sauderas 0 Denunciar post Postado Abril 15, 2007 PC ta com u virus f***.. alem de PC ta lento,fica reiniciando.. segue aew o log: Logfile of HijackThis v1.99.1 Scan saved at 10:39:43, on 15/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\pctspk.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Winamp\winamp.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Booh ocx - {A01A9C47-9262-18D4-A359-104BF6D487F3} - C:\Documents and Settings\Usuario\Dados de aplicativos\hoob\booh.ocx O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ghmvgogofxpfx.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169724799039 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\win_80.dll O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 17, 2007 Boa Tarde sauderas! <!> Faça o download do ShowVundo. <!> Salve-o no Desktop! <!> Rode o programa e reserve o Log,que estará em C:\vundo-bho.txt @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Faça o download do KillBox. <!> Salve-o no Disco Local-C,em uma pasta própria < C:\Killbox.exe >. <!> Abra o KillBox e marque Delete on reboot. <!> Copie a lista,logo abaixo,para a área de transferência ( Full path of file to delete ). <!> Selecione e clique em Copiar.Ou seja,estando-se desconectado e com estas instruções salvas,voçê copiará esta lista para o Bloco de Notas e,dêste,para a área de transferência no KillBox. C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\win_80.dll <!> Volte ao KillBox e clique em File >> Past from clipboard >> All files. <!> Clique no botão X e,na pergunta sobre o Reboot,diga Não! <!> Reinicie o computador e entre em Modo de Segurança. <!> Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e,no Menu que surgir escolha:Modo Seguro ou de Segurança. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Abra o HijackThis e clique em Do a system scan only e marque as entradas,logo abaixo: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\win_80.dll <!> Finalize clicando em Fix checked! <!> Reinicie,normalmente,o computador! <!> Voçê,provavelmente,está com problemas de conecção! Submeta ao Jotti,a verificação do arquivo,logo abaixo: >@< C:\WINDOWS\system32\ghmvgogofxpfx.dll >@< Em File to upload,coloque: C:\WINDOWS\system32\ghmvgogofxpfx.dll >@< Clique em Submit. >@< Copie e poste o relatório dêste exame! <!> Faça e poste um novo Log do HijackThis,em Modo Normal,na sua resposta + vundo-bho.txt + Jotti. Sem Mais! DigRam Compartilhar este post Link para o post Compartilhar em outros sites
sauderas 0 Denunciar post Postado Abril 17, 2007 Explicar pra você, com ajuda de outra pessoa consegui remover o ghmvgogofxpfx.dll,mais aí pareceu outra dll, a yxkyo.dll!!!! Sera q tento remover o yxkyo.dll como fiz com o outro? Como nao sei se é malicioso ou nao,vou espera uma opiniao sua. Obg. Log vundo-bho: ================================================= Relatório | BHOs, Winlogon Notify e AppInit_DLLs ================================================= AppInit_DLLs ------------------------------------------------- [Vazia] ------------------------------------------------- Browser Helper Objects ------------------------------------------------- [HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\] Adobe PDF Reader Link Helper | [indefinido] C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\] [indefinido] | [indefinido] C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [HKLM\SOFTWARE\Classes\CLSID\{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}\] &iG | [indefinido] C:\ARQUIV~1\iGv6\igshop.dll [HKLM\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\] Windows Live Sign-in Helper | [indefinido] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKLM\SOFTWARE\Classes\CLSID\{A01A9C47-9262-18D4-A359-104BF6D487F3}\] Booh ocx | [indefinido] C:\Documents and Settings\Usuario\Dados de aplicativos\hoob\booh.ocx [HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\] GbIehObj Class | G-Buster Browser Defense CEF C:\WINDOWS\Downloaded Program Files\gbiehCef.dll ------------------------------------------------- Winlogon Notify ------------------------------------------------- [Padrão] crypt32chain : crypt32.dll [Padrão] cryptnet : cryptnet.dll [Padrão] cscdll : cscdll.dll [Padrão] ScCertProp : wlnotify.dll [Padrão] Schedule : wlnotify.dll [Padrão] sclgntfy : sclgntfy.dll [Padrão] SensLogn : WlNotify.dll [Padrão] termsrv : wlnotify.dll [Nova] WgaLogon : WgaLogon.dll [Padrão] wlballoon : wlnotify.dll Esta NÃO É uma lista de arquivos maliciosos! --------------------------------------------------------------------------------------------------------------------------------------------- Resultado ghmvgogofxpfx.dll: File: ghmvgogofxpfx.dll Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 4a7c93cdc17dfc8fed849b57cdc8ce88 Packers detected: - canner results Scan taken on 17 Apr 2007 23:03:57 (GMT) AntiVir Found TR/Agent.afg.2 ArcaVir Found Trojan.Agent.Afg Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Vqten.A ClamAV Found nothing Dr.Web Found Trojan.Vqten F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan.Win32.Agent.afg Fortinet Found W32/Agent.AFG!tr Kaspersky Anti-Virus Found Trojan.Win32.Agent.afg NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found Trojan.Vqten ast file scanned at least one scanner reported something about: aaa.exe (MD5: bd55d1564bc8ab223ac5794a037fa8db, size: 867250 bytes), detected by: Scanner Malware name AntiVir TR/Spy.Banker.CV.2 ArcaVir X Avast X AVG Antivirus X BitDefender Generic.Banker.Delf.5F85CB30 ClamAV Trojan.Delf.AR-enc-2 Dr.Web X F-Prot Antivirus Possibly a new variant of W32/Threat-SysVenFakP-based!Maximus F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 a variant of Win32/Banwor.NC Norman Virus Control X Panda Antivirus X Rising Antivirus X VirusBuster X VBA32 Trojan-Proxy.Agent.33 ---------------------------------------------------------------------------------------------------------------------------------------- File: yxkyo.dll Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 b2de66055b94e4ba72712b391c364e0a Packers detected: - Scan taken on 17 Apr 2007 23:07:39 (GMT) AntiVir Found TR/Vqten.A ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Vqten.A ClamAV Found nothing Dr.Web Found Trojan.Vqten F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found W32/SPABOT.AP!tr Kaspersky Anti-Virus Found nothing NOD32 Found Win32/Agent.NHD Norman Virus Control Found nothing Panda Antivirus Found Trj/Spabot.AN Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found Trojan.Vqten ast file scanned at least one scanner reported something about: setup.exe (MD5: eeb9d2b127ba09a8375f4157d4843124, size: 59487 bytes), detected by: Scanner Malware name AntiVir DR/Zlob.Gen ArcaVir X Avast X AVG Antivirus X BitDefender X ClamAV X Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 X Norman Virus Control X Panda Antivirus X Rising Antivirus X VirusBuster X VBA32 X You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Log HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 20:01:13, on 17/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\pctspk.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Booh ocx - {A01A9C47-9262-18D4-A359-104BF6D487F3} - C:\Documents and Settings\Usuario\Dados de aplicativos\hoob\booh.ocx O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\yxkyo.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169724799039 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 18, 2007 Boa Noite sauderas! <!> Faça o download do LSP-Fix. <!> Baixe-o para o Desktop,mas não rode-o ainda! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Faça o download do KillBox. <!> Salve-o no Disco Local-C,em uma pasta própria! < C:\Killbox.exe > <!> Abra o KillBox e marque Delete on reboot. <!> Insira ou digite na caixa Full path of file to delete,a seguinte linha: C:\Documents and Settings\Usuario\Dados de aplicativos\hoob\booh.ocx <!> Clique no botão X e,na pergunta sobre o reboot,diga Não! <!> Reinicie o computador e entre em Modo de Segurança. <!> Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e no Menu que surgir escolha: Modo Seguro ou de Segurança. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Abra o HijackThis e clique em Do a system scan only. <!> Marque a entrada,listada,logo abaixo: O2 - BHO: Booh ocx - {A01A9C47-9262-18D4-A359-104BF6D487F3} - C:\Documents and Settings\Usuario\Dados de aplicativos\hoob\booh.ocx <!> Finalize clicando em Fix checked! <!> Ainda em Modo Seguro,execute o LSP-Fix. ( Faça-o desconectado e com todas as janelas fechadas! ) <!> Feche,também,o navegador! <!> Reinicie em Modo Normal o computador! <!> Faça e poste um novo Log do HijackThis,na sua resposta. Sem Mais! DigRam Compartilhar este post Link para o post Compartilhar em outros sites
sauderas 0 Denunciar post Postado Abril 18, 2007 está aew o novo log: Logfile of HijackThis v1.99.1 Scan saved at 10:18:35, on 18/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\pctspk.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\HijackThis.exe C:\WINDOWS\system32\totour.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169724799039 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{188EAB26-24E5-4BD2-8C42-0E96A9D2D61D}: NameServer = 201.10.128.3,201.10.120.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 19, 2007 Bom Dia sauderas! <!> O seu Log está Limpo! Algum problema,ainda,com o PC ? <!> Faça o download do CCleaner. <!> Baixe-o para o Desktop! <!> Abra o programa e clique em Executar cleaner. <!> Terminando,clique em Erros >> Procurar erros >> Corrigir erros. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> No mais,tudo Ok. <!> Log Limpo! Abraços! :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
sauderas 0 Denunciar post Postado Abril 25, 2007 ok..Ta td beleza.Vlws aew pela ajuda...=] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 26, 2007 Boa Noite sauderas! <!> No mais,tudo Ok.<!> Log Limpo! <!> Não tão Limpo! A menos que tenha deletado com o KillBox,o arquivo: C:\WINDOWS\system32\totour.exe <!> Conforme mensagem e orientação lhe enviada,no período do meu último post! ok..Ta td beleza.Vlws aew pela ajuda... <!> Creio eu,sem o arquivo supra citado! <!> Um computador deve estar em perfeito funcionamento,mas em conformidade com o Log mostrado pelo HijackThis,que não pode apresentar entradas maliciosas. Sem Mais! DigRam Compartilhar este post Link para o post Compartilhar em outros sites
Shine 0 Denunciar post Postado Maio 28, 2007 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
