Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
lucasafr

Malware?! Analisem meu log...

Recommended Posts

Acho que estou com algum "Dialer"...

Meu log do HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 10:15:08, on 02/07/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [aaosvyiycj] C:\WINDOWS\System32\odjoikdx.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe

O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe

O4 - HKLM\..\Run: [sbbBRnvsvca32.exe] C:\WINDOWS\SbbBRnvsvca32.exe

O4 - HKLM\..\Run: [VAYJanvsvca32.exe] C:\WINDOWS\VAYJanvsvca32.exe

O4 - HKLM\..\Run: [wLlYMnvsvca32.exe] C:\WINDOWS\wLlYMnvsvca32.exe

O4 - HKLM\..\Run: [DVlIhclfmon.exe] C:\WINDOWS\DVlIhclfmon.exe

O4 - HKLM\..\Run: [MSgbKclfmon.exe] C:\WINDOWS\MSgbKclfmon.exe

O4 - HKLM\..\Run: [eIDacclfmon.exe] C:\WINDOWS\eIDacclfmon.exe

O4 - HKLM\..\Run: [GgnqQclfmon.exe] C:\WINDOWS\GgnqQclfmon.exe

O4 - HKLM\..\Run: [dSVFhnvsvca32.exe] C:\WINDOWS\dSVFhnvsvca32.exe

O4 - HKLM\..\Run: [vjyHwclfmon.exe] C:\WINDOWS\vjyHwclfmon.exe

O4 - HKLM\..\Run: [svcH0st] C:\WINDOWS\svchst.exe /i

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Opa, acho que deu certo...

Segue o relatório do SDFix:

SDFix: Version 1.89

Run by User on 03/07/2007 at 10:06

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\ubenyr.exe.tmp - Deleted

C:\WINDOWS\Temp\win11D3.tmp.exe - Deleted

C:\WINDOWS\Temp\win18E8.tmp.exe - Deleted

C:\WINDOWS\Temp\win18E9.tmp.exe - Deleted

C:\WINDOWS\Temp\win18EA.tmp.exe - Deleted

C:\WINDOWS\Temp\win18EB.tmp.exe - Deleted

C:\WINDOWS\Temp\win1900.tmp.exe - Deleted

C:\WINDOWS\Temp\win510.tmp.exe - Deleted

C:\WINDOWS\Temp\win77C.tmp.exe - Deleted

C:\WINDOWS\Temp\win11D3.tmp.exe - Deleted

C:\WINDOWS\Temp\win18E8.tmp.exe - Deleted

C:\WINDOWS\Temp\win18E9.tmp.exe - Deleted

C:\WINDOWS\Temp\win18EA.tmp.exe - Deleted

C:\WINDOWS\Temp\win18EB.tmp.exe - Deleted

C:\WINDOWS\Temp\win1900.tmp.exe - Deleted

C:\WINDOWS\Temp\win510.tmp.exe - Deleted

C:\WINDOWS\Temp\win77C.tmp.exe - Deleted

C:\Documents and Settings\User\Dados de aplicativos\Install.dat - Deleted

C:\WINDOWS\system32\svcp.csv - Deleted

C:\WINDOWS\system32\winsub.xml - Deleted

C:\WINDOWS\Temp\$_2341234.TMP - Deleted

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS

C:\WINDOWS

No streams found.

Checking C:\WINDOWS\system32

C:\WINDOWS\system32

No streams found.

Checking C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\User\Ambiente de rede\amorim em www.professoramorim.com.br\Desktop.ini

C:\Documents and Settings\User\Ambiente de rede\modelos em www.exner.com.br\Desktop.ini

C:\Arquivos de programas\180Solutions\FLEOK\ncmyb.dll.tmp

C:\Arquivos de programas\180Solutions\FLEOK\ncmyb.dll.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0003.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0004.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0005.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL1911.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL1963.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2033.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2079.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2584.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL3616.tmp

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL3856.tmp

C:\Documents and Settings\User\Desktop\Fortuna Rodrigues Advocacia\C¡vel\Doutrina\Manual de Procedimento - TJSC\~WRL2364.tmp

C:\Documents and Settings\User\Meus documentos\Pessoal\Monografia\Leis\~WRL0036.tmp

C:\Documents and Settings\User\Meus documentos\Pessoal\Monografia\Leis\~WRL2446.tmp

C:\WINDOWS\LastGood.Tmp\INF\oem3.inf

C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF

C:\Arquivos de programas\eMule\Incoming\32bit Convert It v9.76.01 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\3D Webmaker v2.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Aare AVI to VCD DVD SVCD MPEG Converter v6.1 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\ABC 4' KIDS Workshop v1.0 by ViRiLiTY serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\AbsoluteFTP v2.2.3 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\AceFTP 3 Pro v3.61.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Advanced GIF Animator v2.2 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Ahead Nero Burning Rom Enterprise Edition v5.5.10.42 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Air and Space Scenic Reflections Screen Saver v1.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Alcohol 120% v1.9.2.1705 by YAG serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Apple QuickTime Pro v6.5.2 German by CORE serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Ashampoo AudioCD Mp3 studio serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Avast Professional Edition v4.0.202 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\AVG6 Professional v6.0.732 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\AVI-MPEG-ASF-WMV Splitter v3.22 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Avs video converter serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\BeFaster v2.73 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Bookworm serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\CacheSaver v1.0.1 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\CAKEWALK MUSIC CRETOR PRO 2004 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Cantax T1Plus with EFILE v2.1.303.106a serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\City Select MapSource European serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Codename Panzers Phase One German serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Cold Fusion MX Enterprise v6.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Command & Conquer Generƒýle - Die Stunde Null v1.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Corel Draw 9 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Criando Home Sites serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Cruciver v4.24 French serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\CSS Quick Backup v2.0.1201 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Cumberland Family Tree 32bit v2.23 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Cyclone Screensaver Maker v2.02 Standard serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\DFX for Windows Media Player v6.1 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\DFX v5.10 for Winamp serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Doom3 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\DVD-Lab v1.3 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\EZ IE Backup Pro v2.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\FlashCapture v1.53 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\fMSX Plus v1.5.x serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Font Reserve serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\FullShot v8.2 Enterprise Edition serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Gear 4 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\GraphicConverter v5.4 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Home Plan Professional v4.3.10 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Image Wrangler v1.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\ImTOO MPEG Encoder v2.1.x serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Incredimail LetterCreator serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Macromedia Flash MX v6.0 Unlimited License serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Mah Jong Adventures GameHouse serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Matlab Complete (Addons) v6 0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Mgs Karting v1.90 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Microsoft Office OneNote 2003 Beta2 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Mortgage Matrix Calculator v3.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Mozzle Pro v3.01 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\MS Exchange Server 2003 Enterprise serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\NetDL v1 0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Office XP Proffessional serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Picasa v1.5.1 build v4.41 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Pinnacle Studio v9.0.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\PKZip Server v8.10.0037 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Power DVD Pro 6 v2.55 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Quest Spotlight on Active Directory v4 0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Quickoffice Premier v2 0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\QuickTime Pro v7.0.2.120 for Windows - Final serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Readbook v1.51 by Astek serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\REALbasic v5.5.3 Professional serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Secure Communicator v4.0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Senha PowerBuilder v7 0 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\SereneEscreen Marine Aquarium v2.0 BY FELIPOLLO serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\SilverStream Single Developer Pack v2.53 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Slots of Trivia serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Smart Video Converter v1.59 by iPA serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Soldiers Heroes of World War II serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Sonic Foundry Acid Pro v4.0d Build 392 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\SpeederXP v1.60 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\SPSS serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Super Jigsaw Great Art serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\swishpix serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Tavrida WebSite Editor v3.0.r4066 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Unreal Tournament 2004 deviance serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Visiosonic PCDJ Red serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Vulcan FinanceCalc 97 v1.10 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Warcraft III regin of chaos original cd key for batlle net serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Windows XP Professional 5 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Windows XP SP2 Professional Edition Corporate serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\WindowsLonghorn 4074 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\WinDVD Tweaker Pro v4.35 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\WinDVD v5.1 serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\Winproxy v5.0 R1a serial keygen.zip

C:\Arquivos de programas\eMule\Incoming\WinXP Pro SP1 serial keygen.zip

Finished

E o Log do HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 10:22:25, on 03/07/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [aaosvyiycj] C:\WINDOWS\System32\odjoikdx.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [sbbBRnvsvca32.exe] C:\WINDOWS\SbbBRnvsvca32.exe

O4 - HKLM\..\Run: [VAYJanvsvca32.exe] C:\WINDOWS\VAYJanvsvca32.exe

O4 - HKLM\..\Run: [wLlYMnvsvca32.exe] C:\WINDOWS\wLlYMnvsvca32.exe

O4 - HKLM\..\Run: [DVlIhclfmon.exe] C:\WINDOWS\DVlIhclfmon.exe

O4 - HKLM\..\Run: [MSgbKclfmon.exe] C:\WINDOWS\MSgbKclfmon.exe

O4 - HKLM\..\Run: [eIDacclfmon.exe] C:\WINDOWS\eIDacclfmon.exe

O4 - HKLM\..\Run: [GgnqQclfmon.exe] C:\WINDOWS\GgnqQclfmon.exe

O4 - HKLM\..\Run: [dSVFhnvsvca32.exe] C:\WINDOWS\dSVFhnvsvca32.exe

O4 - HKLM\..\Run: [vjyHwclfmon.exe] C:\WINDOWS\vjyHwclfmon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Espero que esteja tudo certo,

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Bom, acabei de postar a resposta e o "Dialer" tentou ligar novamente... Ainda bem que meu computador não é ligado a nenhum telefone. Já aconteceu isso comigo anteriormente, com um notebook, e foi resolvido com o Killbox.

O que posso fazer agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Limpe a pasta Incoming do Emule :P

- Faça o download do ComboFix

  • Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir o Fix. Vai durar uma média de 10 minutos.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Ok, obrigado novamente pela força. Acho que agora tudo correu bem...

Segue o ComboFix.txt:

"User" - 2007-07-04 10:02:46 - ComboFix 07-07-04.1 - Service Pack 1

/wow section - STAGE #3

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\winjvd32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\secure32.html

C:\WINDOWS\secure32.html

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

2007-07-04 10:02 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-03 19:12 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2007-07-03 19:11 45,056 --a------ C:\WINDOWS\system\csrss.exe

2007-07-03 19:06 <DIR> d-------- C:\Arquivos de programas\DivXLand

2007-07-03 19:05 32,768 --a------ C:\WINDOWS\system\lsass.exe

2007-07-03 19:05 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

2007-07-03 19:05 <DIR> d-------- C:\Arquivos de programas\Busca Legendas

2007-07-03 18:51 <DIR> d-------- C:\Arquivos de programas\URUSoft

2007-07-03 18:46 <DIR> d-------- C:\DOCUME~1\User\DADOSD~1\Media Player Classic

2007-07-03 18:39 <DIR> d-------- C:\Arquivos de programas\DivX Subtitle Displayer

2007-07-03 18:34 <DIR> d-------- C:\Arquivos de programas\Gabest

2007-07-03 18:31 1,188 --a------ C:\WINDOWS\mozver.dat

2007-07-03 18:27 <DIR> d-------- C:\DOCUME~1\User\DADOSD~1\RadLight Company

2007-07-03 18:27 <DIR> d-------- C:\Arquivos de programas\RadLight Company

2007-07-03 16:58 <DIR> d-------- C:\Downloads

2007-07-03 16:53 <DIR> d-------- C:\Arquivos de programas\FlashGet

2007-07-03 16:45 0 --a------ C:\WINDOWS\nsreg.dat

2007-07-03 16:34 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2007-07-03 10:05 <DIR> d-------- C:\WINDOWS\ERUNT

2007-07-02 10:15 <DIR> d-------- C:\!KillBox

2007-06-11 11:11 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2007-06-07 16:10 20,480 --a------ C:\WINDOWS\system32\ac3config.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 13:01:12 -------- d-----w C:\Arquivos de programas\eMule

2007-07-04 10:54:52 -------- d-----w C:\Arquivos de programas\Google

2007-06-18 16:46:07 -------- d-----w C:\Arquivos de programas\NCH Swift Sound

2007-05-24 19:10:06 21,120 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys

2007-05-24 19:10:06 -------- d-----w C:\DOCUME~1\User\DADOSD~1\NCH Swift Sound

2007-05-23 18:31:10 1 ----a-w C:\AUTOEXEC.BAT

2007-05-17 18:44:51 -------- d-----w C:\DOCUME~1\User\DADOSD~1\Sammsoft

2007-05-12 19:24:23 -------- d-----w C:\Arquivos de programas\Freecorder

2007-05-12 18:56:24 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-05-12 17:05:57 -------- d-----w C:\Arquivos de programas\GbPlugin

2007-05-11 19:57:25 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-11 19:54:24 -------- d-----w C:\Arquivos de programas\Digital Camera

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2001-03-02 12:02 37808 --------- C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FA-11D3-8D96-D7ACAC95951A}]

C:\PROGRA~1\SWPR\web.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

2007-06-29 08:44 94308 --a------ C:\Arquivos de programas\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

2006-10-31 03:55 1803720 --a------ C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}]

C:\WINDOWS\System32\nvms.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

2006-12-11 16:46 110592 --a------ C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

2007-02-22 15:00 228392 --a------ C:\WINDOWS\Downloaded Program Files\gbieh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

2006-12-14 13:28 214528 --a------ C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}]

C:\WINDOWS\System32\mscb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]

C:\WINDOWS\System32\apuc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

2007-05-16 02:05 163840 --a------ C:\Arquivos de programas\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2004-06-07 00:46]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" []

"BullsEye Network"="C:\Arquivos de programas\BullsEye Network\bin\bargains.exe" []

"nwiz"="nwiz.exe" [2002-09-27 04:38 C:\WINDOWS\system32\nwiz.exe]

"SGL"="C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe" []

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"lsass"="C:\Windows\System\lsass.exe" [2007-07-03 19:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lsass"="C:\Windows\System\lsass.exe" [2007-07-03 19:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2007-02-22 15:00]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\WINDOWS\Downloaded Program Files\gbiehabn.dll" [2006-12-14 13:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=NVDESK32.DLL

Contents of the 'Scheduled Tasks' folder

2007-07-04 13:07:47 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-04 10:08:05

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-04 10:10:03 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-04 10:09

--- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Lá vai:

Logfile of HijackThis v1.99.1

Scan saved at 09:20:23, on 05/07/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

c:\windows\system\csrss.exe

C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [lsass] C:\Windows\System\lsass.exe

O4 - HKCU\..\Run: [lsass] C:\Windows\System\lsass.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o Painel de Controle > Adicionar ou Remover Programas e desinstale:

Internet Optimizer

BullsEye Network

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

c:\windows\system\csrss.exe
C:\Windows\System\lsass.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [lsass] C:\Windows\System\lsass.exe

O4 - HKCU\..\Run: [lsass] C:\Windows\System\lsass.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Apague as pastas em destaque:

C:\Program Files\Internet Optimizer

C:\Arquivos de programas\BullsEye Network

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Logfile of HijackThis v1.99.1

Scan saved at 10:11:15, on 09/07/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague o arquivo backups que está em C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis e C:\!Killbox;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×