Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Brian Roxy

[Arquivado] Virus Trojan Horse Generic3.RGJ

Recommended Posts

Por favor, caso alguém já possua um Clean Virus para Virus Trojan Horse Generic3.RGJ,

informe-me, porque não encontrei ainda. Muito Obrigado

 

Abaixo HijackThis

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 09:51:36, on 25/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\System\WinUpdate.exe

C:\WINDOWS\msrtspr1.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\WINDOWS\Explorer.EXE

C: - Meus Downloads\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [siSPower] "Rundll32.exe" SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [cftmon] C:\Arquivos de programas\Arquivos comuns\System\WinUpdate.exe

O4 - HKLM\..\Run: [MSRTspro2] msrtspr1.exe

O4 - HKLM\..\Run: [AVG7_CC] "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://domingoscarusi.spaces.live.com//Pho...ad/MsnPUpld.cab'>http://domingoscarusi.spaces.live.com//PhotoUpload/MsnPUpld.cab"]http://domingoscarusi.spaces.live.com//Pho...ad/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab'>https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab"]https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

 

--

End of file - 8296 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Brian Roxy!

 

>@< Voçê está com dois Antivírus,AVG e Avast!

>@< Desinstale o AVG e fique com o Avast.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<!> Faça o download do KillBox.

<!> Salve-o no Disco Local-C,em uma pasta própria < C:\Killbox.exe >.

<!> Abra o KillBox e marque Delete on reboot.

<!> Copie a lista,logo abaixo,para a área de transferência ( Full path of file to delete ).

<!> Selecione e clique em Copiar.Ou seja,estando desconectado e com estas instruções salvas,voçê copiará esta lista para o Bloco de Notas e,dêste,para a área de transferência no KillBox.

 

C:\Arquivos de programas\Arquivos comuns\System\WinUpdate.exe

C:\WINDOWS\msrtspr1.exe

 

<!> Volte ao KillBox e clique em File >> Past from clipboard >> All files.

<!> Clique no botão X e,na pergunta sobre o Reboot,diga Não!

<!> Reinicie o computador e entre em Modo de Segurança.

<!> Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e,no Menu que surgir escolha:Modo Seguro ou de Segurança.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<!> Abra o HijackThis e clique em Do a system scan only e marque as entradas,logo abaixo:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O4 - HKLM\..\Run: [cftmon] C:\Arquivos de programas\Arquivos comuns\System\WinUpdate.exe

O4 - HKLM\..\Run: [MSRTspro2] msrtspr1.exe

<!> Finalize clicando em Fix checked!

<!> Reinicie,normalmente,o computador!

<!> Faça um escaneamento OnLine pelo Ewido e poste o relatório.

<!> Faça e poste um novo Log do HijackThis,em Modo Normal,na sua resposta + relatório do Ewido.

 

Sem Mais!

DigRam

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá DigRam

 

Agradeço sua atenção sobre o Virus Trojan Horse Generic3.RGJ, porque não consegui deletá-lo.

Além desse, outros existem ou foram deletados do meu computador.

Obrigado.

 

Passos

01-execução do KillBox em modo normal

NÃO EXISTIA MAIS O ARQUIVO ABAIXO

O4 - HKLM\..\Run: [cftmon] C:\Arquivos de programas\Arquivos comuns\System\WinUpdate.exe

Esses existiam:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O4 - HKLM\..\Run: [MSRTspro2] msrtspr1.exe

 

02-Execução do HijackThis com Fix checked! em modo de segurança

 

03-Novamente HijackThis - em modo normal , COMO SEGUE:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:07:15, on 26/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C: - Meus Downloads\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [siSPower] "Rundll32.exe" SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [AVG7_CC] "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://BRIAN ROXYcarusi.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

 

--

End of file - 7057 bytes

 

 

Se ajudar aí está o ComboFix executado antes

 

"BRIAN ROXY" - 07-04-26 14:45:44 Service Pack 2 [sAFE MODE]

ComboFix 07-04-25.4V - Running from: "C: - Meus Downloads\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\setup.exe

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-26 to 2007-04-26 ))))))))))))))))))))))))))))))))))

 

 

2007-04-26 14:39 <DIR> d-------- C:\WINDOWS\CSC

2007-04-26 12:05 <DIR> d-------- C:\DOCUME~1\BRIAN ROXY\DoctorWeb

2007-04-26 11:50 <DIR> d-------- C:\Arquivos de programas\AVIRA

2007-04-25 15:58 <DIR> d-------- C:\!KillBox

2007-04-24 07:27 <DIR> d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\SopCast

2007-04-23 09:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2007-04-23 09:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2007-04-23 09:44 <DIR> d-------- C:\Arquivos de programas\PC Connectivity Solution

2007-04-23 09:43 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-04-23 09:43 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-04-23 09:43 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-04-23 09:43 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-04-23 09:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

2007-04-18 14:11 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-04-18 11:53 <DIR> d-------- C:\Arquivos de programas\SopCast

2007-04-18 11:50 <DIR> d-------- C:\Arquivos de programas\Solway's Internet TV and Radio

2007-04-17 11:04 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-04-17 09:39 1,298,432 -r-hs---- C:\WINDOWS\msrtspr1.exe

2007-04-17 08:41 <DIR> d-------- C:\Arquivos de programas\Xilisoft

2007-04-17 08:17 53,248 --a------ C:\keygen.exe

2007-04-16 11:56 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2007-04-16 11:16 331,776 --a------ C:\WINDOWS\system32\sistray.exe

2007-04-16 11:16 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll

2007-04-16 11:16 110,592 --------- C:\WINDOWS\system32\TVMode.dll

2007-04-16 11:16 <DIR> d-------- C:\WINDOWS\SiS

2007-04-16 11:15 812,032 -ra------ C:\WINDOWS\system32\sisgrv.dll

2007-04-16 11:15 7,168 -ra------ C:\WINDOWS\system32\instFunc.dll

2007-04-16 11:15 65,536 -ra------ C:\WINDOWS\system32\sis760.bin

2007-04-16 11:15 65,536 -ra------ C:\WINDOWS\system32\sis741.bin

2007-04-16 11:15 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll

2007-04-16 11:15 49,152 -ra------ C:\WINDOWS\system32\sis660.bin

2007-04-16 11:15 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll

2007-04-16 11:15 24,576 -ra------ C:\WINDOWS\system32\SiSPInst.dll

2007-04-16 11:15 184,320 -ra------ C:\WINDOWS\system32\SiSInst.dll

2007-04-16 11:15 12,928 -ra------ C:\WINDOWS\system32\drivers\srvkp.sys

2007-04-16 11:15 1,864,425 -ra------ C:\WINDOWS\system32\sisgl.dll

2007-04-16 11:15 <DIR> d-------- C:\WINDOWS\system32\trayres

2007-04-16 10:09 <DIR> d-------- C:\Arquivos de programas\SiS VGA Utilities V3.62

2007-04-16 09:29 <DIR> d-------- C:\Arquivos de programas\Lavalys

2007-04-13 09:31 <DIR> d-------- C:\Arquivos de programas\Super C v2007 build 22

2007-04-12 17:20 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-04-12 17:20 66,560 --a------ C:\WINDOWS\MOTA113.exe

2007-04-12 17:20 502,784 --a------ C:\WINDOWS\x2.64.exe

2007-04-12 17:20 471,552 --a------ C:\WINDOWS\system32\Smab.dll

2007-04-12 17:20 306,688 --a------ C:\WINDOWS\system32\avisynth.dll

2007-04-12 17:20 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll

2007-04-12 17:20 240,128 --a------ C:\WINDOWS\system32\x.264.exe

2007-04-12 17:20 217,073 --a------ C:\WINDOWS\meta4.exe

2007-04-05 10:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

2007-04-05 10:55 <DIR> d-------- C:\Arquivos de programas\Nero

2007-04-05 10:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-04-05 10:08 <DIR> d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\Ahead

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-24 15:19 -------- d-------- C:\Arquivos de programas\programas srf

2007-04-23 09:48 -------- d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\nokia

2007-04-23 09:43 -------- d-------- C:\Arquivos de programas\nokia

2007-04-16 12:49 -------- d--h----- C:\Arquivos de programas\installshield installation information

2007-04-10 17:58 -------- d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\nokia multimedia player

2007-03-22 13:49 -------- d-------- C:\Arquivos de programas\dvd shrink

2007-03-22 13:38 -------- d-------- C:\Arquivos de programas\cyberlink dvd solution

2007-03-21 11:30 -------- d-------- C:\Arquivos de programas\cyberlink

2007-03-17 10:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-15 15:21 -------- d-------- C:\Arquivos de programas\discador itelefonica

2007-03-14 13:13 -------- d-------- C:\Arquivos de programas\k-litenitro

2007-03-13 18:44 58 --a------ C:\WINDOWS\sysdat.dll

2007-03-08 12:36 578048 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 12:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 12:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 12:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-08 09:47 -------- d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\talkback

2007-03-07 16:44 -------- d-------- C:\Arquivos de programas\windows media connect 2

2007-03-06 10:42 -------- d-------- C:\DOCUME~1\BRIAN ROXY\DADOSD~1\bittorrent

2007-03-06 10:42 -------- d-------- C:\Arquivos de programas\quicktime

2007-03-06 09:09 -------- d-------- C:\Arquivos de programas\bittorrent

2007-03-02 16:06 -------- d-------- C:\Arquivos de programas\everest

2007-02-28 09:47 -------- d-------- C:\Arquivos de programas\directx

2007-02-28 09:47 -------- d-------- C:\Arquivos de programas\creative

2007-02-27 14:22 68408 --a------ C:\WINDOWS\system32\perfc016.dat

2007-02-27 14:22 428340 --a------ C:\WINDOWS\system32\perfh016.dat

2007-02-27 14:18 -------- d-------- C:\Arquivos de programas\stylecam blink

2007-02-27 14:18 -------- d-------- C:\Arquivos de programas\Arquivos comuns\dsc-07

2007-02-22 10:15 90624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-02-05 17:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{C41A1C0E-EA6C-11D4-B1B8-444553540000} C:\WINDOWS\Downloaded Program Files\gbieh.dll

{C41A1C0E-EA6C-11D4-B1B8-444553540007} C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"PCTVOICE"="pctspk.exe"

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"AGRSMMSG"="AGRSMMSG.exe"

"SmcService"="\"C:\\ARQUIV~1\\Sygate\\SPF\\smc.exe\" -startgui"

"QuickTime Task"="\"C:\\Arquivos de programas\\QuickTime\\qttask.exe\" -atboottime"

"RemoteControl"="\"C:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""

"NeroFilterCheck"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe\""

"SiSPower"="\"Rundll32.exe\" SiSPower.dll,ModeAgent"

"MSRTspro2"="msrtspr1.exe"

"AVG7_CC"="\"C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"

"PCSuiteTrayApplication"="\"C:\\Arquivos de programas\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -startup"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe\""

"PowerBar"=""

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"="C:\\Arquivos de programas\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\

Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\

Notification Packages REG_MULTI_SZ scecli\

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-04-26 14:48:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????l?@?????????D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0????????????%'???8~?????????????????X??O???:???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-04-26 14:49:04

C:\ComboFix-quarantined-files.txt ... 07-04-26 14:49

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Brian Roxy!

 

Por favor, caso alguém já possua um Clean Virus para Virus Trojan Horse Generic3.RGJ,

informe-me, porque não encontrei ainda. Muito Obrigado

<!> Ainda não existe uma ferramenta,específica,para êste Malware!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<!> Faça êstes dois escaneamentos OnLine,e poste o relatório:

<!> Panda e Kaspersky!

<!> Panda.

<!> Na página,clique no botão Scan you PC.

<!> Clique em Next.

<!> Digite o seu E-Mail.

<!> Clique em Send.

<!> Finalize clicando em All PC. ( All My Computer )

<!> Aguarde!Pois vai demorar um pouco para concluir o scan.

<!> Salve o relatório ( Log ) dêste escaneamento!

<!> Selecione e copie para o Bloco de Notas e poste para análise.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<!> Terminando,faça um escaneamento em Kaspersky e poste o relatório.

 

Sem Mais!

DigRam

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.