Ir ao conteúdo
  • Cadastre-se
SiberGreat

Virus estranho,,, reinicia o pc...

Recommended Posts

Depois q minha mulher abriu um email estranho aqui,,, a lista de contato dela passou a receber o mesmo e-mail..

e o computador aqui de casa fica reiniciando sozinho... tem hora q trava,,,

ajuda ai pessoal.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você já fez posts em Remoção de Malwares antes, sabe que precisa postar o log do Hijackthis para análise, por que não o fez?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Você já fez posts em Remoção de Malwares antes, sabe que precisa postar o log do Hijackthis para análise, por que não o fez?

desculpe,,, esqueci,,, vou fazê-lo... :(

obrigado. :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 21:33:33, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

E:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Nazare\Desktop\HijackThis.exe

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - e:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.fujioka.com.br/aurigma/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-eae42d2b207f380b.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do ComboFix

É importante que o salve no seu desktop (ambiente de trabalho)

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
  • É um pouco demorado, por favor seja paciente.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-22.1 - Nazare 2008-03-22 22:14:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.642 [GMT -3:00]

Executando de: C:\Documents and Settings\Nazare\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-17 11:50 . 2008-03-17 11:50 33 --a------ C:\WINDOWS\Multimedia manager.INI

2008-03-11 15:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-11 15:22 . 2008-03-11 15:22 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-11 15:02 . 2008-03-11 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-11 15:02 . 2008-03-16 03:01 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-11 15:02 . 2008-03-11 15:10 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-05 22:59 . 2008-03-05 22:59 <DIR> d-------- C:\Program Files

2008-03-05 13:05 . 2008-03-05 13:13 <DIR> d-------- C:\Documents and Settings\Nazare\.jSMS

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 16:12 --------- d-----w C:\Documents and Settings\Nazare\Dados de aplicativos\TransRender

2008-03-18 01:40 --------- d-----w C:\Documents and Settings\Nazare\Dados de aplicativos\Skype

2008-03-14 18:34 --------- d-----w C:\Documents and Settings\Nazare\Dados de aplicativos\uTorrent

2008-03-12 10:20 --------- d-----w C:\Arquivos de programas\Java

2008-03-12 10:18 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-11 00:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-08 02:43 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-28 12:58 --------- d-----w C:\Documents and Settings\Nazare\Dados de aplicativos\Temporary

2008-02-19 01:39 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-02-12 20:19 --------- d-----w C:\Arquivos de programas\Google

2008-02-12 20:19 --------- d-----w C:\Arquivos de programas\Camfrog

2008-02-07 22:51 --------- d-----w C:\Arquivos de programas\Eset

2008-02-07 00:50 --------- d-----w C:\Arquivos de programas\The Weather Channel FW

2008-02-07 00:47 --------- d-----w C:\Documents and Settings\Nazare\Dados de aplicativos\Camfrog

2008-02-01 14:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-31 12:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-01-31 09:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-01-31 09:38 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server

2008-01-31 09:37 --------- d-----w C:\Arquivos de programas\Vstplugins

2008-01-29 21:39 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-06-22 22:43 16,368 ----a-w C:\Documents and Settings\Nazare\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"="" []

"DAEMON Tools"="e:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-08-16 08:24 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-05-31 17:17 921600]

"VTTimer"="VTTimer.exe" [2003-05-07 05:32 36864 C:\WINDOWS\system32\VTTimer.exe]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 05:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2007-05-31 22:49 4376328 C:\Arquivos de programas\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

--a------ 2007-12-20 07:10 715888 C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

--a------ 2007-07-10 10:34 475180 C:\ARQUIV~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a--c--- 2001-07-09 07:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-08-21 17:37 20053032 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Magentic\\bin\\MgImp.exe"=

"C:\\Arquivos de programas\\Magentic\\bin\\Magentic.exe"=

"C:\\Arquivos de programas\\Magentic\\bin\\MgApp.exe"=

"E:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Conference\\Conference.dll"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-08-08 14:29]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 22:15:49

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-03-22 22:16:27

ComboFix-quarantined-files.txt 2008-03-23 01:16:17

.

2008-03-16 06:01:33 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 22:23:01, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Nazare\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - e:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.fujioka.com.br/aurigma/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-eae42d2b207f380b.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, March 24, 2008 7:10:47 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 24/03/2008

Kaspersky Anti-Virus database records: 656986

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan Statistics:

Total number of scanned objects: 61716

Number of viruses found: 9

Number of infected objects: 10

Number of suspicious objects: 1

Duration of the scan process: 01:28:25

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll Infected: not-a-virus:AdTool.Win32.WhenU.c skipped

C:\Arquivos de programas\DAP\DAPIEBar.dll Infected: not-a-virus:AdWare.Win32.Dap.d skipped

C:\Arquivos de programas\DAP\History\eu\_lasthist.dat Object is locked skipped

C:\Arquivos de programas\DAP\History\max\_lasthist.dat Object is locked skipped

C:\Arquivos de programas\Eset\cache\CACHE.NDB Object is locked skipped

C:\Arquivos de programas\Eset\infected\A4T2AZBA.NQF Infected: Trojan-Downloader.Win32.Delf.dxe skipped

C:\Arquivos de programas\Eset\infected\H0TYOGBA.NQF Suspicious: Trojan-Downloader.Win32.Small.gen skipped

C:\Arquivos de programas\Eset\infected\ISI5YKDA.NQF Infected: Trojan-Downloader.Win32.Banload.fqb skipped

C:\Arquivos de programas\Eset\infected\VYSVQ4CA.NQF Infected: Trojan-Spy.Win32.Banker.ciy skipped

C:\Arquivos de programas\Eset\logs\virlog.dat Object is locked skipped

C:\Arquivos de programas\Eset\logs\warnlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Nazare\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Nazare\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Nazare\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nazare\Configurações locais\Histórico\History.IE5\MSHist012008032420080325\index.dat Object is locked skipped

C:\Documents and Settings\Nazare\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nazare\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Nazare\ntuser.dat Object is locked skipped

C:\Documents and Settings\Nazare\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Nazare\UserData\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{88B737F2-5AC3-498B-A969-2AD70A7A7FD7}\RP290\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\Arquivos de programas\DAP\DAPIEBar.dll Infected: not-a-virus:AdWare.Win32.Dap.d skipped

E:\Mp3\Antigas\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

E:\Programas\bsplayer211[1].940_clip.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

E:\Programas\bsplayer211[1].940_clip.exe NSIS: infected - 1 skipped

E:\Programas\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{88B737F2-5AC3-498B-A969-2AD70A7A7FD7}\RP290\change.log Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 07:11:58, on 24/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Nazare\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - e:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.fujioka.com.br/aurigma/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-eae42d2b207f380b.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

No exame do Kaspersky foram acusados algumas infecções:

E:\Mp3\Antigas\Eighties classic.wma

E:\Programas\VDownloader.exe

E devem ser apagadas. O resto é de programas que você mesmo baixou, se confia em seu conteúdo mantenha, mas se não confia apague-os:

C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll --> AdTool.Win32.WhenU.c

C:\Arquivos de programas\DAP\DAPIEBar.dll --> Win32.Dap.d

E:\Arquivos de programas\DAP\DAPIEBar.dll --> Win32.Dap.d

E:\Programas\bsplayer211[1].940_clip.exe/data0011 --> AdTool.Win32.WhenU.a

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

esse programa CCleaner, vai excluir os itens q me indicou acima??

eu prefiro que eles sejam todos excluidos como você mesmo indicou..

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
esse programa CCleaner, vai excluir os itens q me indicou acima??

Não, não irá, o CCleaner é um otimizador e ajudará a melhorar a performace do seu computador.

Para apagar o que mencionei basta ir no local indicado e remover, se o programa estiver instalado apenas desinstale,

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×