Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia!
Novamente venho com o mesmo vírus e alguns novos Malwares na máquina. Caso algum participante tenho a possibilidade de me ajudar na remoção agredeço muito.
Por enquanto obrigado a todos!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:33:28, on 15/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Controle de Virus\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjM1MjA4MDkyLVFJWDErNC1YMjAxMCsyLUxJQysxMS1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMQ"&"prod=90"&"ver=10.0.1382
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-2753892991-3215369525-407128404-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-2753892991-3215369525-407128404-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7338 bytes
log do AVG
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\FIEL\Phoenix\PHBackup.exe";"N/D";"12/08/2011, 15:27:26"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\FIEL\Phoenix\folha.exe";"N/D";"12/08/2011, 15:27:29"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\adm\instalar.exe";"N/D";"12/08/2011, 15:27:29"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Adm.exe";"N/D";"12/08/2011, 15:27:30"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\arqCprn.exe";"N/D";"12/08/2011, 15:27:31"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\BAckupP.exe";"N/D";"12/08/2011, 15:27:31"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\contabil\Instalar.exe";"N/D";"12/08/2011, 15:27:31"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\escrita\Instalar.exe";"N/D";"12/08/2011, 15:27:31"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Gescon.exe";"N/D";"12/08/2011, 15:27:32"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Estacao.exe";"N/D";"12/08/2011, 15:27:33"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\folha\Instalar.exe";"N/D";"12/08/2011, 15:27:33"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\JrPgDAS.exe";"N/D";"12/08/2011, 15:27:33"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\gescon\Instalar.exe";"N/D";"12/08/2011, 15:27:33"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\LimpaADM.exe";"N/D";"12/08/2011, 15:27:34"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\irpj\Instalar.exe";"N/D";"12/08/2011, 15:27:34"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Pgwf.exe";"N/D";"12/08/2011, 15:27:35"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\PgwJr.exe";"N/D";"12/08/2011, 15:27:36"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\PHBackup.exe";"N/D";"12/08/2011, 15:27:37"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Start.exe";"N/D";"12/08/2011, 15:27:38"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Visual.exe";"N/D";"12/08/2011, 15:27:38"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\WinButil.exe";"N/D";"12/08/2011, 15:27:40"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\RegAsm.exe";"N/D";"12/08/2011, 15:27:41"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Eltek\Certidões\DCTFSemestralV1.0.EXE";"N/D";"12/08/2011, 15:27:41"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\cht\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:41"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\cs\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:41"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\ger\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:42"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\hu\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:42"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\ru\kb888111xpsp2.exe";"N/D";"12/08/2011, 15:27:42"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\RtlUpd.exe";"N/D";"12/08/2011, 15:27:42"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\AlcWzrd.exe";"N/D";"12/08/2011, 15:27:43"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\MicCal.exe";"N/D";"12/08/2011, 15:27:43"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\SoundMan.exe";"N/D";"12/08/2011, 15:27:43"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Chipset\Chipset\VN890\Setup.exe";"N/D";"12/08/2011, 15:27:44"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\s3minset.exe";"N/D";"12/08/2011, 15:27:44"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\S3TrayP.exe";"N/D";"12/08/2011, 15:27:44"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\VModes.exe";"N/D";"12/08/2011, 15:27:44"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Raul\irpf2007v2.0.exe";"N/D";"12/08/2011, 15:27:45"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Rbs\balanco.exe";"N/D";"12/08/2011, 15:27:45"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Rbs\PERDCOMPv2.2.EXE";"N/D";"12/08/2011, 15:27:46"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DACON Mensal-Semestral\DACONMS21.exe";"N/D";"12/08/2011, 15:27:46"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DACON Mensal-Semestral\Desinstalar21\Desinstalar21.exe";"N/D";"12/08/2011, 15:27:46"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V10\DIPJ2009V10.exe";"N/D";"12/08/2011, 15:27:46"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V20\DIPJ2009V20.exe";"N/D";"12/08/2011, 15:27:47"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V21\DIPJ2009V21.exe";"N/D";"12/08/2011, 15:27:47"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\IRPF2009\IRPF2009.EXE";"N/D";"12/08/2011, 15:27:47"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\IRPF2009\UNWISE.EXE";"N/D";"12/08/2011, 15:27:47"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Site RBS\Transfer Pricing\Custeio.exe";"N/D";"12/08/2011, 15:27:48"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\SP Vacinas\Formulario para protesto.exe";"N/D";"12/08/2011, 15:27:48"
"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\VERIFICA\Verifica Equipamento\maquina.exe";"N/D";"12/08/2011, 15:27:51"
"Malware";"PE_TENGA.A";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\SETUP.EXE";"N/D";"22/06/2011, 13:18:09"
"Malware";"Win32.Tenga.a";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\WDM\ALCMTR.EXE";"N/D";"22/06/2011, 13:18:43"
"Malware";"W32/Stanit";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\VIDEO FDP\VIDEO\VN896_15131509_XP_W12X8_LOGOD\SETUP.EXE";"N/D";"22/06/2011, 13:19:17"
"Malware";"PE_TENGA.A";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\SETCDFMT.EXE";"N/D";"22/06/2011, 13:17:53"
Abraços,
Carregando comentários...