Ir ao conteúdo
  • Cadastre-se
cvosiro

Vundo - não consigo remover

Posts recomendados

Olá

estou tendo problemas com o vírus vundo. Não consigo remover.

Por favor me ajudem

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:00:13, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot.exe

C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot .exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjk.exe

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [zFTPServer] "C:\Arquivos de programas\zFTPServer\zFTPServer.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [bc1e72f9] rundll32.exe "C:\WINDOWS\system32\dyxbbhwi.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NoAdware5] "C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" :Scan:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AntiSpywareBot] C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot.exe -boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: zFTPServer Administration.lnk = C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5133/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: DomainService - - C:\WINDOWS\system32\bjmlcfjm.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 6560 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o seguinte:

Faça um novo LOG, do mesmo jeito q você fez esse. Exclua essas duas chaves, selecionando-as e clicado em "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

e

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Faça um novo Log e mande pra cá.

Abrcs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada John, pelo apoio.

Após a remoção das duas chaves meu sistema travou e tive que reiniciar.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:36:58, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr .Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Skype\Phone\Skype .exe

C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot .exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [zFTPServer] "C:\Arquivos de programas\zFTPServer\zFTPServer.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [bc1e72f9] rundll32.exe "C:\WINDOWS\system32\dyxbbhwi.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NoAdware5] "C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" :Scan:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AntiSpywareBot] C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot.exe -boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: zFTPServer Administration.lnk = C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5133/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 6400 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu sistema está limpo. Verifique como ele ficou, se continua travando e principalmente se o vírus ainda está presente.

Poste se alguma coisa de errado aconteceu.

Abrçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

John,

quando passo antispywarebot ele acusa as seguintes coisas

tracking cookie

ATDMT ( emostra o arquivo)

agent

C:\windows\system32\vtstt.dll

adware

vundo

hkey_local_machine\software\microsoft\fcovm

hkey_local_machine\software\microsoft\removeverp

essas duas chaves em especial, sempre aparecem quando eu scaneo o computador

Compartilhar este post


Link para o post
Compartilhar em outros sites

ao reiniciar o computador agora obtive a seguinte mensagem:

Erro ao carregar "C:\windows\system32\dyxbbhwi.dll".

Não é possivel encontrar o módulo especificado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Calma.

Abra o menu executar e digite "regedit". Procure as chaves que o spyware identificou, abrindo as abas esquerdas. Exclua elas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

esta chave restaura sozinha

hkey_local_machine\software\microsoft\fcovm

hkey_local_machine\software\microsoft\removeverp

agent

C:\windows\system32\vtstt.dll

outro problema que acontece sempre quando o sistema é reinicializado é esse:

Erro ao carregar "C:\windows\system32\dyxbbhwi.dll".

Não é possivel encontrar o módulo especificado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o VundoFix

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Estou analizando seu log e encontrei problemas quando você falou da reinicialização do sistema, onde dá erro ao carregar "C:\windows\system32\dyxbbhwi.dll".

é vírus! Faça o Log com o HijackThis e selecione as seguintes chaves:

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe

O4 - HKLM\..\Run: [bc1e72f9] rundll32.exe "C:\WINDOWS\system32\dyxbbhwi.dll",b

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

Desintale o Anti Spyware Bot, pois é falso. Instale outro.

Abrçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu peguei o anti spyware bot no site www.antispywarebot.com

Inclusive paguei pela chave dele.

Ele é realmente falso?

Estou fazendo os passos que você passou. Assim que terminar eu postarei o log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Essa do Anti Spyware Bot eu não sabia, só tô sabendo agora.

Wlw pela ajuda "msayago"

É nóis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Neste link conta mais sobre programas falsos:

http://linhadefensiva.uol.com.br/artigos/antispyware-falso/

http://es.pcthreat.com/parasitesbycat-24es.html Anti-Spywares Falsos

Ainda varios anti-spyware falsos não são "detectados" como falsos, por isso sempre instale anti-spywares conhecidos como Spybot que ainda por cima são gratuitos.

E aqui mais um link sobre o AntySpywareBot:

http://assiste.com.free.fr/p/craptheque/antispywarebot.html

http://es.pcthreat.com/parasitebyid-6586es.html

Numa analise com o site VirusTotal foi encontrado um parasita

E você pode perceber que o site do AntiSpywareBot há varios links para download, o banner

banner1.gif

Não tem nenhum link para comprovar essas "premiações" e esse outro link http://www.antispywarebot.com/members/login.php suspeito né ? além de 1 link não encontrado na area de Support.

E ainda ser detectado outros programas de remoção de pragas exemplo o ComboFix. :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Puxa vida!

Valeu pela dica. Vou tentar resgatar meu dinheiro já que paguei ontem por ele. Será que existe alguma coisa a fazer a respeito da compra?

Bom, o log do Vundofix ta aí! Acho que o log edstá bem grande porque rodei ele umas trocentas vezes hoje.

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\awvvv.dll

C:\WINDOWS\system32\awvvv.exe

C:\windows\system32\vvvwa.ini

C:\WINDOWS\system32\vvvwa.ini2

Beginning removal...

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\awvvv.dll

C:\WINDOWS\system32\awvvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvv.exe

C:\WINDOWS\system32\awvvv.exe Has been deleted!

Attempting to delete C:\windows\system32\vvvwa.ini

C:\windows\system32\vvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.ini2

C:\WINDOWS\system32\vvvwa.ini2 Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 18:59:26 31/12/2007

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.exe

Beginning removal...

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\vtstt.exe Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 19:18:37 31/12/2007

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.exe

Beginning removal...

Attempting to delete C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\mljgh.exe Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 19:58:10 31/12/2007

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\mljgh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\vtstt.exe Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 20:29:10 31/12/2007

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\vtstt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\mljgh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\vtstt.exe Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\mljgh.exe Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 13:45:35 1/1/2008

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\dyxbbhwi.dll

C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\iwhbbxyd.ini

C:\WINDOWS\system32\iwhbbxyd.ini2

C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\yfxbekvi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\bjmlcfjm.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dyxbbhwi.dll

C:\WINDOWS\system32\dyxbbhwi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\iwhbbxyd.ini

C:\WINDOWS\system32\iwhbbxyd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iwhbbxyd.ini2

C:\WINDOWS\system32\iwhbbxyd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.exe

C:\WINDOWS\system32\mljgh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\vtstt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yfxbekvi.dll

C:\WINDOWS\system32\yfxbekvi.dll Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\bjmlcfjm.exe Could not be deleted.

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 14:05:06 1/1/2008

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\kjkmp.ini

C:\WINDOWS\system32\kjkmp.ini2

C:\WINDOWS\system32\pmkjk.dll

C:\WINDOWS\system32\pmkjk.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\bjmlcfjm.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kjkmp.ini

C:\WINDOWS\system32\kjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjkmp.ini2

C:\WINDOWS\system32\kjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.dll

C:\WINDOWS\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.exe

C:\WINDOWS\system32\pmkjk.exe Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\bjmlcfjm.exe Could not be deleted.

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 17:22:50 1/1/2008

Listing files found while scanning....

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\pmkjk.dll

C:\WINDOWS\system32\pmkjk.exe

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjmlcfjm.exe

C:\WINDOWS\system32\bjmlcfjm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.dll

C:\WINDOWS\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.exe

C:\WINDOWS\system32\pmkjk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\vtstt.exe Has been deleted!

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

Performing Repairs to the registry.

Done!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:01:03, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp .exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr .Exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [zFTPServer] "C:\Arquivos de programas\zFTPServer\zFTPServer.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NoAdware5] "C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" :Scan:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AntiSpywareBot] C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot.exe -boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: zFTPServer Administration.lnk = C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5133/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 6850 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

estava lendo o log do HijackThis que postei e o

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe

voltou sozinho.

ahh tem um diretorio no meu computador "C:\ARQUIV~1\GbPlugin" que restaura sozinho.

Nele o vundofix sempre detecta o C:\ARQUIV~1\GbPlugin\gbiehabn.dll

Compartilhar este post


Link para o post
Compartilhar em outros sites

Isso depende da "loja" espero que eles devolvam ainda por cima foi comprado em 1 dia, começou tudo isso após você ter instalado ele ? Guarde tudo o que você tem deles (serial, registro,nome, email...)

Faça o download do Killbox , descompacte-o e execute-o.

- Marque a opção Delete on Reboot.

- Agora copie os arquivos abaixo:

(selecione e clique em Editar > Copiar).

C:\WINDOWS\system32\vtstt.exe

- Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

- Clique no botão X. Responda Não à pergunta.

Com o Hijack This selecione depois clique no botão Fix Checked nas seguinte entrada:

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe

@@@@@@@@@@@@@@@@@@@@@@@@

Esse programa irá eliminar o anti-spyware e quem sabe eliminar outros virus e derivados. :D

Baixe o Combofix;

Feche todas as janelas abertas e execute a Ferramenta ComboFix.

Digite a opção para continuar e <ENTER>.

Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

Envie o log do ComboFix que está em C:\ComboFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

O avast é um anti virus seguro? Me parece que o combofix tb eliminou ele...

ComboFix 07-12-31.4 - Claudio e Valéria 2008-01-01 19:00:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1574 [GMT -2:00]

Executando de: C:\Documents and Settings\Claudio e Valéria\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\AntiSpywareBot

C:\Arquivos de programas\AntiSpywareBot\AntiSpywareBot .exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 01_12_55 PM_812.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 01_15_31 PM_593.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 01_27_21 PM_234.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 01_31_09 PM_906.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 01_32_21 PM_765.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 02_21_00 PM_515.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 02_27_16 PM_156.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 02_59_54 PM_015.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 03_36_28 PM_656.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 03_52_34 PM_921.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 03_53_41 PM_406.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 04_17_19 PM_781.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 04_21_10 PM_437.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 04_22_08 PM_890.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 04_29_10 PM_515.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 04_30_12 PM_500.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 05_12_29 PM_265.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 05_39_31 PM_078.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 05_43_05 PM_953.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 05_54_07 PM_046.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Log\2008 Jan 01 - 06_09_34 PM_890.log

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Settings\CustomScan.stg

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Settings\IgnoreList.stg

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Settings\ScanInfo.stg

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Settings\SelectedFolders.stg

C:\Documents and Settings\Claudio e Valéria\Dados de aplicativos\AntiSpywareBot\Settings\Settings.stg

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\fcccbcd.dll

C:\WINDOWS\system32\jkkkkig.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mljjjjj.dll

C:\WINDOWS\system32\nwiz.exe

C:\WINDOWS\system32\rqrrqqr.dll

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini2

C:\WINDOWS\system32\tuvutts.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.exe

C:\WINDOWS\system32\wvurqpn.dll

C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((( Ficheiros criados de 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))

.

2008-01-01 18:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 17:42 . 2008-01-01 17:42 348,160 --a------ C:\WINDOWS\system32\RCX40.tmp

2008-01-01 17:22 . 2008-01-01 17:36 <DIR> d-------- C:\VundoFix Backups

2008-01-01 16:31 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-01 16:31 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-01 16:31 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-01 16:31 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-01 16:31 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-01 16:31 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-01 16:31 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-01 16:31 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-01 16:30 . 2008-01-01 16:30 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-01-01 15:36 . 2008-01-01 15:36 348,160 --a------ C:\WINDOWS\system32\RCX2A.tmp

2008-01-01 14:41 . 2008-01-01 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-01-01 14:37 . 2008-01-01 14:37 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-01-01 14:37 . 2008-01-01 14:37 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-01 14:32 . 2008-01-01 14:32 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-01-01 14:26 . 2008-01-01 14:26 348,160 --a------ C:\WINDOWS\system32\RCX29.tmp

2007-12-31 19:57 . 2007-12-31 19:57 348,160 --a------ C:\WINDOWS\system32\RCXE.tmp

2007-12-31 18:26 . 2007-12-31 18:26 348,160 --a------ C:\WINDOWS\system32\RCX4.tmp

2007-12-31 18:21 . 2008-01-01 18:44 1,519,616 --a------ C:\WINDOWS\system32\nwiz .exe

2007-12-31 18:19 . 2008-01-01 16:29 1,682 --a------ C:\WINDOWS\WININIT.INI

2007-12-31 17:35 . 2007-12-31 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2007-12-30 23:26 . 2007-12-30 23:26 4,096 --ahs---- C:\WINDOWS\system32\Thumbs.db

2007-12-30 22:50 . 2007-12-30 22:50 3,584 --a------ C:\WINDOWS\system32\geedc.exe

2007-12-30 22:24 . 2007-12-30 22:24 3,584 --a------ C:\WINDOWS\system32\gebcb.exe

2007-12-30 16:30 . 2007-12-30 16:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2007-12-30 16:30 . 2007-12-30 16:30 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-30 15:50 . 2007-12-30 21:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-12-30 15:33 . 2007-12-30 15:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Ipswitch

2007-12-30 14:34 . 2007-12-30 14:34 201 --a------ C:\DelUS.bat

2007-12-30 09:01 . 2007-12-30 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

2007-12-30 08:23 . 2007-12-30 08:26 379 --a------ C:\WINDOWS\flax.ini

2007-12-29 21:31 . 2007-12-29 21:31 <DIR> d-------- C:\Arquivos de programas\Softland

2007-12-29 21:31 . 2007-11-26 18:24 21,144 --a------ C:\WINDOWS\system32\dopdfmn5.dll

2007-12-29 21:31 . 2007-11-26 18:24 17,560 --a------ C:\WINDOWS\system32\dopdfmi5.dll

2007-12-29 21:31 . 2007-11-20 11:15 5,269 --a------ C:\WINDOWS\system32\dopdf5.ctm

2007-12-29 17:53 . 2007-12-29 17:53 <DIR> d-------- C:\Arquivos de programas\SWiSH Max2

2007-12-26 18:02 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-12-26 18:02 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-12-26 17:46 . 2007-12-26 17:46 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2007-12-26 17:46 . 2007-12-26 17:46 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2007-12-26 12:52 . 2007-12-26 12:52 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-12-26 12:51 . 2007-12-26 12:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-22 10:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-12-22 10:03 . 2007-12-22 10:03 <DIR> dr-h----- C:\MSOCache

2007-12-22 10:03 . 2007-12-25 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-12-03 14:35 . 2007-12-03 14:35 <DIR> d-------- C:\Arquivos de programas\Programas SRF

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-01 21:03 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-31 21:51 --------- d-----w C:\Arquivos de programas\Runtime Software

2007-12-30 18:50 --------- d-----w C:\Arquivos de programas\zFTPServer Administration

2007-12-30 18:50 --------- d-----w C:\Arquivos de programas\No-IP

2007-12-30 11:22 --------- d-----w C:\Arquivos de programas\zFTPServer

2007-12-30 10:35 --------- d-----w C:\Arquivos de programas\ltmoh

2007-12-27 18:37 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-12-22 12:08 --------- d-----w C:\Arquivos de programas\Microsoft Works

2007-12-12 12:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-11-19 13:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-12 21:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-09 13:28 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.0

2007-11-07 01:05 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-07 01:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ipswitch

2007-11-07 01:05 --------- d-----w C:\Arquivos de programas\Ipswitch

2007-11-02 19:59 --------- d-----w C:\Arquivos de programas\XviD

2007-11-02 19:32 --------- d-----w C:\Arquivos de programas\Pegasys Inc

2007-11-02 19:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

.


----a-w 79,224 2008-01-01 20:45:01 C:\Arquivos de programas\Alwil Software\Avast4\ashDisp .exe
----a-w 5,674,352 2008-01-01 20:45:10 C:\Arquivos de programas\MSN Messenger\MsnMsgr .Exe
----a-w 22,879,528 2008-01-01 18:30:09 C:\Arquivos de programas\Skype\Phone\Skype .exe
----a-w 1,519,616 2008-01-01 20:44:59 C:\WINDOWS\system32\nwiz .exe

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34BCDC54-BEB4-4E6D-9921-9C7B4818B374}]

C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67FC7E90-4BDD-4538-B8F4-888D990F8734}]

C:\WINDOWS\system32\gebcb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2C7F2CD-D7E5-4778-AFCB-9BA4C3BA78FB}]

C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D55C06F9-A1C5-456B-B1A7-71BEF3825BF5}]

C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7942d07-2a45-4e76-9a2c-3e6226086455}]

C:\WINDOWS\system32\yfxbekvi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [ ]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [ ]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [ ]

"NoAdware5"="C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" [ ]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 05:49 15691264 C:\WINDOWS\RTHDCPL.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-21 02:09 7606272]

"nwiz"="nwiz.exe" []

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-21 02:10 86016]

"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 03:16 88203 C:\WINDOWS\AGRSMMSG.exe]

"LtMoh"="C:\Arquivos de programas\ltmoh\Ltmoh.exe" [ ]

"zFTPServer"="C:\Arquivos de programas\zFTPServer\zFTPServer.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [ ]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [ ]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [ ]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]

"Creative WebCam Tray"="C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE" [ ]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-17 16:11:15]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]

Monitor Apache Servers.lnk - C:\Apache\bin\ApacheMonitor.exe [2006-07-27 17:52:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [ ]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 01:45]

R3 V0090VID;Vibra Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-05 23:00]

S3 PciCon;PciCon;F:\PciCon.sys []

S4 Apache2.2;Apache2.2;"C:\Apache\bin\httpd.exe" [2006-07-27 17:49]

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-01 19:05:50

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2008-01-01 19:07:08 - machine was rebooted

C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 21:07:05

.

2007-12-26 20:54:04 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

o número 020 faz referencia ao arquivo que o vundofix acusava. Ele tb é virus?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:23:28, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {34BCDC54-BEB4-4E6D-9921-9C7B4818B374} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {67FC7E90-4BDD-4538-B8F4-888D990F8734} - C:\WINDOWS\system32\gebcb.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C2C7F2CD-D7E5-4778-AFCB-9BA4C3BA78FB} - C:\WINDOWS\system32\awvvv.dll (file missing)

O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: (no name) - {D55C06F9-A1C5-456B-B1A7-71BEF3825BF5} - C:\WINDOWS\system32\mljgh.dll (file missing)

O2 - BHO: (no name) - {e7942d07-2a45-4e76-9a2c-3e6226086455} - C:\WINDOWS\system32\yfxbekvi.dll (file missing)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [zFTPServer] "C:\Arquivos de programas\zFTPServer\zFTPServer.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NoAdware5] "C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" :Scan:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: zFTPServer Administration.lnk = C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5133/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O23 - Service: Apache2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7990 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

O arquivo é, a pasta não.

Com o Hijack This selecione depois clique no botão Fix Checked nas seguintes entradas:

O2 - BHO: (no name) - {34BCDC54-BEB4-4E6D-9921-9C7B4818B374} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {67FC7E90-4BDD-4538-B8F4-888D990F8734} - C:\WINDOWS\system32\gebcb.dll (file missing)

2 - BHO: (no name) - {C2C7F2CD-D7E5-4778-AFCB-9BA4C3BA78FB} - C:\WINDOWS\system32\awvvv.dll (file missing)

O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: (no name) - {D55C06F9-A1C5-456B-B1A7-71BEF3825BF5} - C:\WINDOWS\system32\mljgh.dll (file missing)

O2 - BHO: (no name) - {e7942d07-2a45-4e76-9a2c-3e6226086455} - C:\WINDOWS\system32\yfxbekvi.dll (file missing)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

Em seguida poste novo log do Hijack This.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:39, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Apache\bin\ApacheMonitor.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [zFTPServer] "C:\Arquivos de programas\zFTPServer\zFTPServer.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NoAdware5] "C:\Arquivos de programas\NoAdware5.0\NoAdware5.exe" :Scan:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: zFTPServer Administration.lnk = C:\Arquivos de programas\zFTPServer Administration\zFTPServerAdmin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5133/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7285 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Limpo !!

Recomendo Fazer uma Limpeza no Disco Com Ccleaner

Abra o programa e clique em Executar Limpeza;

Após isto, clique em Registro > Procurar erros > Corrigir Erros

E desativar depois Reativar a Restauração do Sistema

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigada mesmo!!!! por toda a atenção.

Vou fazer a limpeza e qq entro em contato!

obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...