Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
jana_phb

Infectada?

Posts recomendados

acho que o pc ta infectado.. mas não sei o que é. e nem tenho certeza, mas é que as fotos não tão abrindo, e o o pc tá meio lerdo.

tá aí o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:29:18, on 2/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\cmd.dll

C:\WINDOWS\nyruyhwgvt.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.cade.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://br.search.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\Explorer.dll

F3 - REG:win.ini: run=C:\WINDOWS\Regedit.ocx

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Windows] C:\WINDOWS\cmd.dll

O4 - HKLM\..\Run: [msmsgs.exe] msmsgs.exe

O4 - HKLM\..\Run: [WinLoader] nyruyhwgvt.exe

O4 - HKLM\..\RunServices: [WinLoader] nyruyhwgvt.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - D:\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{790F7E28-DDBC-4CD5-89CA-B5855AB59720}: NameServer = 201.30.63.2,201.30.63.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6950 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

alguém?

;

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do BankerFix

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, cole o arquivo C:\LinhaDefensiva\relatorio.txt na sua resposta;

- Gere também um novo log do HijackThis para colocar na sua resposta.

- Apague a pasta:

C:\LinhaDefensiva

Compartilhar este post


Link para o post
Compartilhar em outros sites

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 7/1/2008 - 16:17

-------------------------------------------------------

Lista de Definição: 2007-12-31-1

=======================================================

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

_______________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:19:31, on 7/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\WINDOWS\cmd.dll

C:\WINDOWS\system32\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\jafmk.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.cade.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://br.search.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\Explorer.dll

F3 - REG:win.ini: run=C:\WINDOWS\Regedit.ocx

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Windows] C:\WINDOWS\cmd.dll

O4 - HKLM\..\Run: [msmsgs.exe] msmsgs.exe

O4 - HKLM\..\Run: [WinLoader] jafmk.exe

O4 - HKLM\..\RunServices: [WinLoader] jafmk.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - D:\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{790F7E28-DDBC-4CD5-89CA-B5855AB59720}: NameServer = 201.30.63.2,201.30.63.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 5828 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\WINDOWS\system32\Explorer.dll
C:\WINDOWS\Regedit.ocx
C:\WINDOWS\cmd.dll
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\jafmk.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\Explorer.dll

F3 - REG:win.ini: run=C:\WINDOWS\Regedit.ocx

O4 - HKLM\..\Run: [Microsoft Windows] C:\WINDOWS\cmd.dll

O4 - HKLM\..\Run: [msmsgs.exe] msmsgs.exe

O4 - HKLM\..\Run: [WinLoader] jafmk.exe

O4 - HKLM\..\RunServices: [WinLoader] jafmk.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

eu fiz isso aí do killbox, e reiniciei.

mas quando tentei abrir no modo de segurança ele reiniciou só. não tá dando pra entrar no modo de segurança; e não tem algumas das entradas que você botou.

tá aí o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:56:41, on 8/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\efmlyhgtxymu.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.cade.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://br.search.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe efmlyhgtxymu.exe

F3 - REG:win.ini: run=C:\WINDOWS\Regedit.ocx, enjmdvfiurj.exe, hrjxwsx.exe, efmlyhgtxymu.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Windows] C:\WINDOWS\cmd.dll

O4 - HKLM\..\Run: [msmsgs.exe] msmsgs.exe

O4 - HKLM\..\Run: [WinLoader] efmlyhgtxymu.exe

O4 - HKLM\..\RunServices: [WinLoader] efmlyhgtxymu.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - D:\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{790F7E28-DDBC-4CD5-89CA-B5855AB59720}: NameServer = 201.30.63.2,201.30.63.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 5873 bytes

________________________________________________

o que eu devo fazer agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-10.2 - Janaynna 2008-01-09 19:39:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.283 [GMT -3:00]

Executando de: C:\Documents and Settings\Janaynna\Desktop\ComboFix.exe

Command switches used :: and Settings\Janaynna\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\WINDOWS\system32\MEGATRON.ini

C:\WINDOWS\system32\prls.dll

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))

.

2008-01-09 19:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-09 17:45 . 2008-01-09 17:48 <DIR> d-------- C:\Arquivos de programas\Redacao

2008-01-09 17:33 . 2007-09-26 12:23 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-01-09 17:33 . 2007-09-26 12:12 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-01-04 23:07 . 2008-01-04 23:07 <DIR> d-------- C:\Arquivos de programas\VID_0E8F&PID_0003

2008-01-04 14:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-04 14:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-01-04 14:24 . 2008-01-04 14:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-01-03 14:23 . 2008-01-04 14:24 202,960 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-01-02 20:28 . 2008-01-02 20:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-02 20:28 . 2008-01-02 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-01-02 18:08 . 2008-01-02 18:08 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-12-25 20:58 . 2007-12-25 20:58 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.15

2007-12-24 01:40 . 2007-12-24 14:15 <DIR> d-------- C:\Arquivos de programas\BulletProofSoft.com

2007-12-23 23:28 . 2007-12-23 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-23 13:38 . 2007-12-23 13:37 1,555,456 --a------ C:\WINDOWS\system32\Kernel32.ocx

2007-12-23 13:38 . 2007-12-23 13:38 11,968 --a------ C:\WINDOWS\foto.jpg

2007-12-22 01:54 . 2007-12-22 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-22 01:54 . 2007-12-22 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-22 01:53 . 2007-12-22 02:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-12-20 12:38 . 2007-12-20 12:38 <DIR> d-------- C:\Documents and Settings\Janaynna\Dados de aplicativos\Sonic Foundry

2007-12-20 12:38 . 2007-12-20 12:38 <DIR> d-------- C:\Arquivos de programas\Sonic Foundry

2007-12-20 12:37 . 2007-12-20 12:37 <DIR> d-------- C:\Program Files

2007-12-20 12:34 . 2007-12-20 12:34 <DIR> d-------- C:\WINDOWS\Profiles

2007-12-20 12:34 . 2007-12-20 12:34 <DIR> d-------- C:\Documents and Settings\Janaynna\Dados de aplicativos\InterTrust

2007-12-20 12:33 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-12-20 12:31 . 2007-12-20 12:31 <DIR> d-------- C:\Arquivos de programas\Panasonic

2007-12-20 12:31 . 2002-01-06 15:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2007-12-20 12:31 . 2002-08-29 04:16 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-12-20 12:31 . 2002-01-06 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-12-20 12:31 . 2006-06-05 23:11 7 --a------ C:\WINDOWS\system32\Voicechs.dll

2007-12-16 14:42 . 2008-01-09 00:01 <DIR> d-------- C:\Arquivos de programas\Valve

2007-12-14 20:19 . 2007-12-14 20:19 777 --a------ C:\WINDOWS\system32\Partizan.RRI

2007-12-14 20:19 . 2007-12-14 22:46 59 --a------ C:\WINDOWS\plugin.fax

2007-12-13 17:55 . 2007-12-13 17:55 <DIR> d-------- C:\Documents and Settings\Janaynna\WINDOWS

2007-12-13 17:55 . 2007-12-13 17:56 <DIR> d-------- C:\Arquivos de programas\W3e 2000

2007-12-13 17:55 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe

2007-12-13 17:55 . 1997-09-04 19:17 250,880 --a------ C:\WINDOWS\system32\NViewLib.dll

2007-12-12 11:54 . 2007-12-12 11:54 268 --ah----- C:\sqmdata19.sqm

2007-12-12 11:54 . 2007-12-12 11:54 244 --ah----- C:\sqmnoopt19.sqm

2007-12-11 23:25 . 2007-12-11 23:25 268 --ah----- C:\sqmdata18.sqm

2007-12-11 23:25 . 2007-12-11 23:25 244 --ah----- C:\sqmnoopt18.sqm

2007-12-11 22:20 . 2007-12-11 22:20 268 --ah----- C:\sqmdata17.sqm

2007-12-11 22:20 . 2007-12-11 22:20 244 --ah----- C:\sqmnoopt17.sqm

2007-12-11 20:27 . 2007-12-11 20:27 268 --ah----- C:\sqmdata16.sqm

2007-12-11 20:27 . 2007-12-11 20:27 244 --ah----- C:\sqmnoopt16.sqm

2007-12-11 15:35 . 2007-12-11 15:35 268 --ah----- C:\sqmdata15.sqm

2007-12-11 15:35 . 2007-12-11 15:35 244 --ah----- C:\sqmnoopt15.sqm

2007-12-11 13:06 . 2007-12-11 13:06 268 --ah----- C:\sqmdata14.sqm

2007-12-11 13:06 . 2007-12-11 13:06 244 --ah----- C:\sqmnoopt14.sqm

2007-12-11 10:01 . 2007-12-11 10:01 268 --ah----- C:\sqmdata13.sqm

2007-12-11 10:01 . 2007-12-11 10:01 244 --ah----- C:\sqmnoopt13.sqm

2007-12-10 21:40 . 2007-12-10 21:40 268 --ah----- C:\sqmdata12.sqm

2007-12-10 21:40 . 2007-12-10 21:40 244 --ah----- C:\sqmnoopt12.sqm

2007-12-10 13:53 . 2007-12-10 13:53 268 --ah----- C:\sqmdata11.sqm

2007-12-10 13:53 . 2007-12-10 13:53 244 --ah----- C:\sqmnoopt11.sqm

2007-12-10 10:52 . 2007-12-10 10:52 268 --ah----- C:\sqmdata10.sqm

2007-12-10 10:52 . 2007-12-10 10:52 244 --ah----- C:\sqmnoopt10.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-09 20:46 --------- d-----w C:\Documents and Settings\Janaynna\Dados de aplicativos\LimeWire

2008-01-05 02:07 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\yrmogb.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\ylxk.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\xvmhfbjrb.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\xtvjqy.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\wipbab.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\uhmrxjvkyfldu.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\tvbsy.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\tcivhskldlvh.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\tbfatvuj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\syqjucrygwr.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\swjhlkrueqvvd.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\stsse.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\rogl.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\rjacvljypornj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\renawvk.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\rcoptk.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\qiih.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\pmixaxqtb.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\pbgdkfyckiirj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\owamnjfqyurc.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\oqxac.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\ogwdqx.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\nyruyhwgvt.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\neujs.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\mwct.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\musoeerenubbn.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\mkgrc.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\keac.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\jxnqpbc.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\jpifvkesha.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\jafmk.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\iyat.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\isgcoaeftpkua.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\iqsf.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\hrjxwsx.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\hknpnapqs.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\gvtlwsvscah.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\gtlqgyscxlim.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\gfpikee.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\fwsyvvrkgf.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\fvjg.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\frmgpihny.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\fqnw.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\fqbfritudova.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\fdgjcu.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\evhkiqvehj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\enjmdvfiurj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\ekkpm.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\ekcycmpr.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\efmlyhgtxymu.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\edajgyc.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\dnfqaxrt.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\cuglhadssvn.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\cpryjtiq.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\catsmxj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\boaswvygia.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\bjfwuciwj.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\bchxdgpkcr.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\baawhuiajli.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\asffvjfn.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\amdilgdqgb.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\akxdnihss.exe

2007-12-23 16:37 835,491 ----a-w C:\WINDOWS\aewyanhpyjicl.exe

2007-12-20 15:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-23 20:01 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-11-16 17:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-16 17:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-11-16 17:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-11-15 20:53 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-11-15 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-11-15 20:11 --------- d-----w C:\Arquivos de programas\Windows Live

2007-11-15 02:51 --------- d-----w C:\Documents and Settings\Janaynna\Dados de aplicativos\Nero

2007-11-15 02:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-11-14 19:01 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-11-14 17:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2007-11-13 21:22 --------- d-----w C:\Documents and Settings\Janaynna\Dados de aplicativos\AVG7

2007-11-08 19:45 20,784 -c--a-w C:\Documents and Settings\Janaynna\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2003-03-21 16:37 16,056 -c--a-w C:\Arquivos de programas\owcstp16.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMax"="C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2004-09-23 12:41 860160]

"VIPv3_Auto_Update"="" []

"VisualTooltip"="" []

"Vistadrv"="" []

"TkBellExe"="C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-12-22 01:53 180269]

"Microsoft Windows"="C:\WINDOWS\cmd.dll" [ ]

"msmsgs.exe"="msmsgs.exe" []

"WinLoader"="uhmrxjvkyfldu.exe" [2007-12-23 13:37 835491 C:\WINDOWS\uhmrxjvkyfldu.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"WinLoader"="uhmrxjvkyfldu.exe" [2007-12-23 13:37 835491 C:\WINDOWS\uhmrxjvkyfldu.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-03 23:45 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoAutoTrayNotify"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Arquivos de programas\GbPlugin\gbieh.dll [2007-08-08 14:29 209224]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a--c--- 2003-12-22 08:38 241664 C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2004-05-12 17:30 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a--c--- 2004-05-12 17:30 172032 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a--c--- 2005-09-20 10:36 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 11:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a--c--- 2004-10-14 09:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-08-08 14:29]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 19:40:44

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-10 19:41:14

ComboFix-quarantined-files.txt 2008-01-10 22:40:58

____________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:44:35, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\uhmrxjvkyfldu.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.cade.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://br.search.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 1 localhost

O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Windows] C:\WINDOWS\cmd.dll

O4 - HKLM\..\Run: [msmsgs.exe] msmsgs.exe

O4 - HKLM\..\Run: [WinLoader] uhmrxjvkyfldu.exe

O4 - HKLM\..\RunServices: [WinLoader] uhmrxjvkyfldu.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - D:\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{790F7E28-DDBC-4CD5-89CA-B5855AB59720}: NameServer = 201.30.63.2,201.30.63.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 5285 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HostsXpert, descompacte o arquivo, abra o programa e clique em Restore MS Hosts File;

- Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

não inicia no modo de segurança;

sempre que eu boto no modo de segurança o computador reinicia e não dá pra fazer nada.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\yrmogb.exe
C:\WINDOWS\ylxk.exe
C:\WINDOWS\xvmhfbjrb.exe
C:\WINDOWS\xtvjqy.exe
C:\WINDOWS\wipbab.exe
C:\WINDOWS\uhmrxjvkyfldu.exe
C:\WINDOWS\tvbsy.exe
C:\WINDOWS\tcivhskldlvh.exe
C:\WINDOWS\tbfatvuj.exe
C:\WINDOWS\syqjucrygwr.exe
C:\WINDOWS\swjhlkrueqvvd.exe
C:\WINDOWS\stsse.exe
C:\WINDOWS\rogl.exe
C:\WINDOWS\rjacvljypornj.exe
C:\WINDOWS\renawvk.exe
C:\WINDOWS\rcoptk.exe
C:\WINDOWS\qiih.exe
C:\WINDOWS\pmixaxqtb.exe
C:\WINDOWS\pbgdkfyckiirj.exe
C:\WINDOWS\owamnjfqyurc.exe
C:\WINDOWS\oqxac.exe
C:\WINDOWS\ogwdqx.exe
C:\WINDOWS\nyruyhwgvt.exe
C:\WINDOWS\neujs.exe
C:\WINDOWS\mwct.exe
C:\WINDOWS\musoeerenubbn.exe
C:\WINDOWS\mkgrc.exe
C:\WINDOWS\keac.exe
C:\WINDOWS\jxnqpbc.exe
C:\WINDOWS\jpifvkesha.exe
C:\WINDOWS\jafmk.exe
C:\WINDOWS\iyat.exe
C:\WINDOWS\isgcoaeftpkua.exe
C:\WINDOWS\iqsf.exe
C:\WINDOWS\hrjxwsx.exe
C:\WINDOWS\hknpnapqs.exe
C:\WINDOWS\gvtlwsvscah.exe
C:\WINDOWS\gtlqgyscxlim.exe
C:\WINDOWS\gfpikee.exe
C:\WINDOWS\fwsyvvrkgf.exe
C:\WINDOWS\fvjg.exe
C:\WINDOWS\frmgpihny.exe
C:\WINDOWS\fqnw.exe
C:\WINDOWS\fqbfritudova.exe
C:\WINDOWS\fdgjcu.exe
C:\WINDOWS\evhkiqvehj.exe
C:\WINDOWS\enjmdvfiurj.exe
C:\WINDOWS\ekkpm.exe
C:\WINDOWS\ekcycmpr.exe
C:\WINDOWS\efmlyhgtxymu.exe
C:\WINDOWS\edajgyc.exe
C:\WINDOWS\dnfqaxrt.exe
C:\WINDOWS\cuglhadssvn.exe
C:\WINDOWS\cpryjtiq.exe
C:\WINDOWS\catsmxj.exe
C:\WINDOWS\boaswvygia.exe
C:\WINDOWS\bjfwuciwj.exe
C:\WINDOWS\bchxdgpkcr.exe
C:\WINDOWS\baawhuiajli.exe
C:\WINDOWS\asffvjfn.exe
C:\WINDOWS\amdilgdqgb.exe
C:\WINDOWS\akxdnihss.exe
C:\WINDOWS\aewyanhpyjicl.exe
C:\WINDOWS\cmd.dll
C:\WINDOWS\System32\msmsgs.exe

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole novo log do Combofix e do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...