[Arquivado] Msn enviando virus para todos os contatos

[phfmiranda 0]

Boa noite galera meu msn esta enviando milhares de e-mails com links de virus para todos os meus contatos, ja passei o avast na area de boot, adware 2007 e o spybot e não acha nada como posso dar um jeito nisso???

 

Abaixo esta meu log do hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 00:41, on 2008-04-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Pedro Henrique\Desktop\HijackThis.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marketingpolis.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{74BA3A1E-F230-45C6-AA36-33E9C7F1A81D}: NameServer = 200.195.3.5,200.195.3.69

O17 - HKLM\System\CCS\Services\Tcpip\..\{7907E200-75FB-42AA-BCCD-C58410F8D9DF}: NameServer = 200.195.3.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE7189A4-7FEB-4F7B-8B3D-0AC5187889C4}: NameServer = 200.195.3.5,200.195.3.69

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

Valeu

phfmiranda

[jgarcia 1]

Opa phfmiranda,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[phfmiranda 0]

ai amigo ja esta ai o log do combofix

 

 

ComboFix 08-04-27.2 - User 2008-04-28 10:19:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.91 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\Arquivos de programas\GbPluggin\gbplib.dll

C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\x.txt

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))

.

 

2008-04-28 10:19 . 2008-04-28 10:19 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-25 18:49 . 2008-04-28 09:23 3,632 --a------ C:\WINDOWS\svchost

2008-04-25 16:42 . 2008-04-25 16:42 81,302 --a------ C:\WINDOWS\_bmp23_.bm_

2008-04-25 16:41 . 2008-04-25 16:41 1,521 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-25 16:39 . 2008-04-25 16:41 <DIR> d-------- C:\4efd95dbe0ba9eb02971990bc245cd

2008-04-24 12:29 . 2008-04-28 10:14 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-23 09:38 . 2005-04-06 00:30 26,752 -ra------ C:\WINDOWS\system32\drivers\ipfnd51.sys

2008-04-08 10:21 . 2008-04-08 10:21 <DIR> d-------- C:\Arquivos de programas\Digitador

2008-04-07 14:53 . 2005-08-09 15:37 4,286 --a------ C:\Pharmacy.ico

2008-04-04 22:20 . 2007-06-20 20:45 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-04-04 22:20 . 2008-04-28 10:23 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-04-04 22:20 . 2007-06-20 17:33 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-04-04 22:20 . 2008-04-04 22:22 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser

2008-04-04 22:20 . 2008-04-28 10:18 1,024 --ah----- C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT.LOG

2008-04-03 12:07 . 2006-10-03 11:10 17,972 -ra------ C:\WINDOWS\system32\drivers\slnt.sys

2008-04-03 11:48 . 2008-04-03 11:48 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-31 12:36 . 2008-03-31 14:02 <DIR> d-------- C:\CoteFacil

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-28 13:23 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Hamachi

2008-04-28 11:06 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-04-25 19:41 --------- d-----w C:\Arquivos de programas\Google

2008-04-18 14:54 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\FileZilla

2008-04-03 14:48 --------- d-----w C:\Arquivos de programas\Symantec

2008-04-03 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-03 14:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-04-02 19:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-02 10:56 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Image Zone Express

2008-03-26 20:14 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-03-26 18:02 --------- d-----w C:\Arquivos de programas\Hamachi

2008-03-26 18:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-20 22:14 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Symantec

2008-03-20 22:10 --------- d-----w C:\Arquivos de programas\ESET

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-13 19:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-13 18:36 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-13 18:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-05 12:35 --------- d-----w C:\Arquivos de programas\HP

2008-03-05 12:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-03-05 12:26 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\HP

2008-03-04 17:28 --------- d-----w C:\Arquivos de programas\Citrix

2008-02-29 20:04 691,545 ----a-w C:\WINDOWS\unins001.exe

2008-02-25 21:09 23,488 ----a-w C:\Documents and Settings\User\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-02-20 11:30 798,720 ----a-w C:\WINDOWS\system32\BemaFI32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

2008-04-24 12:33 763392 --a------ C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 06:44 7916032]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-03-26 15:01:54 624416]

Proxy.lnk - C:\Arquivos de programas\AnalogX\Proxy\proxy.exe [2007-06-28 17:40:47 154628]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Pserv32.exe.lnk - C:\HLTEMP\Pserv32.exe [2007-06-20 20:49:15 174592]

Suporte Pharmacy.lnk - C:\Arquivos de programas\SuportePH\winvnc.exe [2007-06-20 20:54:26 630854]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\Arquivos de programas\GbPluggin\gbiehdst.dll" SpecialFunction

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn]

C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll 2008-04-24 12:33 763392 C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ImapiService"=3 (0x3)

"wscsvc"=2 (0x2)

"wuauserv"=2 (0x2)

"helpsvc"=2 (0x2)

"Schedule"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\SuportePH\\winvnc.exe"=

"C:\\Arquivos de programas\\AnalogX\\Proxy\\proxy.exe"=

"C:\\PE-DMSC\\PE.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Digifarma\\Digifarma.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3050:TCP"= 3050:TCP:FIREBIRD

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe [2007-03-02 14:05]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 Proteq;Proteq;C:\WINDOWS\system32\drivers\Proteq.sys [2003-07-17 16:02]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe [2007-03-02 14:05]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 00:30]

S3 slnt;Kaiomy KM8139D 10/100Mbps PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2006-10-03 11:10]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 10:23:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 13

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Arquivos de programas\GbPluggin\gbplib.dll

-> C:\Arquivos de programas\GbPluggin\gbppdist.dll

.

Tempo para conclusão: 2008-04-28 10:27:24

ComboFix-quarantined-files.txt 2008-04-28 13:27:16

 

Pre-Run: 92,954,873,856 bytes disponíveis

Post-Run: 92,970,848,256 bytes disponíveis

 

172 --- E O F --- 2008-04-25 19:43:07

[jgarcia 1]

Opa phfmiranda,

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8, repetidamente, até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Agora, siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Arquivos de programas\GbPluggin\gbiehdst.dll

C:\Arquivos de programas\GbPluggin\gbplib.dll

C:\Arquivos de programas\GbPluggin\gbppdist.dll

C:\WINDOWS\system32\MRT.INI

C:\Pharmacy.ico

F:\LaunchU3.exe

Folder::

C:\Arquivos de programas\GbPluggin

C:\WINDOWS\svchost

C:\WINDOWS\_bmp23_.bm_

C:\4efd95dbe0ba9eb02971990bc245cd

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[Gaby22 0]

OLA... TEM COMO você ME AJUDAR TB??

EU TO COM UM VIRUS E NAO CONSIGO ENTRAR NO ORKUT DE JEITO NENHUM... FALA Q É PROBLEMA DO GOOGLE Q TA LENDO COMO SE FOSSE UM VÍRUS...

E TB QUANDO EU LIGO O PC APARECE UMA CAIXA ASSIM...

 

ERRO: \ARQUIV~1\GBPLUG~1\gbppdist.dll

 

ENTÃO EU PASSEI ESSE COMBO AI TUMEM E APARECEU O SEGUINTE...

 

ComboFix 08-05-12.1 - home 2008-05-13 11:03:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.198 [GMT -3:00]

Executando de: C:\Documents and Settings\home\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\pskill.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))

.

 

2008-05-13 11:02 . 2008-05-13 11:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-12 10:37 . 2008-05-12 10:37 268 --ah----- C:\sqmdata12.sqm

2008-05-12 10:37 . 2008-05-12 10:37 244 --ah----- C:\sqmnoopt12.sqm

2008-05-11 20:53 . 2008-05-13 10:13 2,224 --a------ C:\WINDOWS\svchost

2008-05-11 16:09 . 2008-05-13 11:02 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-27 16:09 . 2008-04-27 16:09 268 --ah----- C:\sqmdata11.sqm

2008-04-27 16:09 . 2008-04-27 16:09 244 --ah----- C:\sqmnoopt11.sqm

2008-04-27 14:43 . 2008-04-27 14:43 268 --ah----- C:\sqmdata10.sqm

2008-04-27 14:43 . 2008-04-27 14:43 244 --ah----- C:\sqmnoopt10.sqm

2008-04-27 11:33 . 2008-04-27 11:33 268 --ah----- C:\sqmdata09.sqm

2008-04-27 11:33 . 2008-04-27 11:33 244 --ah----- C:\sqmnoopt09.sqm

2008-04-27 00:50 . 2008-04-27 00:50 268 --ah----- C:\sqmdata08.sqm

2008-04-27 00:50 . 2008-04-27 00:50 244 --ah----- C:\sqmnoopt08.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-13 00:31 --------- d-----w C:\Arquivos de programas\DVDVideoSoft

2008-05-13 00:27 --------- d-----w C:\Arquivos de programas\Google

2008-04-17 14:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-04-13 18:44 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-04-08 20:36 --------- d-----w C:\Arquivos de programas\Styler

2008-04-04 01:46 --------- d-----w C:\Arquivos de programas\Stardock

2008-04-04 01:11 --------- d-----w C:\Arquivos de programas\WinFlip

2008-04-04 01:11 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\VisualTooltip(2)

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\ViStart(2)

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\Vista Sidebar(2)

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\ViOrb(2)

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\Styler(2)

2008-04-04 00:59 --------- d-----w C:\Arquivos de programas\LClock(2)

2008-04-01 21:21 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\ViStart

2008-04-01 21:18 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Styler

2008-03-30 14:26 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-25 16:31 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-03-25 16:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-03-24 00:38 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Skype

2008-03-23 23:33 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-03-21 13:23 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\AdobeUM

2008-03-19 18:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-18 16:59 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Ahead

2008-03-18 16:06 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\CyberLink

2008-03-18 16:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-03-16 18:18 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\HP

2008-03-16 18:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-03-16 18:18 --------- d-----w C:\Arquivos de programas\HP

2008-03-16 18:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-03-16 18:15 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-03-16 18:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-03-15 04:10 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-15 04:10 --------- d-----w C:\Arquivos de programas\KYE

2008-03-15 04:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-14 16:13 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-03-14 16:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-03-14 16:09 --------- d-----w C:\Arquivos de programas\AutoCAD 2006

2008-03-14 16:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-03-14 16:08 --------- d-----w C:\Arquivos de programas\AnswerWorks 4.0

2008-03-14 16:05 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Autodesk

2008-03-14 16:04 --------- d-----w C:\Arquivos de programas\Autodesk

2008-03-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-03-14 16:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-14 15:56 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Sports Interactive

2008-03-14 15:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-14 15:54 --------- d-----w C:\Arquivos de programas\Nero

2008-03-14 15:53 --------- d-----w C:\Arquivos de programas\CyberLink

2008-03-14 15:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-14 15:47 --------- d-----w C:\Documents and Settings\home\Dados de aplicativos\Corel

2008-03-14 15:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-03-14 15:44 --------- d-----w C:\Arquivos de programas\Corel

2008-03-14 15:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-14 15:44 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-03-14 15:37 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-14 15:37 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-14 15:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-14 15:23 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-03-14 15:21 --------- d-----w C:\Arquivos de programas\CloneDVD

2008-03-14 15:20 --------- d-----w C:\Arquivos de programas\Programas SRF

2008-03-14 15:12 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-14 15:10 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-14 15:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"LClock"="C:\Arquivos de programas\LClock\LClock.exe" [ ]

"ViStart"="C:\Arquivos de programas\ViStart\ViStart.exe" [ ]

"ViOrb"="C:\Arquivos de programas\ViOrb\ViOrb.exe" [ ]

"Vista Sidebar"="C:\Arquivos de programas\Vista Sidebar\sidebar.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"StillMnt"="WCamRmv.exe" []

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-14 12:51:32 110592]

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe [2005-03-05 10:18:22 10872]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.b"= "C:\ARQUIV~1\GBPLUG~1\gbppsv.exegbppsv.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-13 11:04:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

.

Tempo para conclusão: 2008-05-13 11:05:03

ComboFix-quarantined-files.txt 2008-05-13 14:05:00

 

Pre-Run: 59,708,510,208 bytes disponíveis

Post-Run: 59,903,877,120 bytes disponíveis

 

171

 

 

 

 

DA UMA FORCINHA??

BRIGADA! BJU

[jgarcia 1]

Opa Gaby22,

 

Para que possamos ajudá-la faz-se necessária a criação de um tópico próprio, ok. :thumbsup:

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.