse enviado pro PC, a NEt n caia mas o arquivo n passava, acho q tem gente na minha maquina neh?
vlw pela ajuda.....tah ai os logs...

ComboFix 07-08-04.3 - "Usu rio" 2007-08-07 0:23:39.1 [GMT -3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\USURIO~1\Desktop\internet.lnk
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\1171887142.EXE


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 00:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSIS
2007-08-06 16:36 97,280 --a------ C:\DOCUME~1\USURIO~1\xaurvk.exe
2007-08-06 13:04 5,120 --a------ C:\WINDOWS\svchost.dll
2007-08-04 04:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files
2007-08-03 21:48 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos
2007-08-03 21:48 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar
2007-08-03 21:48 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos
2007-08-03 21:48 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais
2007-08-03 21:48 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede
2007-08-03 21:48 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo
2007-08-03 21:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos
2007-08-03 21:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos
2007-08-03 21:47 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-03 15:57 <DIR> d-------- C:\Arquivos de programas\Qualiom freewares
2007-08-01 23:37 25,900 --a------ C:\WINDOWS\system32\libwinets.dll
2007-08-01 23:37 115,712 --a------ C:\WINDOWS\system32\libcinet.exe
2007-08-01 11:53 <DIR> d-------- C:\Arquivos de programas\uTorrent
2007-07-27 12:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\Help
2007-07-22 22:22 <DIR> d-------- C:\Arquivos de programas\Valve
2007-07-21 17:32 <DIR> d-------- C:\Arquivos de programas\CCleaner
2007-07-16 12:49 <DIR> d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Ahead
2007-07-16 12:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero
2007-07-16 12:43 <DIR> d-------- C:\Arquivos de programas\Nero
2007-07-14 12:53 <DIR> d-------- C:\Arquivos de programas\Common Files
2007-07-13 11:05 753,664 --a------ C:\WINDOWS\system32\jCommonLib2_2.dll
2007-07-13 10:44 717,312 --a------ C:\WINDOWS\system32\__jCommonLib2_0.dll
2007-07-13 10:43 542,720 --a------ C:\WINDOWS\system32\__winswblib.dll
2007-07-13 10:42 690,176 --a------ C:\WINDOWS\system32\__BonusUninstall.exe
2007-07-13 10:41 299,008 --a------ C:\WINDOWS\system32\SerialShield.dll
2007-07-13 10:40 <DIR> d-------- C:\Arquivos de programas\Bonus
2007-07-13 10:38 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-13 10:38 29,696 --a------ C:\WINDOWS\system32\DGSTKIT.DLL
2007-07-13 10:38 28,944 --a------ C:\WINDOWS\system32\M3MPSAPI.DLL
2007-07-13 10:36 299,520 --a------ C:\WINDOWS\uninst.exe
2007-07-11 20:47 <DIR> d-------- C:\Arquivos de programas\EasyUploader
2007-07-08 01:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-08 00:50 <DIR> d-------- C:\Arquivos de programas\Syncsoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 16:19 --------- d-------- C:\Arquivos de programas\eMule
2007-08-05 14:50 --------- d-------- C:\Arquivos de programas\SUPERAntiSpyware
2007-08-05 09:55 68742 --a------ C:\WINDOWS\system32\perfc016.dat
2007-08-05 09:55 429038 --a------ C:\WINDOWS\system32\perfh016.dat
2007-08-04 23:01 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-04 21:22 49804 --a------ C:\WINDOWS\system32\prfc0416.dat
2007-08-04 21:22 347648 --a------ C:\WINDOWS\system32\prfh0416.dat
2007-08-03 10:38 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\uTorrent
2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-26 15:00 --------- d-------- C:\Arquivos de programas\BancoImobiliario
2007-07-21 17:14 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-07-16 12:48 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2007-07-04 19:30 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-01 13:23 203776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-06-24 00:58 --------- d-------- C:\Arquivos de programas\CORRETOR
2007-06-23 00:13 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-06-21 20:45 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\LimeWire
2007-06-16 17:38 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Skype
2007-06-08 21:07 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-30 11:41 92296 --------- C:\WINDOWS\system32\SNINSTALL.DLL
2007-05-30 11:40 235656 --------- C:\WINDOWS\system32\SNIPERIU.EXE
2007-05-30 11:36 2560 --------- C:\WINDOWS\system32\SNLINK.DLL
2007-05-30 11:35 186504 --------- C:\WINDOWS\system32\SnAgOS.DLL
2007-05-30 11:35 125064 --------- C:\WINDOWS\system32\SnAgOS.EXE
2007-05-30 11:34 739464 --------- C:\WINDOWS\system32\DAS.exe
2007-04-09 11:17 774144 --a------ C:\Arquivos de programas\RngInterstitial.dll
2007-01-22 15:56 168 --a------ C:\Arquivos de programas\Uninstall.ini
2004-10-01 14:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp. exe" [2007-07-27 19:03]
"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-05-07 18:40]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]
"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-05 11:26]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ policies\explorer\Run]
"5T19I3B27A"=C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]
"{A30BDD9D-6ACE-4E5E-A852-69205B4DE9A6}"= C:\WINDOWS\system32\tidxrv.dll [2001-01-01 10:37 57344]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\WINDOWS\Downloaded Program Files\gbiehCef.dll [2007-03-07 11:09 219456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL 2007-06-04 12:04 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys
R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys
R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys
R2 Ps2KSecureKeyboard;SecureKbd;\??\C:\WINDOWS\system32\DRIVERS\ psseckbd.sys
R2 SNMgrSvc;SNMgrSvc;"C:\WINDOWS\system32\SnMgrSvc.exe"
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 SASENUM;SASENUM;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys
S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe
S3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon. sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\{82ceb963-2c98-11dc-aac8-000795d9c48a}]
AutoRun\command- E:\autorun.exe
directx\command- E:\DirectX9\dxsetup.exe
setup\command- E:\setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 00:28:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 0:31:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 00:30

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 00:36:18, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Java\jre1.5.0_10\bin\jucheck.exe
C:\DOCUME~1\USURIO~1\CONFIG~1\Temp\Rar$EX00.531\ HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Atualizar Imagem com Qualidade Total - C:\Arquivos de programas\Acelerador Propel\pac-image.html
O8 - Extra context menu item: Atualizar Página com Qualidade Total - C:\Arquivos de programas\Acelerador Propel\pac-page.html
O8 - Extra context menu item: Autorizar pop-ups deste site - C:\Arquivos de programas\Acelerador Propel\pac-addwl.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul...recontrol2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa...GbPluginCef.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

[Coruj@]

GCG,

@- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

• The Avenger;

- Copie as instruções para o bloco de notas ou imprima!

- Faça a descompactação do Avenger e reserve-o numa pasta ou em seu desktop;

@- Execute a Ferramenta avenger.exe. Confirme: OK.

• Dentre as opções em "Script file to execute", selecione "Input Script Manually".
  
• Clique no ícone da lupa.
  
• Copie (Ctrl+C) o conteúdo (em vermelho) do "Quote" abaixo e cole-o (Ctrl+V) em "View/edit script".
  

  Quote

  Files to delete:
  C:\DOCUME~1\USURIO~1\xaurvk.exe
  C:\WINDOWS\svchost.dll
  C:\WINDOWS\system32\libwinets.dll
  C:\WINDOWS\system32\libcinet.exe
  
  Registry values to delete:
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ policies\explorer\Run|"5T19I3B27A"
  
  
• Clique em "Done".
  
• Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

- O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

- Log reservado: C:\avenger.txt

@- Reinicie em modo normal.

--|--

@- Veja se o problema continua, copie os logs do Hijack (atualizado), Avenger.txt e cole-os na sequência.

Mr. Coruj@

[GCG]

Ae fiz como vc pediu.....n vi ainda se problema continua vou entrar agora no MSN.....
mas tah ai em baixo os logs.....
vlw pela ajuda....

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ kinbdsmn

*******************

Script file located at: \??\C:\WINDOWS\fcajldfw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\DOCUME~1\USURIO~1\xaurvk.exe deleted successfully.
File C:\WINDOWS\svchost.dll deleted successfully.
File C:\WINDOWS\system32\libwinets.dll deleted successfully.
File C:\WINDOWS\system32\libcinet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ policies\explorer\Run|5T19I3B27A deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 18:51:30, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\USURIO~1\CONFIG~1\Temp\Rar$EX00.226\ HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Atualizar Imagem com Qualidade Total - C:\Arquivos de programas\Acelerador Propel\pac-image.html
O8 - Extra context menu item: Atualizar Página com Qualidade Total - C:\Arquivos de programas\Acelerador Propel\pac-page.html
O8 - Extra context menu item: Autorizar pop-ups deste site - C:\Arquivos de programas\Acelerador Propel\pac-addwl.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul...recontrol2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa...GbPluginCef.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

[Coruj@]

GCG, ok! Aguardarei o contato. Caso o problema continue, gere um novo log do ComboFix e cole-o.

Um forte abraço,

[GCG]

Pow cara vlw ae....ateh agora n apareceu mais nada......acho q deu certo vlw msm.....ABRAÇO!!!!!!!!!!!

[Coruj@]

GCG,

O seu log está LIMPO! Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

O seu PC estava infectado por Bankers. Como é possível que este computador estivesse sendo utilizado para capturar as suas senhas, recomendo trocá-las.

Obrigado pelo retorno e um forte abraço!

Mr. Coruj@

[Coruj@]

Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum.