×
Ir ao conteúdo
  • Cadastre-se

Socorro! Trojan infectando minha máquina!


Lpduarte

Posts recomendados

Olá!

Estou com um trojan em minha máquina exibindo uma janela chatíssima coma seguinte mensagem: "Your computer was infected by unknown trojan."

Não sei mais o que faço.

Coloco meu log abaixo para análise.

Logfile of HijackThis v1.99.1

Scan saved at 20:50:14, on 25/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Video decompressor - {0B686DCA-F3F7-4829-8EB4-B453EEEA7B05} - C:\WINDOWS\pandsf.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm359YYBR

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189637911031

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Link para o comentário
Compartilhar em outros sites

  • Membro VIP

- Abra o Painel de Controle > Adicionar ou remover programas e desinstale:

MyWebSearch

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt e um novo log do HijackThis na sua resposta.

Link para o comentário
Compartilhar em outros sites

Abaixo o log gerado pelo combofix:

ComboFix 08-01-23.1C - Administrador 2008-01-27 15:50:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.684 [GMT -2:00]

Executando de: c:\combofix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\0023A50F.urr

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\0034E840.urr

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\wrkparam.lst

C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3BROVLY.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3DTACTL.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SHLLVW.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3HTML.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3MSG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL

C:\Arquivos de programas\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

C:\Arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Cache\0001CA8E

C:\Arquivos de programas\MyWebSearch\bar\Cache\0002AB0B

C:\Arquivos de programas\MyWebSearch\bar\Cache\002614F6.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\00261E9B.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\00262F15.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\002632FD.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\00B1BAD7

C:\Arquivos de programas\MyWebSearch\bar\Cache\0103091C.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\01032138.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\01032A02.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\01032CD0.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\018C7A69.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\018C7CCB.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\018C7E71.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\018C82A7.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini

C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S

C:\Arquivos de programas\MyWebSearch\bar\History\search2

C:\Arquivos de programas\MyWebSearch\bar\icons\CM.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\MFC.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\PSS.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\WB.ICO

C:\Arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\center.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\index.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\protect.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\shocked.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\stop.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\systray.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\systrayp.htm

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\warn.gif

C:\Arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm.bak

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat.bak

C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Arquivos de programas\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\WINDOWS\system32\f3PSSavr.scr

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))

.

2008-01-27 15:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-27 15:49 . 2008-01-27 15:41 1,568,123 --a------ C:\ComboFix.exe

2008-01-25 20:49 . 2008-01-25 20:50 <DIR> d-------- C:\Hijack

2008-01-25 13:18 . 2008-01-25 13:18 <DIR> d-------- C:\Arquivos de programas\Files-Secure

2008-01-25 13:05 . 2008-01-25 13:05 226,304 --a------ C:\WINDOWS\pandsf.dll

2008-01-25 13:05 . 2008-01-25 13:05 50 --a------ C:\tmp.bat

2008-01-23 16:08 . 2008-01-23 17:10 <DIR> d-------- C:\Arquivos de programas\Super Bounce Out

2008-01-23 16:08 . 2008-01-23 16:08 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2008-01-23 10:03 . 2008-01-23 10:03 <DIR> d-------- C:\My Games

2008-01-23 10:03 . 2008-01-23 10:03 <DIR> d-------- C:\My Download Files

2008-01-23 10:02 . 2008-01-23 10:02 <DIR> d-------- C:\Arquivos de programas\Real

2008-01-23 10:02 . 2008-01-23 10:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-01-23 10:02 . 2008-01-23 10:02 774,144 --a------ C:\Arquivos de programas\RngInterstitial.dll

2008-01-21 19:49 . 2006-06-27 05:40 12,800 --------- C:\WINDOWS\system32\DllCache\WgaTray.exe

2008-01-21 19:49 . 2006-06-27 05:40 3,584 --------- C:\WINDOWS\system32\DllCache\WgaLogon.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-06 13:11 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:28 724,480 ------w C:\WINDOWS\system32\DllCache\lsasrv.dll

2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\DllCache\mshtml.dll

2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\DllCache\tcpip.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:44 1,292,288 ------w C:\WINDOWS\system32\DllCache\quartz.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B686DCA-F3F7-4829-8EB4-B453EEEA7B05}]

2008-01-25 13:05 226304 --a------ C:\WINDOWS\pandsf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 17:18 68856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 08:54 16116224 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 08:04 2879488 C:\WINDOWS\SkyTel.exe]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-08-15 20:17 949376]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 02:43 7630848]

"nwiz"="nwiz.exe" [2006-08-12 02:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"SMSERIAL"="sm56hlpr.exe" [2004-12-29 06:01 544768 C:\WINDOWS\sm56hlpr.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 02:43 86016]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-08-18 12:25 286720]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 19:02 341928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 03:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ WebClient LmHosts RemoteRegistry upnphost SSDPSRV

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-27 15:52:13

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-27 15:52:24

ComboFix-quarantined-files.txt 2008-01-27 17:52:23

.

2008-01-09 13:24:40 --- E O F ---

Link para o comentário
Compartilhar em outros sites

Havia me esquecido do log do Hijackthis. Favor verificar abaixo:

Logfile of HijackThis v1.99.1

Scan saved at 12:36:05, on 28/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Video decompressor - {0B686DCA-F3F7-4829-8EB4-B453EEEA7B05} - C:\WINDOWS\pandsf.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm359YYBR

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189637911031

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Link para o comentário
Compartilhar em outros sites

  • Membro VIP

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\WINDOWS\pandsf.dll
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O2 - BHO: Video decompressor - {0B686DCA-F3F7-4829-8EB4-B453EEEA7B05} - C:\WINDOWS\pandsf.dll

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZRxdm359YYBR

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Link para o comentário
Compartilhar em outros sites

A temida janela já não está mais aparecendo na tela.

Abaixo o log conforme solicitado:

Logfile of HijackThis v1.99.1

Scan saved at 21:18:13, on 28/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Hijack\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189637911031

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/insaniquarium/popcaploader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Link para o comentário
Compartilhar em outros sites

  • Membro VIP

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\Hijack e C:\!Killbox;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Link para o comentário
Compartilhar em outros sites

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!