Teclado com delay

[bareta]

bom desativei uns arquivo estranho da inicialização ... mais não resolveu...

log fo hijack

update apos o combofix deu uma enxugada aqui...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:26:40, on 6/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{99C48431-CE0E-4107-A5C1-87F5257470EF}: NameServer = 10.1.1.1

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 6388 bytes

ComboFix 09-04-04.01 - Agrosala 2009-04-06 15:34:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.767.372 [GMT -3:00]

Executando de: e:\programas\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\BitCometRes.dll

c:\windows\system32\Cache

c:\windows\system32\libmhash.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Legacy_OREANS32

-------\Service_GbpSv

-------\Service_oreans32

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))

.

2009-04-06 15:28 . 2006-03-02 23:42 73,728 --a------ C:\pv.exe

2009-04-06 15:11 . 2009-04-06 15:11 <DIR> d-------- C:\Downloads

2009-04-06 15:09 . 2009-04-06 15:30 <DIR> d-------- c:\arquivos de programas\BitComet

2009-04-06 14:18 . 2009-04-06 14:18 <DIR> d-------- c:\documents and settings\Agrosala\Dados de aplicativos\Malwarebytes

2009-04-06 14:17 . 2009-04-06 14:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-04-06 14:17 . 2009-04-06 14:20 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-06 14:17 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 14:17 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-04-06 13:55 . 2009-04-06 13:55 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-04-06 11:32 . 2009-03-10 17:05 26,320 --a------ c:\windows\system32\drivers\gbpkm.sys

2009-03-31 14:14 . 2009-04-06 11:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-31 14:14 . 2009-04-06 11:33 <DIR> d-------- c:\arquivos de programas\GbPlugin

2009-03-31 14:13 . 2009-03-31 14:13 185 --a------ C:\aapj.properties

2009-03-31 14:10 . 2009-03-31 14:10 <DIR> d-------- c:\windows\Sun

2009-03-31 14:08 . 2009-03-31 14:07 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-31 14:08 . 2009-03-31 14:07 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-31 14:07 . 2009-03-31 14:07 <DIR> d-------- c:\arquivos de programas\Java

2009-03-30 13:27 . 2009-03-30 13:27 12,128 --a------ c:\windows\FontData.fdb

2009-03-30 11:19 . 2009-03-30 11:19 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-03-30 09:46 . 2009-03-30 09:46 <DIR> d-------- c:\documents and settings\Agrosala\Dados de aplicativos\Corel

2009-03-30 09:41 . 2009-03-30 09:41 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-03-30 09:34 . 2009-03-30 09:34 <DIR> d-------- c:\arquivos de programas\Corel

2009-03-30 09:34 . 2009-03-30 09:34 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2009-03-30 09:29 . 2009-04-03 13:52 2,828 --ahs---- c:\windows\system32\KGyGaAvL.sys

2009-03-27 16:14 . 2009-03-27 16:58 <DIR> d-------- C:\php

2009-03-27 14:18 . 2009-03-27 14:18 <DIR> d-------- C:\USR

2009-03-24 09:38 . 2009-03-02 06:48 196,608 --a------ c:\windows\system32\ChartViewer.ocx

2009-03-24 09:37 . 2009-03-24 09:38 <DIR> d-------- c:\arquivos de programas\ChartDirector

2009-03-19 13:55 . 2009-03-19 13:55 <DIR> d-------- C:\Dundas

2009-03-18 10:25 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-18 10:25 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-18 10:25 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-18 10:02 . 2009-03-18 10:02 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-17 15:52 . 2009-04-06 13:49 69 --a------ c:\windows\NeroDigital.ini

2009-03-17 15:40 . 2008-04-13 11:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-03-17 15:37 . 2009-03-17 15:37 <DIR> d-------- C:\SERFIEX

2009-03-17 15:35 . 2009-04-06 14:56 <DIR> d-------- C:\CMAS4

2009-03-17 14:25 . 2009-03-17 14:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-03-17 14:25 . 2009-03-17 14:25 <DIR> d-------- c:\arquivos de programas\ESET

2009-03-17 13:54 . 2009-03-17 13:54 <DIR> d-------- c:\documents and settings\Agrosala\Dados de aplicativos\Crystal Art Software

2009-03-17 13:52 . 2009-03-17 13:52 <DIR> d-------- c:\arquivos de programas\Crystal FTP Pro

2009-03-17 12:49 . 2009-03-27 14:00 100 --a------ c:\windows\system32\UNWISE.INI

2009-03-17 12:48 . 2009-03-17 12:48 <DIR> d-------- c:\arquivos de programas\PremiumSoft

2009-03-17 12:48 . 2002-09-30 11:15 679,989 --a------ c:\windows\system32\myodbc3d.dll

2009-03-17 12:48 . 2002-09-30 10:44 344,064 --a------ c:\windows\system32\myodbc3.dll

2009-03-17 12:48 . 2002-07-26 17:02 153,088 --a------ c:\windows\system32\UNWISE.EXE

2009-03-17 12:48 . 2002-09-30 10:44 17,438 --a------ c:\windows\system32\myodbc3.lib

2009-03-17 12:47 . 2009-03-19 10:20 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-03-17 12:47 . 2009-03-17 12:47 33,856 --a------ c:\windows\system32\drivers\oreans32.sys

2009-03-17 12:44 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-17 12:44 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-17 12:44 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-17 12:44 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-17 12:42 . 2009-03-17 12:42 <DIR> d-------- c:\arquivos de programas\MySQL

2009-03-17 12:37 . 2009-03-17 13:10 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-17 12:35 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-17 12:35 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-17 12:33 . 2009-03-17 12:33 <DIR> d-------- c:\windows\IIS Temporary Compressed Files

2009-03-17 12:30 . 2009-03-17 12:30 <DIR> d-------- c:\windows\system32\Logfiles

2009-03-17 12:27 . 2009-03-17 12:27 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macromedia Shared

2009-03-17 12:27 . 2009-03-17 13:31 1 --a------ c:\windows\system32\FlashPaper2PrinterPort

2009-03-17 12:14 . 2009-03-17 13:31 <DIR> d-------- c:\arquivos de programas\Macromedia

2009-03-17 12:14 . 2009-03-17 12:27 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-03-17 12:12 . 2009-03-17 12:26 <DIR> d-------- c:\windows\Downloaded Installations

2009-03-17 12:07 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-03-17 12:07 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-03-17 12:07 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-17 12:07 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-03-17 12:07 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-17 12:07 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-03-17 12:07 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-03-17 12:07 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-03-17 12:07 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-17 12:07 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-03-17 12:02 . 2009-03-18 13:52 <DIR> d-------- c:\documents and settings\Agrosala\Dados de aplicativos\Ahead

2009-03-17 12:01 . 2009-03-17 13:44 <DIR> d-------- C:\bancobrasil

2009-03-17 12:00 . 2009-03-17 12:00 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-03-17 11:54 . 2009-03-17 11:54 <DIR> d-------- c:\documents and settings\Agrosala\Dados de aplicativos\Configuration

2009-03-17 11:52 . 2009-03-17 11:52 <DIR> d-------- c:\documents and settings\Agrosala\Contacts

2009-03-17 11:52 . 2009-03-24 09:37 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2009-03-17 11:52 . 2009-03-17 11:54 <DIR> d-------- c:\arquivos de programas\DriverGuide Toolkit

2009-03-17 11:52 . 2009-03-30 09:41 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-17 11:52 . 2005-12-06 14:06 903,352 --a------ c:\windows\system32\Codejock.CommandBars.v9.81.ocx

2009-03-17 11:52 . 2005-12-06 14:06 526,520 --a------ c:\windows\system32\Codejock.DockingPane.v9.81.ocx

2009-03-17 11:52 . 2005-12-06 14:06 428,216 --a------ c:\windows\system32\Codejock.ReportControl.v9.81.ocx

2009-03-17 11:52 . 2005-12-06 14:06 334,008 --a------ c:\windows\system32\Codejock.TaskPanel.v9.81.ocx

2009-03-17 11:52 . 2004-03-09 01:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX

2009-03-17 11:52 . 2001-11-29 09:57 110,592 --a------ c:\windows\system32\ccrpbds6.dll

2009-03-17 11:51 . 2009-03-18 10:23 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-17 11:51 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-17 11:50 . 2009-03-17 11:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-03-17 11:50 . 2009-03-17 11:50 <DIR> d-------- c:\arquivos de programas\Nero

2009-03-17 11:50 . 2009-03-17 11:58 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-17 11:49 . 2009-03-17 11:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-17 11:49 . 2009-03-17 11:49 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2009-03-17 10:57 . 2009-03-17 10:57 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-17 10:57 . 2009-03-17 10:57 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2009-03-17 10:56 . 2009-03-17 10:56 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-03-17 10:11 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll

2009-03-17 10:11 . 2009-03-27 14:00 737 --a------ c:\windows\ODBC.INI

2009-03-17 10:10 . 2009-03-17 10:10 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2009-03-17 10:09 . 2009-03-17 10:10 <DIR> d-------- c:\windows\SHELLNEW

2009-03-17 10:06 . 2009-03-17 09:53 <DIR> d--h----- c:\documents and settings\Agrosala\Modelos

2009-03-17 10:06 . 2009-03-26 16:32 <DIR> dr------- c:\documents and settings\Agrosala\Meus documentos

2009-03-17 10:06 . 2009-03-30 09:41 <DIR> dr------- c:\documents and settings\Agrosala\Menu Iniciar

2009-03-17 10:06 . 2009-03-19 16:53 <DIR> dr------- c:\documents and settings\Agrosala\Favoritos

2009-03-17 10:06 . 2009-04-06 14:18 <DIR> dr-h----- c:\documents and settings\Agrosala\Dados de aplicativos

2009-03-17 10:06 . 2009-03-17 10:06 <DIR> d--h----- c:\documents and settings\Agrosala\Configurações locais

2009-03-17 10:06 . 2009-03-31 14:23 <DIR> d--h----- c:\documents and settings\Agrosala\Ambiente de rede

2009-03-17 10:06 . 2009-03-17 06:46 <DIR> d--h----- c:\documents and settings\Agrosala\Ambiente de impressão

2009-03-17 10:06 . 2009-03-27 15:43 <DIR> d-------- c:\documents and settings\Agrosala

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d---s---- c:\windows\system32\Microsoft

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d-------- c:\documents and settings\NetworkService\Dados de aplicativos

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d--h----- c:\documents and settings\NetworkService\Configurações locais

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d--hs---- c:\documents and settings\NetworkService

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d-------- c:\documents and settings\LocalService\Dados de aplicativos

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d--h----- c:\documents and settings\LocalService\Configurações locais

2009-03-17 10:05 . 2009-03-17 10:05 <DIR> d--hs---- c:\documents and settings\LocalService

2009-03-17 10:05 . 2009-03-17 10:05 8,192 --a------ c:\windows\REGLOCS.OLD

2009-03-17 10:03 . 2009-03-17 09:53 <DIR> d--h----- c:\windows\system32\config\systemprofile\Modelos

2009-03-17 10:03 . 2009-03-17 06:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Meus documentos

2009-03-17 10:03 . 2009-03-17 06:46 <DIR> dr------- c:\windows\system32\config\systemprofile\Menu Iniciar

2009-03-17 10:03 . 2009-03-17 06:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Favoritos

2009-03-17 10:03 . 2009-03-17 06:46 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Dados de aplicativos

2009-03-17 10:03 . 2009-04-06 15:36 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Configurações locais

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-17 12:57 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-17 12:56 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-06 17:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys

2009-02-06 17:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys

2009-02-06 17:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-31 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-10 17:03 421168 c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

2009-03-10 17:03 421168 c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Crystal FTP Pro\\crystalftp.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-04-06 26320]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {99C48431-CE0E-4107-A5C1-87F5257470EF} = 10.1.1.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 15:42:24

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(544)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-06 15:48:16 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-06 18:48:12

Pré-execução: 7.972.249.600 bytes disponíveis

Pós execução: 8,838,955,008 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

243 --- E O F --- 2009-03-19 16:17:2

[JackSSA]

Acesse este site: http://www.virustotal.com/pt/

Em Enviar arquivo coloque: C:\pv.exe

Em seguida clique em Enviar arquivo

Copie e poste o resultado deste exame.