[Resolvido!]Problemas no winlogon e janelas do iexplorer com propa

Vitor Linares · Julho 12, 2007

executei o hijack this, meu log atual é este abaixoalguem sabe o que acontece??pode me dar um help??agradeço desde jáLogfile of HijackThis v1.99.1Scan saved at 13:50:56, on 12/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wvdvuery.exe (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Vitor Linares · Julho 12, 2007

olá,eu executei alguns procedimentos que me indicaram.executei o bankerfix, o fixwareout e o ccleaner, mas naum mudou em nada as janelas com propaganda continuam abrindo, e ainda piorou...pois alem das janelas começaram a aparecer banner do winantivirus, janelas do mercadolivre e outras mais.abaixo esta meu log depois de executar os procedimentos citados acima:Logfile of HijackThis v1.99.1Scan saved at 14:32:00, on 12/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\hijackthis\HijackThis.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 12, 2007

Opa Vitor Linares,

1. Baixe o SmitfraudFix;

2. Desabilite a proteção do seu anti-vírus (temporariamente);

3. Extraia o arquivo SmitFraudFix para o seu desktop;

4. Reinicie em Modo Seguro;

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

7. Aguarde o término do scan e a geração do log;

8. Reinicie em Modo Normal;

9. Reabilite o seu anti-vírus;

10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

Abraços.

Vitor Linares · Julho 12, 2007

Após efetuado o procedimento, seguem abaixo os logs na ordem respectiva...Smith Fraud... SmitFraudFix v2.202Scan done at 18:10:30,28, 12/07/2007Run from C:\Documents and Settings\vitor\Desktop\SmitfraudFixOS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» hosts127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files»»»»»»»»»»»»»»»»»»»»»»»» DNSHKLM\SYSTEM\CCS\Services\Tcpip\..\{32900BFD-633A-42A3-AFEA-8A9B3F1019DF}: DhcpNameServer=192.168.0.1HKLM\SYSTEM\CS1\Services\Tcpip\..\{32900BFD-633A-42A3-AFEA-8A9B3F1019DF}: DhcpNameServer=192.168.0.1HKLM\SYSTEM\CS2\Services\Tcpip\..\{32900BFD-633A-42A3-AFEA-8A9B3F1019DF}: DhcpNameServer=192.168.0.1HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» EndHijack This...Logfile of HijackThis v1.99.1Scan saved at 18:13:58, on 12/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 12, 2007

Opa Vitor Linares,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

Vitor Linares · Julho 12, 2007

fiz todo o procedimento...

Combofix.txt

"vitor" - 2007-07-12 18:41:18 - ComboFix 07-07-13 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\aqabxuii.dll

C:\WINDOWS\system32\ayikernr.dll

C:\WINDOWS\system32\brsbsefd.dll

C:\WINDOWS\system32\ctrrmvpu.dll

C:\WINDOWS\system32\cwdnvdas.dll

C:\WINDOWS\system32\davyrmha.dll

C:\WINDOWS\system32\desibkot.dll

C:\WINDOWS\system32\eqvvyuey.dll

C:\WINDOWS\system32\euxfmkjo.dll

C:\WINDOWS\system32\fgwddikf.dll

C:\WINDOWS\system32\foibtkxw.dll

C:\WINDOWS\system32\ifchsfqw.dll

C:\WINDOWS\system32\kcybtplv.dll

C:\WINDOWS\system32\klrgwdfm.dll

C:\WINDOWS\system32\nxhyllrf.dll

C:\WINDOWS\system32\rcxtpqum.dll

C:\WINDOWS\system32\rgiqscrq.dll

C:\WINDOWS\system32\rommggnc.dll

C:\WINDOWS\system32\ufxdxkec.dll

C:\WINDOWS\system32\uiapcwdg.dll

C:\WINDOWS\system32\viwbboms.dll

C:\WINDOWS\system32\wtpwrkyi.dll

C:\WINDOWS\system32\xuhlachi.dll

C:\WINDOWS\system32\efccyyx.dll

C:\WINDOWS\system32\iiuxbaqa.ini

C:\WINDOWS\system32\rtvwa.bak1

C:\WINDOWS\system32\rtvwa.bak2

C:\WINDOWS\system32\rtvwa.ini

C:\WINDOWS\system32\rtvwa.ini2

C:\WINDOWS\system32\rnrekiya.ini

C:\WINDOWS\system32\dfesbsrb.ini

C:\WINDOWS\system32\upvmrrtc.ini

C:\WINDOWS\system32\sadvndwc.ini

C:\WINDOWS\system32\ahmryvad.ini

C:\WINDOWS\system32\tokbised.ini

C:\WINDOWS\system32\ojkmfxue.ini

C:\WINDOWS\system32\fkiddwgf.ini

C:\WINDOWS\system32\wxktbiof.ini

C:\WINDOWS\system32\wqfshcfi.ini

C:\WINDOWS\system32\vlptbyck.ini

C:\WINDOWS\system32\mfdwgrlk.ini

C:\WINDOWS\system32\frllyhxn.ini

C:\WINDOWS\system32\muqptxcr.ini

C:\WINDOWS\system32\qrcsqigr.ini

C:\WINDOWS\system32\cnggmmor.ini

C:\WINDOWS\system32\cekxdxfu.ini

C:\WINDOWS\system32\gdwcpaiu.ini

C:\WINDOWS\system32\smobbwiv.ini

C:\WINDOWS\system32\iykrwptw.ini

C:\WINDOWS\system32\ihcalhux.ini

C:\WINDOWS\system32\rtvwa.bak1

C:\WINDOWS\system32\rtvwa.bak2

C:\WINDOWS\system32\rtvwa.ini

C:\WINDOWS\system32\rtvwa.ini2

C:\WINDOWS\system32\rtvwa.tmp

C:\WINDOWS\system32\awvtr.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ddegpbsf.exe

C:\WINDOWS\system32\hevwjeey.exe

C:\WINDOWS\system32\hvscsned.exe

C:\WINDOWS\system32\mheopnsu.exe

C:\WINDOWS\system32\mpvsijpo.exe

C:\WINDOWS\system32\obdrnluj.exe

C:\WINDOWS\system32\qcdpjshf.exe

C:\WINDOWS\system32\wxtkwjue.exe

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))

2007-07-12 18:40 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-12 14:08 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-12 13:55 66,624 --a------ C:\WINDOWS\system32\uiucfpau.dll

2007-07-12 13:50 66,112 --a------ C:\WINDOWS\system32\ubftwhmt.exe

2007-07-12 13:50 <DIR> d-------- C:\hijackthis

2007-07-12 13:21 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\MailFrontier

2007-07-12 11:14 66,624 --a------ C:\WINDOWS\system32\huemftap.dll

2007-07-12 11:12 66,112 --a------ C:\WINDOWS\system32\ptngmdtq.exe

2007-07-12 09:27 66,624 --a------ C:\WINDOWS\system32\utguwlml.dll

2007-07-12 09:21 66,112 --a------ C:\WINDOWS\system32\svwtukil.exe

2007-07-11 17:52 66,624 --a------ C:\WINDOWS\system32\guudufhs.dll

2007-07-11 17:49 66,112 --a------ C:\WINDOWS\system32\lewmrtum.exe

2007-07-11 16:51 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll

2007-07-11 16:51 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll

2007-07-11 16:51 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll

2007-07-11 16:51 23,040 --a------ C:\WINDOWS\system32\regtrace.exe

2007-07-11 16:51 12,800 --a------ C:\WINDOWS\system32\smtpctrs.dll

2007-07-11 16:50 9,216 --a------ C:\WINDOWS\system32\infoctrs.dll

2007-07-11 16:50 7,680 --a------ C:\WINDOWS\system32\ftpctrs2.dll

2007-07-11 16:50 7,168 --a------ C:\WINDOWS\system32\wamregps.dll

2007-07-11 16:50 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll

2007-07-11 16:50 6,144 --a------ C:\WINDOWS\system32\admxprox.dll

2007-07-11 16:50 56,832 --a------ C:\WINDOWS\system32\convlog.exe

2007-07-11 16:50 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll

2007-07-11 16:50 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll

2007-07-11 16:50 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll

2007-07-11 16:50 3,584 --a------ C:\WINDOWS\system32\iismui.dll

2007-07-11 16:50 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll

2007-07-11 16:50 14,848 --a------ C:\WINDOWS\system32\iisreset.exe

2007-07-11 16:50 10,240 --a------ C:\WINDOWS\system32\aspperf.dll

2007-07-11 16:49 9,728 --a------ C:\WINDOWS\system32\rwnh.dll

2007-07-11 16:49 68,608 --a------ C:\WINDOWS\system32\iisext.dll

2007-07-11 16:49 64,512 --a------ C:\WINDOWS\system32\iismap.dll

2007-07-11 16:49 290,816 --a------ C:\WINDOWS\system32\adsiis.dll

2007-07-11 16:49 14,336 --a------ C:\WINDOWS\system32\exstrace.dll

2007-07-11 16:49 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll

2007-07-11 16:49 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll

2007-07-11 16:49 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll

2007-07-11 08:17 66,112 --a------ C:\WINDOWS\system32\eesjxsue.exe

2007-07-09 15:22 1,470,464 --a------ C:\WINDOWS\system32\libmySQL.dll

2007-07-09 15:21 <DIR> d-------- C:\Arquivos de programas\CodeGear

2007-07-06 17:10 <DIR> d-------- C:\Downloads

2007-07-06 17:07 <DIR> d-------- C:\Arquivos de programas\BitComet

2007-07-06 17:03 <DIR> d-------- C:\Arquivos de programas\Aptana

2007-07-05 13:46 <DIR> d-------- C:\Arquivos de programas\MSECache

2007-07-05 12:28 <DIR> d-------- C:\WINDOWS\CSC

2007-07-05 12:15 1,572,864 --ah----- C:\DOCUME~1\cleaner\NTUSER.DAT

2007-07-05 12:15 <DIR> dr-h----- C:\DOCUME~1\cleaner\Dados de aplicativos

2007-07-05 12:15 <DIR> dr------- C:\DOCUME~1\cleaner\Menu Iniciar

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Modelos

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Configura‡äes locais

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Ambiente de rede

2007-07-05 12:15 <DIR> d--h----- C:\DOCUME~1\cleaner\Ambiente de impressÆo

2007-07-05 12:15 <DIR> d-------- C:\DOCUME~1\cleaner\Meus documentos

2007-07-05 12:15 <DIR> d-------- C:\DOCUME~1\cleaner\Favoritos

2007-07-02 19:19 <DIR> d-------- C:\monitor

2007-07-02 17:52 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Talkback

2007-06-29 09:13 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-06-28 08:06 56 -r-hs---- C:\WINDOWS\system32\35EE7CDA7D.sys

2007-06-28 08:05 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-06-28 08:05 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Corel

2007-06-28 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

2007-06-28 08:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-06-28 07:58 <DIR> d-------- C:\Arquivos de programas\Corel

2007-06-27 10:16 1,426 --a------ C:\WINDOWS\system32\tmp.reg

2007-06-27 10:00 2,624 --a------ C:\WINDOWS\system32\rhemjbxv.exe

2007-06-27 08:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-06-25 08:59 <DIR> d-------- C:\WINDOWS\pss

2007-06-25 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-06-25 08:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-06-20 18:03 786,432 --ah----- C:\DOCUME~1\TI\NTUSER.DAT

2007-06-20 18:03 <DIR> dr-h----- C:\DOCUME~1\TI\Dados de aplicativos

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Meus documentos

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Menu Iniciar

2007-06-20 18:03 <DIR> dr------- C:\DOCUME~1\TI\Favoritos

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Modelos

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Configura‡äes locais

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Ambiente de rede

2007-06-20 18:03 <DIR> d--h----- C:\DOCUME~1\TI\Ambiente de impressÆo

2007-06-17 03:59 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2007-06-17 02:00 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\MySQL

2007-06-17 01:59 <DIR> d-------- C:\Arquivos de programas\Data Conversions

2007-06-16 22:47 <DIR> d-------- C:\Arquivos de programas\MySQL

2007-06-16 15:23 <DIR> d---s---- C:\DOCUME~1\vitor\UserData

2007-06-14 15:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-06-14 15:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-14 08:42 <DIR> d-------- C:\DOCUME~1\vitor\Configuraes locais

2007-06-14 08:29 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\Skype

2007-06-14 07:41 <DIR> d-------- C:\DOCUME~1\vitor\DADOSD~1\WinRAR

2007-06-14 07:36 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-06-14 07:27 <DIR> d-------- C:\Arquivos de programas\PowerISO

2007-06-14 05:20 4,718,592 --ah----- C:\DOCUME~1\vitor\NTUSER.DAT

2007-06-14 05:20 <DIR> dr------- C:\DOCUME~1\vitor\Meus documentos

2007-06-14 05:20 <DIR> dr------- C:\DOCUME~1\vitor\Favoritos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Modelos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Dados de aplicativos

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Configura‡äes locais

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Ambiente de rede

2007-06-14 05:20 <DIR> d--h----- C:\DOCUME~1\vitor\Ambiente de impressÆo

2007-06-14 05:20 <DIR> d-------- C:\DOCUME~1\vitor\Menu Iniciar

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-12 16:39:18 53,780 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-07-12 16:39:18 3,623,456 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-07-12 16:39:18 20,636 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2007-07-12 16:39:18 164,896 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2007-07-12 16:14:36 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat

2007-07-12 11:24:55 439,128 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-12 11:24:55 113,720 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-06 20:10:32 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-06-28 11:04:45 -------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-06-17 09:57:06 -------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2007-06-14 10:39:10 -------- d-----w C:\Arquivos de programas\Microsoft SQL Server

2007-06-14 10:37:25 -------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-06-14 07:28:14 25,732 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-06-11 15:14:22 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2007-06-11 15:12:59 -------- d-----w C:\Arquivos de programas\Ahead

2007-06-11 15:12:32 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-04 14:07:45 -------- d-----w C:\Arquivos de programas\RealVNC

2007-06-01 18:25:38 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-05-31 20:30:09 1,188 ----a-w C:\WINDOWS\mozver.dat

2007-05-31 18:25:21 -------- d-----w C:\Arquivos de programas\Skype

2007-05-31 18:25:21 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-05-31 14:28:16 0 ----a-w C:\WINDOWS\nsreg.dat

2007-05-30 19:54:24 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-30 18:00:18 -------- d-----w C:\Arquivos de programas\Microsoft Works

2007-05-30 14:08:58 -------- d-----w C:\Arquivos de programas\Foxit Software

2007-05-30 12:58:31 -------- d-----w C:\Arquivos de programas\Microsoft Device Emulator

2007-05-30 12:58:19 -------- d-----w C:\Arquivos de programas\Microsoft SQL Server 2005 Mobile Edition

2007-05-30 12:50:05 -------- d-----w C:\Arquivos de programas\MSBuild

2007-05-30 12:50:03 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Merge Modules

2007-05-30 12:46:37 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Business Objects

2007-05-30 12:46:10 -------- d-----w C:\Arquivos de programas\CE Remote Tools

2007-05-29 16:08:22 -------- d-----w C:\Arquivos de programas\Microsoft ASP.NET

2007-05-27 14:51:54 -------- d-----w C:\Arquivos de programas\Hewlett-Packard

2007-05-27 14:31:42 -------- d-----w C:\Arquivos de programas\HP

2007-05-27 13:21:09 -------- d-----w C:\Arquivos de programas\Messenger

2007-05-27 12:53:18 -------- d-----w C:\Arquivos de programas\HPQ

2007-05-27 12:53:10 -------- d-----w C:\Arquivos de programas\Arquivos comuns\LightScribe

2007-05-27 12:51:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-05-27 12:51:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-05-27 12:30:19 -------- d-----w C:\Arquivos de programas\Movie Maker

2007-05-27 12:26:30 -------- d-----w C:\Arquivos de programas\Windows NT

2007-05-26 19:47:27 -------- d-----w C:\Arquivos de programas\CONEXANT

2007-05-26 19:46:18 -------- d--h--w C:\Arquivos de programas\WindowsUpdate

2007-05-26 19:45:22 -------- d-----w C:\Arquivos de programas\NetWaiting

2007-05-26 19:42:47 -------- d-----w C:\Arquivos de programas\DIFX

2007-05-26 19:41:23 -------- d-----w C:\Arquivos de programas\Broadcom

2007-05-26 19:04:31 -------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-05-26 19:04:11 0 --sha-r C:\MSDOS.SYS

2007-05-26 19:04:11 0 --sha-r C:\IO.SYS

2007-05-26 19:04:11 0 ----a-w C:\CONFIG.SYS

2007-05-26 19:04:11 0 ----a-w C:\AUTOEXEC.BAT

2007-05-26 19:01:35 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-05-26 19:01:26 -------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-05-26 18:59:25 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-05-26 18:59:09 -------- d-----w C:\Arquivos de programas\MSN Gaming Zone

2007-05-26 18:50:23 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-05-26 18:50:19 -------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-13 06:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E420E0D-50F7-4452-9F7D-5A7A86E32285}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-02-08 02:04 158272 --a------ C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4002EFB3-B946-4A9D-A30E-6C6A55BA9B0B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96220B88-6A64-4D60-9DE6-5898F72AE9A3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97FCE828-B39E-4E60-AD7C-3DD45E711AF9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE577759-2DF4-4970-BE3A-87F4E5627268}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

2007-06-15 15:29 330424 --a------ C:\Arquivos de programas\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\Arquivos de programas\GbPlugin\gbiehabn.dll" [2007-06-15 15:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

C:\Arquivos de programas\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 18:54:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]

"ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

Completion time: 2007-07-12 18:55:28 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-12 18:55

--- E O F ---

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Vamos lá.

* Baixe o VundoFix.

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Abraços.

Vitor Linares · Julho 13, 2007

log do vundofix...VundoFix V6.5.4Checking Java version...Sun Java not detectedScan started at 11:52:16 13/07/2007Listing files found while scanning....C:\windows\system32\rhemjbxv.exeBeginning removal... Attempting to delete C:\windows\system32\rhemjbxv.exeC:\windows\system32\rhemjbxv.exe Has been deleted!Performing Repairs to the registry.Done!log do hijackthisLogfile of HijackThis v1.99.1Scan saved at 11:58:20, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\HijackThis.exeO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)O2 - BHO: (no name) - {2E420E0D-50F7-4452-9F7D-5A7A86E32285} - (no file)O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {4002EFB3-B946-4A9D-A30E-6C6A55BA9B0B} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {83FC1DE8-27FD-4BE8-A5B7-9205685F9653} - (no file)O2 - BHO: (no name) - {96220B88-6A64-4D60-9DE6-5898F72AE9A3} - (no file)O2 - BHO: (no name) - {97FCE828-B39E-4E60-AD7C-3DD45E711AF9} - (no file)O2 - BHO: (no name) - {BE577759-2DF4-4970-BE3A-87F4E5627268} - (no file)O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: awvtr - C:\WINDOWS\O20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Rapaz, quanta praga! :devil: Bem, vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

1ª Etapa

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS\system32\aqabxuii.dll

C:\WINDOWS\system32\ayikernr.dll

C:\WINDOWS\system32\brsbsefd.dll

C:\WINDOWS\system32\ctrrmvpu.dll

C:\WINDOWS\system32\cwdnvdas.dll

C:\WINDOWS\system32\davyrmha.dll

C:\WINDOWS\system32\desibkot.dll

C:\WINDOWS\system32\eqvvyuey.dll

C:\WINDOWS\system32\euxfmkjo.dll

C:\WINDOWS\system32\fgwddikf.dll

C:\WINDOWS\system32\foibtkxw.dll

C:\WINDOWS\system32\ifchsfqw.dll

C:\WINDOWS\system32\kcybtplv.dll

C:\WINDOWS\system32\klrgwdfm.dll

C:\WINDOWS\system32\nxhyllrf.dll

C:\WINDOWS\system32\rcxtpqum.dll

C:\WINDOWS\system32\rgiqscrq.dll

C:\WINDOWS\system32\rommggnc.dll

C:\WINDOWS\system32\ufxdxkec.dll

C:\WINDOWS\system32\uiapcwdg.dll

C:\WINDOWS\system32\viwbboms.dll

C:\WINDOWS\system32\wtpwrkyi.dll

C:\WINDOWS\system32\xuhlachi.dll

C:\WINDOWS\system32\efccyyx.dll

C:\WINDOWS\system32\iiuxbaqa.ini

C:\WINDOWS\system32\rtvwa.bak1

C:\WINDOWS\system32\rtvwa.bak2

C:\WINDOWS\system32\rtvwa.ini

C:\WINDOWS\system32\rtvwa.ini2

C:\WINDOWS\system32\rnrekiya.ini

C:\WINDOWS\system32\dfesbsrb.ini

C:\WINDOWS\system32\upvmrrtc.ini

C:\WINDOWS\system32\sadvndwc.ini

C:\WINDOWS\system32\ahmryvad.ini

C:\WINDOWS\system32\tokbised.ini

C:\WINDOWS\system32\ojkmfxue.ini

C:\WINDOWS\system32\fkiddwgf.ini

C:\WINDOWS\system32\wxktbiof.ini

C:\WINDOWS\system32\wqfshcfi.ini

C:\WINDOWS\system32\vlptbyck.ini

C:\WINDOWS\system32\mfdwgrlk.ini

C:\WINDOWS\system32\frllyhxn.ini

C:\WINDOWS\system32\muqptxcr.ini

C:\WINDOWS\system32\qrcsqigr.ini

C:\WINDOWS\system32\cnggmmor.ini

C:\WINDOWS\system32\cekxdxfu.ini

C:\WINDOWS\system32\gdwcpaiu.ini

C:\WINDOWS\system32\smobbwiv.ini

C:\WINDOWS\system32\iykrwptw.ini

C:\WINDOWS\system32\ihcalhux.ini

C:\WINDOWS\system32\rtvwa.bak1

C:\WINDOWS\system32\rtvwa.bak2

C:\WINDOWS\system32\rtvwa.ini

C:\WINDOWS\system32\rtvwa.ini2

C:\WINDOWS\system32\rtvwa.tmp

C:\WINDOWS\system32\awvtr.dll

C:\WINDOWS\system32\uiucfpau.dll

C:\WINDOWS\system32\ubftwhmt.exe

C:\WINDOWS\system32\huemftap.dll

C:\WINDOWS\system32\ptngmdtq.exe

C:\WINDOWS\system32\utguwlml.dll

C:\WINDOWS\system32\svwtukil.exe

C:\WINDOWS\system32\guudufhs.dll

C:\WINDOWS\system32\lewmrtum.exe

C:\WINDOWS\system32\eesjxsue.exe

C:\WINDOWS\system32\rhemjbxv.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {2E420E0D-50F7-4452-9F7D-5A7A86E32285} - (no file)

O2 - BHO: (no name) - {4002EFB3-B946-4A9D-A30E-6C6A55BA9B0B} - (no file)

O2 - BHO: (no name) - {83FC1DE8-27FD-4BE8-A5B7-9205685F9653} - (no file)

O2 - BHO: (no name) - {96220B88-6A64-4D60-9DE6-5898F72AE9A3} - (no file)

O2 - BHO: (no name) - {97FCE828-B39E-4E60-AD7C-3DD45E711AF9} - (no file)

O2 - BHO: (no name) - {BE577759-2DF4-4970-BE3A-87F4E5627268} - (no file)

O20 - Winlogon Notify: awvtr - C:\WINDOWS\

O20 - Winlogon Notify: efccyyx - C:\WINDOWS\

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Delete o conteúdo da pasta C:\!Killbox.

Poste um novo log do HijackThis.

Aguardo retorno.

Um abraço.

Vitor Linares · Julho 13, 2007

Log do hijackthisLogfile of HijackThis v1.99.1Scan saved at 15:23:23, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\wscntfy.exeC:\HijackThis.exeO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)O2 - BHO: (no name) - {2E420E0D-50F7-4452-9F7D-5A7A86E32285} - (no file)O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {4002EFB3-B946-4A9D-A30E-6C6A55BA9B0B} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {83FC1DE8-27FD-4BE8-A5B7-9205685F9653} - (no file)O2 - BHO: (no name) - {96220B88-6A64-4D60-9DE6-5898F72AE9A3} - (no file)O2 - BHO: (no name) - {97FCE828-B39E-4E60-AD7C-3DD45E711AF9} - (no file)O2 - BHO: (no name) - {BE577759-2DF4-4970-BE3A-87F4E5627268} - (no file)O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: awvtr - C:\WINDOWS\O20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {2E420E0D-50F7-4452-9F7D-5A7A86E32285} - (no file)

O2 - BHO: (no name) - {4002EFB3-B946-4A9D-A30E-6C6A55BA9B0B} - (no file)

O2 - BHO: (no name) - {83FC1DE8-27FD-4BE8-A5B7-9205685F9653} - (no file)

O2 - BHO: (no name) - {96220B88-6A64-4D60-9DE6-5898F72AE9A3} - (no file)

O2 - BHO: (no name) - {97FCE828-B39E-4E60-AD7C-3DD45E711AF9} - (no file)

O2 - BHO: (no name) - {BE577759-2DF4-4970-BE3A-87F4E5627268} - (no file)

O20 - Winlogon Notify: awvtr - C:\WINDOWS\

O20 - Winlogon Notify: efccyyx - C:\WINDOWS\

Clique em Fix Checked.

Poste um novo log do HijackThis.

Aguardo retorno.

Um abraço.

Vitor Linares · Julho 13, 2007

log novoLogfile of HijackThis v1.99.1Scan saved at 15:38:23, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Skype\Phone\Skype.exeC:\Arquivos de programas\Skype\Plugin Manager\SkypePM.exeC:\hijackthis\HijackThis.exeO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Execute o HijackThis, clique em Do a system scan only e marque:

O20 - Winlogon Notify: efccyyx - C:\WINDOWS\

Clique em Fix Checked.

Poste um novo log do HijackThis.

Aguardo retorno.

Um abraço.

Vitor Linares · Julho 13, 2007

Num ta dando certooonum remove isso de jeito nenhumlog novoLogfile of HijackThis v1.99.1Scan saved at 15:43:48, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Skype\Phone\Skype.exeC:\Arquivos de programas\Skype\Plugin Manager\SkypePM.exeC:\hijackthis\HijackThis.exeO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Reinicie em Modo Seguro.

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

Navegue até a seguinte subchave:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

Delete a seguinte pasta:

efccyyx

Saia do Editor do Registro.

Reinicie em Modo Normal.

Poste um novo log.

Abraços.

Vitor Linares · Julho 13, 2007

Jgarcia... apaguei do Registro como Pediu... mas acho que ta devolta...Segue o log abaixo:Logfile of HijackThis v1.99.1Scan saved at 16:16:56, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Jgarcia... apaguei do Registro como Pediu... mas acho que ta devolta...

Repita as operações (Registro e Fix no HijackThis).

Poste um novo log.

Abraços.

Vitor Linares · Julho 13, 2007

Segue novo Log...Logfile of HijackThis v1.99.1Scan saved at 16:29:53, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jgarcia · Julho 13, 2007

Opa Vitor Linares,

Agora sim!!! O seu log está LIMPO. :thumbsup:

Para finalizar:

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

Abraços.

Vitor Linares · Julho 13, 2007

Garciaaa... heheh!!!Essa está persistente...Apenas reiniciei o computador e veja...Da uma olhada nesse log...Logfile of HijackThis v1.99.1Scan saved at 16:43:31, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exec:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\wscntfy.exeC:\hijackthis\HijackThis.exeC:\WINDOWS\System32\svchost.exeO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.2.7.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htmO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: efccyyx - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Arquivado

[Resolvido!]Problemas no winlogon e janelas do iexplorer com propa

Recommended Posts

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Vitor Linares 0